Chrome’s idle detection is surveillance says Mozilla
Chrome 94 has officially dropped. As is always the case with a new browser version, there’s plenty to be excited about. However, there are also some items to be skeptical about, including a feature Mozilla claims enables surveillance on you.
How Chrome’s New Feature Is Harmful
Chrome 94 introduces a controversial idle detection API. Basically, websites can ask Chrome to report when a user with a web page open is idle on their device. It’s not just about your usage of Chrome or a particular website: If you’ve stepped away from your computer and aren’t using any applications, Chrome can tell the website you’re not actively using your computer.
As you might expect, developers love this new feature—anything that can provide them with more information regarding how users are interacting with their apps is a positive. It’s enabled by default in Chrome 94, but it might not be as bad as it sounds. Like using your webcam or microphone, a prompt will ask your permission before using your idle data on a particular website.
The API comes with its fair share of opponents, including rival browser-maker Mozilla. The folks behind Firefox say that it creates an “opportunity for surveillance capitalism.” Mozilla’s Web Standards Lead Tantek Çelik commented on GitHub, saying:
As it is currently specified, I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation (e.g. hunger, emotion, choice)…
Thus I propose labeling this API harmful, and encourage further incubation, perhaps reconsidering simpler, less-invasive alternative approaches to solve the motivating use-cases.
Of course, Mozilla competes with Google Chrome, so it’s not surprising that a competitor might have strong words about something Google is doing.
However, it isn’t just Mozilla. Apple’s Safari browser uses WebKit, and the WebKit development team also had a lot to say about the new API. Here’s what Ryosuke Niwa, an Apple software engineer who works on WebKit said:
That doesn’t seem like a strong enough use case for this API. For starters, there is no guarantee that the user won’t immediately come back to the device. Also, who is such a service supposed to know what other device user might be using at any given point? We’re definitely not going to let a website know all the devices a given user might be using at any given point. That’s a very serious breach of the said user’s privacy. It seems to me that such a suppression / distribution mechanism is best left for the underlying operating systems / web browsers to handle.
We’ll have to wait and see how developers use this new API in Chrome. It could end being an absolute privacy nightmare—or it could be no big deal.
And, either way, it’s worth remembering that websites can’t get notified of your idle status unless they ask you first and you agree to share it.
We at Lunarsoft strongly recommend using Firefox for your privacy and security.