Let’s talk about Chromium

This is an article about open source drama, it hopes to raise awareness on maintaining an open internet rather than to teach your theorems.

Chromium, not Chrome is almost as widespread as its chemical counterpart. Even if you might’ve not been told when installing the browsers, it is used behind the scenes for browsers such as Brave, Edge, Opera and Vivaldi. The project’s code is also used outside the browser space via Electron, the UI framework powering many apps such as the desktop apps of Discord, Spotify, and even VS Code.

So what exactly is the Chromium project? Just to catch you up to date, Chromium is the open-source browser code which was originally released alongside Chrome back in 2008. Its JavaScript engine - V8, was used by NodeJS to execute JavaScript code. As a result, almost every single execution of JavaScript code outside of the browser is powered by V8. Bringing in the much-needed attention Google wanted, which by the way is arguably the most important reason for the marketing decision of open-sourcing the project.

Quick rant on V8

I was planning to talk about how the reason V8 was adopted for being the fastest JavaScript engine, as I was under the impression V8 is significantly faster than other engines. However, not only did I not find that, as shown in this blog post featuring multiple benchmark suites. I found that V8 performed neck-to-neck with other JavaScript engines such as SpiderMonkey (Firefox) and Webkit (Safari) except for the benchmark designed by Google, with a specifically strong emphasis on recursion, which is likely a malicious attempt to gain attention from developers space by running benchmarks in this specific scenario.

Just to show I’m not the only one noticing this, in this archived post from MongoDB, they are switching back to SpiderMonkey from V8 because they really don’t need V8.

Now getting into the topic of this article - even though Chromium is an open source project, it shares very little resemblance to conventional FOSS (free and open source software), but rather poses a major threat to the open internet. And having a monopoly in the browser space is not the only reason we should beware of this giant of a project.

1. Monopoly

This section only considers desktop browsers, the data in the mobile space has already been poisoned by the Android project, which is another “hijacked” open-source project similar to Chromium. But I must say that Android is less of an insult to its user’s intelligence compared to Apple’s iOS.

Even though Chrome by Google only attracts a measly 65% of all internet users, the combined effort of all Chromium browsers includes 85% of all internet traffic, with Safari and Firefox splitting the remaining market into almost equal shares. With its vast number of commercial derivatives, Chromium-based browsers scoured the corners of the internet searching for their niche user base, such as the illiterate who couldn’t install a browser, kids who bought into the OperaGX ad campaign, and “privacy advocates” using a browser where privacy is only a PR stunt, and not to mention the countless proprietary spins of the original browser, completely defeating the browser’s purpose to browse the web securely.

Google never forced anyone to create a Chromium fork, nor did they heavily promot NodeJS or electron because it is related to the Chromium project in any way. Chromium was really that much better (pronounce: less horrendous) than most competitor browsers when it came out (Internet Explorer and Safari). When Firefox (previously Netscape Navigator, kind of) is still lurking from its defeat in the first browser war. The newly released Chrome could afford advertisements, even though at the time Firefox was standing on similar technical grounds, Mozilla was broke and could not afford anything except this, allowing Chrome (and Chromium) to gain an edge over Firefox at the time, and likely the ultimate cause of current browser market shares.

Firefox - the only valid competitor to Chromium-based browsers (excluding Safari, as most people use it not by choice, but because it’s the default) faces a completely different community compared to the everyday Chromium user. Forking is usually frowned upon as changes might as well as been contributed to the mainline project as a customisation. With userChrome.css in Firefox, most Chromium derivatives look the same in a Firefox user’s eyes. (Here’s my old userChrome if you want to see how it’s done)

This dislike of most forks would deter companies from creating their own commercialised fork and getting that angry bunch of users chasing after them, barring everyday people from trying out a Firefox-based browser.

Fast forward to the current day, the lack of users (in terms of market share) for Firefox has forced them to live off life support from Google. Intentional or not, this has completely reaped the competitiveness of Mozilla. And from what I could see Mozilla has ceased to do anything of interest other than keeping the maintenance of Firefox (and Thunderbird). Further consolidating the dominance of Chromium over other browsers.

2. Web standards

The way we write HTML, CSS, JavaScript, and other web standards should ideally be defined entirely by the W3C specification, and nothing else. However, in practice, browsers implement the standards differently and make changes when they see fit. Pages can look different across browsers (Internet Explorer is an exceptionally frequent offender), sometimes even JavaScript could run differently depending on which browser you are on.

This could be a headache for developers trying to write a web page that looks like how it’s supposed to be everywhere. One way to work around it is to use vendor prefixes - which each browser to style HTML using their own non-standard standards. However, this requires you as the developer to notice such differences across browsers and know to fix them using vendor prefixes, as well as being annoying to do.

While other browsers such as Firefox (Gecko-based) and Safari (Webkit-based) use different rendering engines, Chromium browsers exclusively make use of Blink (how it works). This uniformity in rendering engines heavily affects how websites are made. Since developers are hugely lazy creatures, often websites are written, optimised and tested with priority for Chromium browsers. As a result, the website performs in a sub-par manner when viewed from a non-Chromium browser.

It is important to note that this is neither the developer, the browser used or Chromium’s fault. This happens naturally but does put other browsers at a slight disadvantage for not being exact copies of the Chromium browser. In the end, developers can get their website run better by following the Chromium way rather than the actual specification by W3C, which works, but it is simply not right.

3. “Web standards”

Ok, this part is where all that juicy drama gets mentioned, buckle up, it’s gonna be wild.

Google is not a non-profit organisation, they don’t commit to open source because they are feeling particularly charitable. Their main source of profit comes from advertising, but they are also obsessed with invading user’s privacy for some reason. The big problem of just implementing privacy-invasive features into a browser is that it is interpreted as an encouragement for knowledgable users to venture out into the privacy world looking for an alternative browser - anything ranging from another Chromium fork to Firefox. Which is bad for their business for obvious reasons.

Eventually, a genius plan hatched in the headquarters of Google, a plan so perfect not even the Linux neck beard masterminds, fedora wearers and katana bearers were able to make a dent in this master plan. So what is this plan? Of course, it would be to set up malicious standards that everyone must follow in order to comply with the specifications. With their chromium-plated armour, they held great negotiating power when it come to web standards.

How to funny: Google edition

Proposals have been made across the years, most blocked by W3M for being suggested clearly with the intent of centralising the role of personal data collection to Google. One such proposal is FLoC (later renamed to Topics API), the sugar coating is so thick it would be deemed unhealthy under US standards. Below is a list of some of the proposals made.

FLoC/Topics API

To phase out the ineffective tracking provided by third-party cookies, Google announced plans to retire cookies for tracking, and replace them with FLoC - instead of having each site track your activity individually, Google now offers tracking-as-a-service through their topics API. With tracking built into Chromium (which can be disabled), websites using this API can profile users based on their activities on other sites they could previously not track.

To make up the whole circus entertainment, this tracking feature was branded as a “privacy protection feature”. Fortunately, most Chromium derivatives have this feature disabled. Third-party cookies are very much still alive, and Chrome (by Google) users are now subjected to this new form of tracking alongside the existing method using cookies by default.

(Other browsers such as Safari and Firefox never ended up implementing the Topics API)

Manifest V3 - The end of ad blockers

Features such as the Topics API although undesired, can be disabled manually, or completely removed by its forks. The same could not be said about the new extensions Manifest V3 - is a perfect example to illustrate the dangers of such a monopoly over the browser space.

Let’s start with the latest YouTube vs ad blockers war, it has wreaked havoc on the functionalities of ad blockers for around a week until the mainstream ad blockers (Ublock Origin) finally updated to patch the ad blocker-blockers once and for all. This just got to show how much effort Google is putting into stopping ad blockers from screwing up their revenues and stuff.

Google is not done with ad blockers yet. Back in 2021, Google announced Manifest V3 - a new Google-set standard for creating browser extensions, with key changes such as removing the ability for extensions to modify network requests, basically invalidating the existence of ad blockers. As well as banning remotely hosted content from extensions, which was originally the fix Ublock Origin used to combat ad block detection, is also impossible.

Historically, Firefox uses the same browser extension standard as Chromium - Manifest V2, allowing Chrome extensions to be imported into Firefox without modification, as well as making life easier for extension developers as they no longer have to maintain separate ports of the same extension for each browser.

This is not a situation where MV3 can just be disabled or anything like that, it is not a separate chunk of code where you can switch it on and off. It is completely mixed thoroughly and baked in one piece with the rest of the Chromium code - “You want security updates? You’ll have to take in the new rules as well.”

Browsers such as Vivaldi have no choice but to take in the update as their developers are simply not skilled enough to take in that 37M source lines of code, but Brave thought they could take in the burden of understanding this giant codebase, we’ll see how that goes.

How are Mozilla devs reacting to this update? Absolutely chill, laid back not seeing a reason to phase out V2 features, so they kept V2 and implemented V3 features alongside it, real chads. This just got to show how important competition is - if Firefox or any other non-fork browser is of more popularity, Google would have to actually consider the risks of Chromium losing popularity before pushing bad standards.

Honourable mention: Google IP protection

Ok, this one is so stupid it’s funny, a Google-provided VPN would be enabled by default for Chrome users, tying all internet traffic in Chrome to your Google account “in order to protect IP from being used as a tracking vector”. I don’t think I have to explain how poor this reasoning is, one simply does not hand over all traffic to Google to protect their privacy.

This will not begin until 2025, personally, I expect a medium-sized drama to sprung out as the deadline approaches, or maybe it’ll never be implemented once they realise how unlikely anyone would keep it enabled by default, nor will this become a real standard with any other browser to also include this feature.

4. “Open source”

One main feature of open-source software, as mentioned in the GCSE textbooks (in case you don’t remember) is that it is created, maintained, and supported by the community. How could the community ever let their project head into such unloved directions?

Well, Chromium is not a conventional open-source project where there are a lot of interactions between hobbyist developers and the guys who work on the project at Google. It is proprietary software that just so happens you can access the source code if that ever makes any sense. Yes, you can create a fork any day, but making any meaningful changes to the base project is virtually impossible. Here are some arguments showing how “proprietary” the Chromium project is.

Personally, I don’t believe mainline Chromium/Chrome could ever become a usable, “don’t be evil” browser.

Conclusion

Use Firefox

// <3
try {
  const topics = await document.browsingTopics();

  const response = await fetch('https://ads.google.com/get-creative', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
    },
    body: JSON.stringify(topics)
  });
  
  const creative = await response.json();

} catch (e) {
  console.log('Topics API is not enabled in your browser.');
  console.log('Please enable Topics API to support this site.');
}