New Chrome feature can tell sites and webapps when you’re idle

[ad_1]

The new Idle Detection API gives Chrome the ability to register whether a user is active, and has drawn concerns from privacy advocates. Here’s how to disable it.

chrome-spying-device.jpg

Google Chrome version 94 was recently released with a long list of patch notes, and buried among it is the announcement of the stable release of Chrome’s Idle Detection API, which has drawn criticism from privacy advocates. 

As described by the Chrome Platform Status page for the Idle Detection API, it can “notify developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen.” 

SEE: Security incident response policy (TechRepublic Premium)

The design behind such an API is hardly nefarious, with The Register describing it as being intended for multi-user applications like Slack, or online games. In that role it could be useful, but both Mozilla and Apple developers have expressed reservations about potential for abuse the Idle Detection API presents.

Apple WebKit developer Ryosuke Niwa pointed out that the API could be used to perform malicious actions only when a user was away from the PC, further obfuscating attempts at detecting resource-intensive malware, like the kind used to mine cryptocurrency. “Our concerns are not limited to fingerprinting. There is an obvious privacy concern that this API lets a website observe whether a person is near the device or not. This could be used, for example, to start mining bitcoins when the user is not around or start deploying security exploits, etc…,” Niwa said. 

Niwa further describes the API as unnecessary, with risks far outweighting benefits. “None of the use cases presented either here or elsewhere are compelling, and none of the privacy or security mitigations you’ve presented here and I found elsewhere are adequate,” Niwa said.

Mozilla developer Tantek Çelik expressed similar reservations, particularly focused on surveillance and control concerns. The Idle Detection API, Çelik said, is too tempting of a target for surveillance-minded companies and websites. Armed with the API, such sites could “keep long-term records of physical user behaviors … and use that for proactive psychological manipulation,” Çelik said. 

The Idle Detection API could be in use on your system now

With the release of Chrome 94 on September 21, the Idle Detection API is now installed and enabled by default. Those concerned about the potential for misuse may want to turn off the Idle Detection API; luckily it isn’t too hard. 

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

To start, look to the upper right of your Chrome window for the three dots. Clicking on those will open Chrome’s menu. Look for Settings and click on that. With the Settings tab open, look for Privacy and Security in the menu on the left (Figure A).

chrome94-figure-a.jpg

Figure A: Finding the Chrome Privacy and Security menu

On the Privacy and Security screen, look for Site Settings (Figure B) and click on it. 

chrome94-figure-b.jpg

Figure B: Where to find Site Settings under Privacy and Security

The next item you’re looking for is Additional Permissions at the bottom of the Permissions menu (Figure C); click on that, and get ready to scroll.

chrome94-figure-c.jpg

Figure C: Finding Additional Permissions settings under Permissions

Toward the bottom of the Additional Permissions items you’ll find an item labeled Your Device Use (Figure D). Click it. 

chrome94-figure-d.jpg

Figure D: Locating Your Device Use in the Additional Settings menu

We’ve finally arrived at Figure E, where you can see the option to toggle the Idle Detection API off. You’ll also find space here to add site exceptions if there are some web apps you want to use Idle Detection on. 

chrome94-figure-e.jpg

Figure E: Disabling the Idle Detection API in Google Chrome

Also see

[ad_2]

Source link

  • Related Posts

    Run Linux edge applications on Windows PCs and servers with EFLOW

    [ad_1] WSL isn’t the only official way to run Linux code on Windows systems. Find out how to take advantage of Azure IoT Edge for Linux on Windows. Image: Shutterstock/TippaPatt…

    How one start-up learned that in order to succeed, you need to master the art of the pivot

    [ad_1] It can take multiple pivots for a good idea to turn into a product. The founders of PÜL began with surfing and ended with a smart cap. Here’s how…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Buy GoPotent Çmimi – Përdorimi Dhe Efekte Anësore 2025 Cijena, Gdje kupiti, Sastav, Način uzimanja, Forum, Recenzije

    JAVA BURN – ((❌ WARNING! ❌)) – JAVA BURN REVIEW – JAVA BURN WEIGHT LOSS REVIEWS – JAVA BURN COFFEE ✓Official Website:

    Cardiotensive HU – normális vérnyomás az első használattól kezdve

    Cardiotensive HU – normális vérnyomás az első használattól kezdve

    Matcha Suri Green Tea Supplements || Buy Matcha Green Tea Near Me

    Cheap Nursery Near Me Dubai – Budget-Friendly Yet High-Quality Education for Kids

    Why Every Business Needs a Digital Marketing Agency in Dubai