[aasasd]

Frankly, I'm not sure about the current state of things, seeing as it likely has changed several times in the past few years. However, a) I'm not sure why Goog would want to bother with browser accounts otherwise, and b) my use of Chrome ceased soonish after I had the following experience in the early 2010s:

- set up a new empty site, listed absolutely nowhere, on quite dedicated hosting.

- open it in Chrome.

- a couple minutes later, observe Googlebot appearing in the visitor logs of the site.

Lastly, if you go to the ‘My activity’ settings on Google, you can see: “Include Chrome history and activity from sites, apps, and devices that use Google services”, which I guess can still be dissected further. And I have some website visits from 2016 listed there: including Wikipedia, which doesn't seem to use Google Analytics currently (not sure about 2016)—though these could be visits through Google search.

Also, text in the linked tweet directly says that Google tracks users on third-party sites through Chrome.

[faster]

I expect bots on a new unadvertised site within minutes. I've seen it many times. Bots are always scanning, along with script kiddies.

[indymike]

It is far more likely that Google found the new site from telemetry from Chrome than it is a random bot, owned by Google scanned the site within seconds.

[monkeybutton]

Google also runs their own public DNS servers which afaik Chrome defaults to. They can just sit server side waiting for DNS lookups of domains they've never seen before and queue them up for the Google bot. No browser telemetry needed.

[aix1]

> Google also runs their own public DNS servers which afaik Chrome defaults to.

The statement that Chrome does not honour the networking stack's DNS settings does not agree with my observational data. I run pi-hole DNS and Chrome absolutely fails to load domains blacklisted there.

[ev1]

This is configurable, the default is to use the default network stack.

Settings > search for Use secure DNS for DNS-over-TLS.

[mysterydip]

Why does chrome need to use DNS other than what I have set up through my IP stack? How does that work for inranet sites?

[monkeybutton]

Because they see their solution as more secure. Intranet sites still work because Chrome only prefers their DNS first, it will still use your system settings if it doesn't work.

[batch12]

Seems testable by setting up randomized subdomains hosting http and visiting with different browsers. Also, make sure you aren't using Google's DNS services to resolve or managing your domain's DNS through their registrar.

[kevinmchugh]

> I'm not sure why Goog would want to bother with browser accounts otherwise

Cross-device sync of passwords, autofills, bookmarks, history, open tabs

[panarky]

Registered domain names are public information.

[jeltz]

Yes, whois is public but not all TLDs publish a list all domains and those lists of are usually updated only once per day. On the other hand it is very possible that they used the TLS transparency logs from the CA.

[adriancr]

This could also be via dns records if you published some they would get scanned

[TechBro8615]

Cert transparency logs will show new subdomains too.

[selfhoster11]

Not for wildcard certs, fortunately.

[samstave]

Also, doesnt chrome hijack DNS to point to googles DNS servers?

[eptcyka]

Unless you've enabled DoH, it shouldn't.

[djbusby]

This whole thread is about Google doing things they shouldn't.

[Taywee]

Yes, and claims still require evidence. I'm quite anti-Google but I'm not going to just start believing in random theorizing of evil things they could conceivably be doing without evidence.

[Drdrdrq]

Otoh, why even bother with Chrome, when you have Firefox, Brave and others to choose from? It's not like there is any substantial difference between them. At this point we don't need (extra) evidence of wrongdoing, the incentives mismatch is enough to not trust them.