Do you use a Chromium-based browser like Google Chrome or Microsoft Edge? Chances are it’s quietly telling Google all about your CPU and GPU usage every time you visit any of the search giant’s websites.
As far as we can tell, the feature is for performance monitoring rather than tracking. After all, Google knows who you are and what you do when you’re logged in and using its sites. However, it does raise some competition law concerns in light of the EU’s Digital Markets Act (DMA), which promotes competition.
When you visit a *.google.com domain, the Google site may use the API to request your browser’s real-time CPU, GPU, and memory usage, as well as information about the processor you’re using, so that the service it provides, such as video conferencing with Google Meet, can be optimized and customized so that it doesn’t overload your computer. The functionality is implemented as an API provided by an extension built into Chromium, the browser brain primarily developed by Google and used in Chrome, Edge, Opera, Brave, and others.
Non-Chromium-based browsers, like Mozilla’s Firefox, don’t have that extension, which puts them at a potential disadvantage. Without the API, they can provide a worse experience on Google sites than what’s possible on the same hardware with Google’s own browser, because they can’t provide that live performance info.
However, there’s technically nothing stopping Moz or other browser engine makers from implementing a similar extension in Firefox themselves, if they wanted to.
Crucially, however, websites competing with Google will not have access to the Chromium API. This is where technical solutions potentially start to look questionable in the eyes of the European DMA.
Netherlands-based developer Luca Casonato marked the extension’s existence was announced on social media this week, and its findings went viral – with millions of views. We understand that at least some people have known about the code for a while – indeed, it’s all open source and can be found in the pre-installed hangout_services extension here.
That name should give you a clue to its origins. It was developed over the past decade to provide browser-side functionality for Google Hangouts, a product that was split into the current Google Meet and Chat. Part of that functionality is logging for Google, upon request, statistics about the use of your browser’s computing resources when you visit a *.google.com domain, such as meet.google.com.
Casonato noted that the extension can’t be disabled in Chrome, at least, and that it doesn’t appear in the extensions panel. He noted that it’s also included in Microsoft Edge and Brave, both of which are based on Chromium. We reached out to Casonato for more of his thoughts on the matter — though given the time difference between him in Europe and your lowly vulture in the US, we didn’t immediately hear back from him.
Explanation
If you’ve read this far, there’s probably an obvious question in your mind: What says this API is malicious? We don’t say that, and neither does Casonato. Google doesn’t say that either.
“Today we mainly use this extension for two things: to improve the user experience by optimizing video and audio performance configurations based on system capabilities [and] “We provide reporting data about crashes and performance issues so that Google services can detect, debug, and fix user issues,” a Google spokesperson told us Thursday.
“Both are important to the user experience and in both cases we have robust data handling practices designed to protect user privacy,” the spokesperson said.
As we understand it, Google Meet now uses the old Hangouts extension to, for example, vary the quality of the video stream if the current resolution is too much for your PC. Other Google sites are also welcome to use the thing.
That said, the existence of the extension could be harmful to competition within the EU – which appears to be why Casonato raised it this week.
“[This API] is a clear violation of the idea that browser vendors should not favor their websites over those of others,” Casonato argued, referring to the DMA’s prohibition on self-preference under Article 6.
DMA gatekeepers – of which Google is one – are required by law to be impartial on-ramps to the world of the internet. Using a hidden API to give your services a performance edge may not be allowed under those rules.
“Take Zoom for example – they are at a disadvantage right now because they can’t offer the same CPU debugging functionality as Google Meet,” Casonato claimed.
Zoom is now at a disadvantage because they can’t offer the same CPU debugging functionality as Google Meet
Google told us it plans to comply with the Digital Markets Act. That’s a smart move, considering it’s already under investigation by the bloc’s antitrust police, along with Meta and Apple. European Commission officials launched an investigation into the trio in March over what they called suspected failures to comply with DMA mandates.
Meta and Apple have both been charged with DMA violations, and the Commission is still working on its case against Google. Whether this API will increase pressure on the Chocolate Factory is unclear. We’ve asked European Commission officials for their views on whether the API would breach the DMA, and will update this story if we hear back. ®