From owner-freebsd-chromium@freebsd.org Fri Jan 15 19:42:43 2021 Return-Path: Delivered-To: freebsd-chromium@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A2A1C4F0D94 for ; Fri, 15 Jan 2021 19:42:43 +0000 (UTC) (envelope-from r.c.ladan@gmail.com) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DHWmf5CMCz3jnM for ; Fri, 15 Jan 2021 19:42:42 +0000 (UTC) (envelope-from r.c.ladan@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id c124so8409693wma.5 for ; Fri, 15 Jan 2021 11:42:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=tn/EMuDk/aiwkZBU9H780WquuvIiPJsl9rMk47aI+RU=; b=m0xN/oveyBEVd5KNR1sUvAKQRAwBH7uSdEtMlsNf3XSk9q27ypOpnvTG9T3Ocbtp8n tkqZx6y1IXqWS2102PHUUjn56hy4S1IWvFqxj/RNoZ4HiKRw2w74xf1e+IRlOk8/i5mo E2q4XuiN52wwtz3x8G660oiI/UOarzOtOI5+bL2sf06H9Uwv/POYu6dIKyR5qNRNypEd IMDNWH8hNlc+F3l52wzGomIsvhY/78rDMS2xxnrc5e0JVIk7ZddLzqNYa/L0FlyH0ykl 9PY+jfr4X5cPem0mvz6c9VDAZzvQzoToh39YePAIHTtQ+spljDTKwTAzR4IcqNlFcM4u 6mRw== X-Gm-Message-State: AOAM530LsEpOkeNgfTtrzTQ2Ne9cHMaOLww6WkhWv+5zOWi7UiisuSes g8HCzboTeSCErK/gPhDvvAaCiQKBucdOP10DyLiVmh/7 X-Google-Smtp-Source: ABdhPJw6ZkjKSeycEvlYyWfuV1qBklvKVfF9vYwB7J5pCUBbdfqaBebp3+0hYpXjnXgpL91kElf7uD498Kaw7XdqhQs= X-Received: by 2002:a1c:2d48:: with SMTP id t69mr9973888wmt.124.1610739760875; Fri, 15 Jan 2021 11:42:40 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?Ren=C3=A9_Ladan?= Date: Fri, 15 Jan 2021 20:42:27 +0100 Message-ID: Subject: Fwd: [Action Required] Update on Google API usage in Chromium To: chromium-list freebsd X-Rspamd-Queue-Id: 4DHWmf5CMCz3jnM X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of rcladan@gmail.com designates 209.85.128.42 as permitted sender) smtp.mailfrom=rcladan@gmail.com X-Spamd-Result: default: False [-2.85 / 15.00]; ZERO_FONT(0.10)[1]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[rene@freebsd.org,rcladan@gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[rene@freebsd.org,rcladan@gmail.com]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.85.128.42:from]; TAGGED_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-chromium@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[209.85.128.42:from:127.0.2.255]; MANY_INVISIBLE_PARTS(0.05)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_IN_DNSWL_NONE(0.00)[209.85.128.42:from]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.128.42:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-chromium] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-chromium@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: FreeBSD-specific Chromium issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2021 19:42:43 -0000 FYI, not sure what it means exactly. ---------- Forwarded message --------- Van: The Google Chrome Team Date: vr 15 jan. 2021 19:07 Subject: [Action Required] Update on Google API usage in Chromium To: [image: Google logo] As part of Google=E2=80=99s efforts to improve user data security, we are r= emoving access to those APIs starting on March 15, 2021. Hi Chromium Developer, We are writing to let you know that *starting March 15, 2021*, end users of Chromium and Chromium OS derivatives using google_default_client_id and google_default_client_secret on their build configuration will no longer be able to sign into their Google Accounts. What do I need to know? During a recent audit, we discovered that some 3rd-party Chromium-based browsers had keys that were allowed to access Google APIs and services that are reserved for Google use only. Chrome Sync is the most notable of these APIs. In practice, this means that a user would be able to access their personal Chrome Sync data (such as bookmarks) not just with Chrome, but also with a non-Google, Chromium-based browser. *Please note that users would only be able to access their own Chrome Sync data, and only a small fraction of users of Chromium based browsers were impacted. We have no reason to believe that user data is being abused or accessed by anyone other than the users themselves.* As part of Google=E2=80=99s efforts to improve user data security, we are r= emoving access from Chromium and Chromium OS derivatives that used google_default_client_id and google_default_client_secret on their build configuration to Google-exclusive APIs starting on *March 15, 2021*. Guidance for vendors of Chromium derivative products is available on the Chromium wiki . What does this mean for my users? Users of products that are incorrectly using these APIs will notice that they won't be able to log into their Google Accounts in those products anymore. For users who accessed Google features (like Chrome Sync) through a 3rd-party Chromium-based browser, their data will continue to be available in their Google Account, and data that they have stored locally will continue to be available locally. As always, users can view and manage their data through Google Chrome, Chrome OS, and/or on the My Google Activity page , and they can also download their data from the Google Takeout page , and/or delete it from this page . What do I need to do? To avoid disruption, follow the instructions for configuring and building Chromium derivatives in the Chromium Wiki (link provided above). Possible ways to implement this are: - Removing *google_default_client_id* and *google_default_client_secret* from your build configuration. - Passing the *--allow-browser-signin=3Dfalse* flag at startup. Your projects that may be affected by this change are listed below: - Chromium - FreeBSD (api-project-996322985003) If you have any questions or require assistance, please *contact embedder-dev@chromium.org *. Sincerely, The Google Chrome Team Was this information helpful? YES NO =C2=A9 2021 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 You have received this mandatory service announcement to update you about important changes to Google services you use.