IDG Blog | Chrome browser ‘device use’ setting, side effects that only Google didn’t know

When Google released Chrome 94 for Android and desktop last month, it installed an evil API called ‘Idle Detection’.
ⓒ Thinkstock

According to Google, the device availability setting tells developers if the user is currently using the device. Based on the threshold defined by the developer, it is possible to check whether the user is using the keyboard, mouse, or monitor, activation of the screen saver, locking the screen, switching the screen, etc. Google“Existing mechanisms only consider interactions with the application itself,” explained, “but collaborative applications need a more comprehensive signal as to whether the user is away or not.”

Let’s take a look at how the device availability setting has an adverse effect. ForceForcecited two sources who persuasively analyze why mobile solutions providers like Google don’t always keep users in mind.

“The device availability feature leads to surveillance capitalism by allowing websites to invade the user’s physical privacy,” said Tantec Selick, head of web standards at Mozilla. It is possible to record the user’s hardware usage patterns for a long period of time, understand the rules of life such as lunch time, and psychologically manipulate the user’s active behavior.”

In addition, Selick said, “There is a risk that individual sites will maximally allocate computing resources to cryptocurrency mining without consent based on users’ approximate behavioral patterns, waste power, and increase carbon emissions. Users may not even be aware of this.”

In Vivaldi browser, which is specialized for privacy protection, the device use setting is installed as a default deactivation function. “At Vivaldi, we consider the concept of actually observing whether a user is in front of a computer or not, as a privacy issue and a security issue,” said Jon von Tetzner, CEO of Vivaldi Technologies. “Someone thinks, ‘I’ll try to break the computer while no one is in front of it,’ and there is a possibility that it can be used for cryptocurrency mining, etc.”

The problem is here. Google is not naive enough to focus solely on revenue and business partners. Google rationalizes that if you have data that advertisers, advertisers, or game developers value, you should share it with everyone.

Companies like Google and Apple need to think about what the worst crime a malicious person could commit with this information when developing a mobile platform. That means you have to think like a security or privacy expert.

Did Google developers even think about calling a cybersecurity executive when they were discussing whether to enable or disable the device? Did the privacy team even attend the meeting? Or did you leave a note or send a reference email to the cybersecurity or privacy team?

The final approver of this setup is unknown, but it’s certainly not a cybersecurity or privacy officer. These decisions are based solely on results drawn from departments rather than individuals. If it were any other vendor, I would have guessed that the privacy and security officer’s advice was ignored or dismissed at the meeting. But at Google, the security and privacy officer must have never received a reference email or attended a meeting.

Privacy and security must be reviewed very carefully before every new product or feature is released. In fact, it is safe to review only the problems that can be fixed. Therefore, it is also a problem that the Google development team did not recognize that privacy and security issues clearly exist. It’s a different way of looking at software. The Google development team considered the code that makes up the program only as a profit means to increase market share.

Privacy and security are not an issue to consider later. Of course, you might think about it later, but the terrible feature of enabling or disabling the device is the result of considering privacy and security as a matter of delay. [email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!