Google now tells criminals when Chrome users are ‘idle.’ What could go wrong?


When Google released Chrome 94 for Android (and desktop), it slipped in some naughty capabilities via an API called Idle Detection.  

“The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification,” Google said in a blog post. “Applications that facilitate collaboration require more global signals about whether the user is idle than are provided by existing mechanisms that only consider a user’s interaction with the application’s own tab.”

What’s so bad about that?

An excellent story in FossForce by Christine Hall (always quotable and trustworthy) cites two sources who make an eloquent case for why mobile vendors like Google might not always have users’ needs in mind.

“I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation (e.g. hunger, emotion, choice),” FossForce reported, quoting Tantek Çelik, the web standards lead at Firefox browser developer Mozilla. “In addition, such coarse patterns could be used by websites to surreptitiously max-out local compute resources for proof-of-work computations [i.e. cryptomining, etc], wasting electricity (cost to user, increasing carbon footprint) without the user’s consent or perhaps even awareness.”

Jon von Tetzchner, founder and CEO at privacy-focused Vivaldi, noted that the API is blocked by default in Vivaldi’s browser. Note: Apple also said it’s not implementing the API. 

Copyright © 2021 IDG Communications, Inc.



Source link