Hacker News new | past | comments | ask | show | jobs | submit login

I think you misunderstand Google's intention. They want to prevent competitor browsers from using these APIs so people are forced to use Chrome (and it probably relieves some backwards compatibility work too).

Yes, you can steal Chrome's keys, but Google can easily update those in Chrome. Are you going to write an automated system to extract the keys from Chrome on every update? Doubtful.

This stops browsers like Opera and Brave from using the APIs.




Brave and Opera both use their own solutions for syncing.

In fact, can anyone name a browser except Chromium that uses Chrome's sync servers for syncing? Because I can't.

Also your point about backwards compatibility doesn't really make sense as Google has plenty of ways to detect browser version and capabilities of the sync engine (the sync engine sends that info to the sync server voluntarily right now).

Also Google can't just disable it's own API keys every time there is an update because this would shut down a large number of it's own users too. They would need to wait at least 1-3 months to avoid larger disruptions and this would give others more than enough time to fetch the latest keys (and if there is interest, there will always be someone who does that and posts them).


> Also Google can't just disable it's own API keys every time there is an update because this would shut down a large number of it's own users too.

It can because the official Chrome auto-updates very reliably. They only have to support a few versions back. They could even force updates if they wanted.

None of that is true for Chromium. Do they really want to support the 10 year old Chromium from Debian stable?


They already don't support Chromium. https://chromium.googlesource.com/chromium/src/+/refs/heads/...

(I mean, they're Google, they don't support anything that doesn't require payment from the user and barely that, but that's beside the point.)


> They want to prevent competitor browsers from using these APIs so people are forced to use Chrome

That is not, in ANY way or by ANY stretch, their argument, although I'll agree it is clearly their intention. Their argument is very clearly based on a security perspective.

> Yes, you can steal Chrome's keys, but Google can easily update those in Chrome. Are you going to write an automated system to extract the keys from Chrome on every update? Doubtful.

Really? You think malware authors won't take such a simple step as that if it makes them money?! You're insane.

Besides which you don't (currently) have to do that because they've never changed!

> This stops browsers like Opera and Brave from using the APIs.

No, their terms of service do that. Otherwise, Opera and Brave could just go pull the keys out of the source and use them.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: