When Tech Giants Write the Rules: The Uncomfortable Truth About Google's Prompt API

There's a principle that's been core to the web since its inception: web standards should belong to everyone, not to advertising companies. That principle just took a significant hit.

Recently, Google shipped the Prompt API—a feature designed to let web developers access AI models directly from browsers. Sounds useful, right? The problem is how it shipped, and what it actually represents when you dig past the marketing language.

The Standards Process That Wasn't

Let's talk about how web standards are supposed to work. There's a reason we have the W3C and organizations like Mozilla and WebKit. These bodies exist to ensure that the web remains open, interoperable, and not controlled by any single company. It's why your geolocation data isn't locked behind a Maps Terms of Service. It's why embedding media doesn't require you to agree to some corporation's usage policies.

Enter Google's Prompt API. When Mozilla, WebKit, and the W3C TAG voiced serious concerns, the collective response was essentially: "Thanks for the feedback. We're shipping it anyway."

The justification? "Developer interest."

The evidence for this interest? A comment thread with three responses (one unrelated), more downvotes than upvotes, and what can only be described as a vibe-check disguised as data—a single number from an undisclosed survey, presented by someone whose job success explicitly depends on this feature being popular. If that sounds circular, that's because it is.

The API You Actually Got (Spoiler: It's Not What You Think)

Here's where things get really interesting. Google marketed this as a standardized interface for AI. What actually shipped is an API specifically for Google's Gemini Nano model. Not an open standard. Not a flexible interface. A gateway to Google's proprietary model.

This reframes everything. Want to use the Prompt API? You're not just using an open web standard—you're agreeing to Google's prohibited use policies. Your code now carries terms of service. Your linter won't catch them. Your code review won't surface them. But they're there.

Think about that for a moment. Imagine if:

• The Geolocation API required you to license Google Maps and agree to their terms just to use coordinates
• Embedded images came with an HTML Standard™ Terms & Conditions clause
• Using any standard API meant your development team needed to audit a corporate legal document before touching the code

This isn't how web standards work. Until now.

The Model That Came Without Asking

If you're a Chrome user, you probably noticed a 4GB download recently. That's Gemini Nano—now bundled into Chrome. You didn't opt in. You don't need to opt in. And if you remove it, Chrome will quietly reinstall it.

The specification claims this is a one-time exception. Future AI models? Those require explicit permission. But Google's model? That's the default. That's the special case written into the standard Google created.

Meanwhile, Chrome's other "AI" features—typing assistance, page summaries, content suggestions—continue to phone home to Google's servers with no signs of ever using local models. The line between "what runs locally" and "what enriches Google's data collection pipelines" remains conveniently blurred.

Why This Matters: Privacy Beyond the Obvious

Yes, the forced 4GB download is wasteful. Yes, requiring Terms of Service agreement for API access breaks web standards philosophy. But the privacy angle is where this gets really uncomfortable.

Browser fingerprinting is already a problem. Advertisers can track you based on your display resolution, your installed fonts, your timezone. Now add "the specific AI model installed on your device, released on a specific date, available only to certain users." That's a fingerprinting vector that makes you more unique, not less.

Worse? Any website you visit can send prompts to that model without asking permission. Your processing power. Your installed model. Your device resources. All available to every site you navigate to.

Google's response: "Trust us, it's fine." This is the same company that's paid billions in privacy settlements and faced countless lawsuits over deceptive data practices.

What This Means for Developers

If you're building for the web, this is worth thinking about carefully:

1. You're accepting someone else's terms when you use this API—whether you read them or not
2. You're responsible if your use violates Google's prohibited use policy
3. Your users don't get a choice about whether their device runs this model
4. The precedent is set for future tech to ship the same way

The Bigger Picture

This isn't really about whether AI in browsers is a good idea. That's a separate conversation with valid points on multiple sides. This is about how decisions get made when one company controls the dominant browser platform.

Web standards exist because we learned, collectively, that letting a single entity control how the web works produces worse outcomes for everyone. That's not political posturing—it's history. It's why we have these processes in the first place.

When those processes get bypassed because a company built the browser and packaged the feature with it, that's a problem worth naming. Whether you think Gemini Nano is amazing or terrible, whether you think AI in browsers is the future or a mistake—the process failure affects all of us.

At NameOcean, we're built on the principle that open standards matter. Domains are foundational to web infrastructure precisely because they're not controlled by any single company. As the web evolves, that principle becomes more important, not less.

The next time you're choosing a hosting platform or considering how to build your infrastructure, ask yourself: Does this company respect open standards? Or are they writing their own rules?

Because apparently, that's an option now.

What's your take? Is the Prompt API a useful feature that's worth the tradeoffs, or a troubling precedent that breaks something important? Let's talk about it.