Remove or neuter device profiling code in hangout_services/thunk.js

[faisal]

Description

Remove or neuter the private device profiling code in hangout_services/thunk.js, which is Google-specific at best but also possibly a privacy leak

Who's implementing?

• [ ] I'm willing to implement this feature myself

The problem

From https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/:

It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, but the code has been there in the public repo since October 2013 as far as I can tell.

It looks like it's a way to let Google Hangouts (or presumably its modern predecessors) get additional information from the browser, including the current load on the user's CPU.

Possible solutions

• Remove that code
• Add some level of noise to the answers

Alternatives

No response

Additional context

No response

[kryptobolt07]

The flags.gn configuration file already seems to disable it.

[Nriver]

The feature was disabled 7 years ago, which is quite impressive. You can see the details in the code here.

[rany2]

Actually at least 8 years ago, https://github.com/ungoogled-software/ungoogled-chromium/commit/4ec2494d218655d8770a9497c9de48c7d838b6ae#diff-419a299063c7e359df82dc3b04bf527820dfb7710976ff1332a5ad499c1392d5R14 :D