I think it is a mistake to give a company like Google the benefit of the doubt. Consumer protection is a lot like security, we should theorize the worst case scenario, and assume the company is willing to work against consumer interest if it serves their own interests.

If there exists a mundane and reasonable explanation for this, that doesn’t matter if there also exists a potential to exploit it in a way that harms consumers’ interests.

Well said. Hanlon's razor doesn't work for corporations (or with people that have already shown their willingness to do the unethical).

I actually prefer Marx’s razor over Hanlon’s: “Never attribute to stupidity that which is adequately explained by class-interest.”

Any time things like this are needed, I think it should ask the user for permission first.

My examples are of core browser functionality, just implemented with a different tool chain (a web app instead of C++). Should the user be asked for permission for C++ to send an IPC to another C++ component? Should the Chrome Web store ask for permission to install extensions in Chrome?

Down-thread I see that this is being used for Google Meet functionality, for which I agree it should ask for the user's permission.

> Should the user be asked for permission

Yes. We need much more of this on the desktop.

In any multi-process software (of which Chrome is on the more complex end of the spectrum), there are dozens if not hundreds of different IPC message types sent between different components of the software.

To prompt the user for every type of IPC would make the software unusable. No desktop software does that on any platform.

It would be like a car asking the user for permission for the steering wheel to access the front axle.