Mom, They Are Being Evil Again!!!

On the heels of Google deciding to cripple ad blockers in their Chrome browser now that they have achieved a monopoly, now Google is rolling out a programming interface that will allow websites to see what programs are installed on your machine, which, among other things, deanonymize users, and possibly reveal a host of other personal data.

But Google wants to accommodate its advertisers, so f%$# the rest of us:

A nascent web API called getInstalledRelatedApps offers a glimpse of why online privacy remains such an uncertain proposition.

In development since 2015, Google has been experimenting with the API since the release of Chrome 59 in 2017. As its name suggests, it is designed to let web apps and sites determine whether a corresponding native app is installed on a user’s device.

The purpose of the API, as described in the proposed specification, sounds laudable. More and more, the docs state, users will have web apps and natives apps from the same source installed on the same device and as the apps’ feature sets converge and overlap, it will become important to be able to distinguish between the two, so users don’t receive two sets of notifications, for example.

But as spec editor and Google engineer Rayan Kanso observed in a discussion of the proposed browser plumbing, the initiative isn’t really about users so much as web and app publishers.

Late last month, after Kanso published notice of Google’s intent to officially support the API in a future version of Chrome, Daniel Bratell, a developer for the Opera browser, asked how this will help users.

“The mobile web already suffers from heavy handed attempts at getting web users to replace web sites with native apps and this mostly looks useful for funneling users from the open web to closed ecosystems,” Bratell said in a developer forum post.

Kanso made clear the primary focus of the proposal isn’t Chrome users.

“Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences,” Kanso wrote. “We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.”


That’s not say privacy concerns are ignored. On Wednesday, Google engineer Yoav Weiss joined the discussion to express concern about the API’s privacy implications.

“Knowing that specific apps were installed can contain valuable and potentially sensitive information about the user: income level, relationship status, sexual orientation, etc,” Weiss wrote, adding, “The collection of bits of answers to ‘Is app X installed?’ can be a powerful fingerprinting vector.”


And in a separate discussion Henri Sivonen, a Mozilla engineer, worried that the API might lead to more attempts to steer users away from the web and toward a native app, something websites like Reddit already try to do.

Google users are not the customer, they are product to be monetized.

Break them up.

Leave a Reply