Google’s Prompt API

7 min read Original article ↗

Google’s intent to ship for their Prompt API was met with explicit opposition from Mozilla and WebKit and deep concern from the W3C TAG. Obviously a non-starter, as presented; a real “back to the drawing board” moment. That’s web standards.

It has, of course, already shipped — pushed through on the basis of “developer interest.” Google’s own citations for said interest include this thread with three comments (one unrelated) and a 2:1 ratio of dislikes:likes, and the completely citation-free “survey results” in a presentation by Chrome’s Web AI Product Manager, which says that “overall satisfaction” for “prompt for extensions” is “8.0.” That’s right: one or more person or persons may or may not have spoken, and in a voice funneled through a person whose professional success explicitly hinges on demand for this feature, they cried out: “eight.” That’s web standards, baby! Ship it!

Now, I’m not going to comment on the ostensible use cases behind Google’s Prompt API proposal, because my thoughts on the subject of generative AI won’t be news to anyone familiar with my work. It isn’t for me. If you are someone that would conceivably make use of a standardized API for interacting with large language models, I will point out that this isn’t that, as shipped — this is currently an API for interacting with Google’s Gemini Nano model, which could serve as the prototype for that API, someday. At present, this is a web standard designed around a single company’s product. That means that use of this API, as implemented in Chrome right now, requires you to agree with Google’s “prohibited use policy” for the only model available to it.

So, as it stands now, imagine that the Geolocation API had to license mapping information from Google, and that using that API required that you — the developer — agreed to the Google Maps Prohibited Use Policy by typing a line of JavaScript that accesses it. Imagine needing to be certain that the website you’re working on for a client has strict rules around “content created for the purpose of […] sexual gratification” or “impersonating an individual” before typing that img, lest you run afoul of the HTML Embedded Media™ Terms and Conditions. This is incredibly “not how web standards works,” but here we are. Already shipped.

As a Chrome user, you’ll have received Gemini Nano in the form of a 4GB transfer recently; no permission asked or required. If you remove it, Chrome will re-download it. For reasons I can only guess at, Gemini Nano is presumably now considered to be part of Chrome itself, despite being a standalone product that is included alongside but not integrated into the browser — the way a copy of Bonzi Buddy included in a browser update might be considered a part of said browser. My understanding is that you’ll have to explicitly agree to download alternate models in the future, per the specification. Just to put the finest possible point on that: Google’s model is the exception to the specification Google wrote. You have Gemini Nano, full stop, the browser built into Windows 98 model built into Chrome. You’ll need to give your blessing to install other models. It also seems noteworthy that the “AI” services offered by Chrome right now — typing help, suggestions, page summaries — show no signs of eventually making use of local models, and continue to make requests to Google-owned servers. There is, one assumes, considerable benefit to keeping that line blurry.

A lot has already been written on the privacy risks and very real costs associated with the mandatory model transfer alone, but I will comment on the one privacy concern Google has been willing to formally acknowledge, albeit in a handwavy way: installed models provide a fingerprinting vector like any other browser feature or aspect of your browsing environment, but potentially a much more fraught one. There is a stark difference in the privacy picture drawn by “a user with a 2560x1600 display and a browser with access to the Geolocation API” and “a user with a 2560x1600 display and a browser with access to the LLM model available only to logged-in Facebook users that was released on May 6th.”

Once a model is available on your device, per the specification, any website you visit will be able to send prompts to that model without requesting permission to do so, then do whatever it wants with the responses. And again, Gemini Nano is on your device if you’re using Chrome, and it will be again if you remove it, unless you start tearing out wires in ways that the average user of the web can’t. So, in short: you now have an LLM running on your machine, and any website you visit can make use of it, and whatever processing resources it requires. Google — a company that has paid billions of dollars in settlements for lawsuits related to privacy violations and deceptive practices in data collection — has said not to worry about it.

I’ve logged a lot of hours angry at web standards — at the processes, at the results, at people joining conversations for the very first time with the phrase “we just need.” Consensus is frustrating work, and “in a good compromise no one leaves happy,” and et cetera, sure, fine, that’s the process. I’m angry now, absolutely — but never have I felt this kind of second-hand embarrassment around a web standard before now. This is, hands-down, the most insultingly transparent attempt at web standards bullying I’ve ever seen, including past ones from Google, which is — and I cannot stress this point enough — a company that sells advertisements. This is miles more eyeroll-worthy than AMP, where you’ll recall that a legion of tight-smiling dorks wearing Alphabet lanyards tried to assure us that the only means of survival for the web itself was to funnel all of it through Google’s servers, and only use their very good advertisements instead of those bad other ones. This is leagues more cringe than Manifest V3, where the only responsible move for the health of the web and the only way to save us all and ensure our privacy was to lock down browser extensions in just such a way as to allow Google to send us their very good advertisements.

I’d like to end this with something actionable — I wish I could. Google has made it clear, in the most formal language web standards has to offer, that they’re doing this. I’d like to say something to the tune of “their whole argument hinges on ‘positive developer sentiment,’ so let’s show them that there isn’t any” — but there already isn’t any. They cited places where there isn’t any. That’s not how it works for them. Google participates in the web standards process the way a bear participates in the “camping” process.

So I guess the takeaway is: remember this one too, I guess? Throw this on the pile alongside all the hours you spent forced to make an “AMP version” of a website, and alongside every privacy-obliterating tracking script Manifest V3 has forced you to transfer so far. Remember this the next time Google announces an “exciting new standard” that they’re heroically championing — for you, for users, for good of the web — in language that has just a hint of inevitability about it. You know who they are. You’ve known for a long time.