On Thu, 6 Sep 2018 19:50:24 -0700 Josh Triplett <j...@joshtriplett.org> wrote: > > This is not in any way an explanation. "users have stated concern" - > *what* concern? > > At the very least, this needs an explanation commensurate with "why is > it important to break people's ability to do screen sharing by default > in a way they won't easily discover and can't easily fix". If there's a > reason that outweighs that, it needs to be documented. And if there > *isn't* a reason that outweighs that, then please enable this extension. >
It may be a potential security concern. The code for the Hangout Services component extension lives in chrome/browser/resources/hangout_services/. All "enable_hangout_services_extension=true" does is include this code in Chromium. In essence, the extension allows "https://*.google.com/*"; with access to do the following: * Get browser process CPU, network, and memory usage (chrome.processes, in function onProcessCpu) * Initiate desktop capture UI (chrome.desktopCapture and chrome.webrtcDesktopCapturePrivate, in function onChooseDesktopMediaPort) * Get CPU info (chrome.system.cpu, in callback for chrome.runtime.onMessageExternal) * Get and set WebRTC audio sinks and audio experiments (chrome.webrtcAudioPrivate, in onSinksChangedPort and in callback for chrome.runtime.onMessageExternal) * Stop, start, and upload WebRTC logs, RTP logs, and audio debug recordings (chrome.webrtcLoggingPrivate, in callback for chrome.runtime.onMessageExternal) The greatest unknowns here are the chrome.*Private APIs, since they're exposed only to component extensions (and thus not documented well). I don't know how they're implemented, so I cannot speak for the security of these APIs. Overall, this extension seems to be filling a small gap that the standards haven't provided yet. IMO, this isn't really that much of a security risk. Alternatively, this extension could be a privacy concern for Google (in light of reports of Google's data practices). The inclusion of a patch to disable signing-in (in the source at debian/patches/disable/signin.patch) seems to support this idea, but then why are Google API keys included in the browser (installed to /etc/chromium.d/apikeys)?
