Both companies say there are privacy concerns with Chrome’s new API
The latest version (94) of Google‘s browser for the desktop and Android devices has just been released to the public, but Apple and Mozilla have raised privacy concerns over a new API included in the update.
Idle Detection as the name suggests let’s sites and applications that run within the browser know when a user is idle. This is done through tracking user interaction with Keyboard or Mouse, system events or even locking a device.
The advantages of the API is that it can be used to show a user is away from the keyboard in chat for example or change his status online. It can also be used to free system memory and freeze applications if a user is no longer interacting with them. It required user permission before sites that have implemented the feature can begin using it.
Mozilla, makers of the browser Firefox and Apple who develop Safari have spoken out against the new feature and will not be implementing it in their browsers. Both browsers use the WebKit engine, the same one used for Chrome.
Google’s Reilly Grant asked for feedback on the WebKit mailing list regarding the new feature saying that he understood that the new API would not be implemented due to fingerprinting concerns and that he would, “like to start a conversation to understand the fingerprinting risks you foresee from this API.”
Apple’s Ryosuke Niwa responded to Grant’s request and said that the company’s position had not changed. Their concerns were not limited to obvious fingerprinting and were worried about the potential threat to user privacy that the API posed by letting sites and apps monitor user behaviour.
“This could be used, for example, to start mining bitcoins when the user is not around or start deploying security exploits, etc…” said Niwa.
Mozilla web standards lead Tantek Celik expressed his concerns on GitHub saying, “I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation.”Internet Explorer Channel Network