Well, some rumblings in Chromium-land today. An attentive user found out that it looked like Chromium, the open source, un-Googled version of Chrome, was phoning home to Google during start-up. A long discussion ensued, and together with Chromium hackers, the behaviour was clarified, and traced to a regression somewhere in the code. Open source at work, people.
A regression, right.
Heh, well since I’m certain they’re using some sort of source control – the “source” (in every sense of the word) of the regression should be easy to locate as well… At which point, one would need to customize their conspiracy theory accordingly.
Either way, thorough peer review of patches could have caught this, but apparently it didn’t this time.
Don’t you find odd that they are screwing up to much lately with their source control? First collecting information with google maps software and a “regression” in chronium that conveniently gives then information.
I think they are using the same wasted excuse, they need to be more creative.
Edited 2010-08-10 22:53 UTC
Yeah, because putting your evil world domination plans right IN THE MIDDLE of your extremely popular open source project makes TOTAL sense.
Jesus people, use your brains. You have to be a total idiot to think this is intentional.
Certainly, it’s not intentional – they simply know this is open source, and any similar incident could be easily caught. If Google wants to collect your data, browsing habits, etc, and so on – they have different ways to do that. A colleague besides me, who’s laughing very hard to personal data issues, says that he’s using Chrome to give all his info voluntarily to Google, instead of giving them the same via the search engine or gmail – he’s using them anyway. So, yeah, corporations want to make money, but they are not that evil – nobody would risk worldwide class action suit for screwing the things so badly …
lol
I am pretty sure that if it were Apple, you should be the first to say that it was intentional and that they are evil …
My feeling about that was they put it there intentionally until someone discover it. Then they can say it was a mistake, but they took personnal data since many month already.
And we are lucky that someone look at it …
And the funny thing that nobody speak about is in his message
Edited 2010-08-12 22:02 UTC
I find it odd that you’ve determined they’re collecting much information here.
It was defined in the thread that the first couple requests to google.com are used to determine which default search page to use (in this guys case, it was google.ru)
The next request is a potential bug, and the final request which actually sends a cookie (the only personally identifying information besides the IP address of the request) is to support the “safebrowsing” feature which can be disabled. The cookie is apparently used to prevent a DDOS attack on the safebrowsing service.
So, in the end, most of the data sent to google per Chromium is to support features of Chromium itself – with only one of the requests actually being a regression bug. Seems like that could easily have been missed.
Hey, maybe they were just testing the grown you know, accidents like this one do not happen just because.
Wow. Considering the entire codebase for Chromium was derived from Chrome, I think it’s fair to assume accidents like this could happen easily.
Nah, a billionrary company with all the testers they have doesn’t make this kind of miss takes. They are prolly up to something.
Other way around. Chromium is the open source development ground for Chrome.
Most of the code for Chrome was derived from Chromium.
I thought Chromium was the name of their web OS? I didn’t even know a browser by this name existed.
Actually, I seem to remember the OS being referred to by the name “Chrome” as well. I haven’t checked closely yet but I wouldn’t be surprised if “Chromium” is equally interchangeable between both projects as well: i.e., there’s corporate and open source versions of the OS, too.
Google Chrome is a browser, based on their Chromium open source project. Google Chrome OS is a Linux-based OS which includes the Google Chrome browser.
Chromium is the name of the open-source browser.
Google Chrome is built using the source from Chromium, with a bunch of Google branding and other features added on.
ChromiumOS is the name of the open-source OS based around Chromium.
Google ChromeOS is built using the source from ChromiumOS, with a bunch of Google branding and other features added on.
See how it works?
That is exactly why I keep an AppArmor profile for Chromium enabled at all times. Maybe Ubuntu should include one by default, oh… but they’re in bed with Google already.
P.S. Well, after all Chromium is installed setuid for ‘security’ by default.
We’re owned.
The browser itself isn’t setuid. There is a small setuid helper in order to set up the sandbox. It would be nice to not need it, but Linux’s sandboxing facilities are still a little shaky.
During versioning-driven software development things like that can happen and it’s normal.
Howevah, my experience shows that these sort of regressions get reintroduced when the developer doesn’t properly review his patch against the code or does it at 3am.
Normally a situation like this would be caused by using an older version of the trunk (tree) and commiting that somehow. But doing that without a review of the effective patch. That would reveal.
So, it’s a normal situation, but one that probably could’ve been avoided.
And now, that brings a general question about the *quality of all other commits* 😉
Since this is tagged as a regression I wonder why Chromium was ever sending Google data in the first place and for how long.
The open source project Chromium is based on the is based on the source code of Google Chrome. Google Chrome included this code. So Chromium did too. Chromium is still used to build Google Chrome, so they probably want to keep the code in, so they don’t need to patch it every time they build Google Chrome