The google chrome browser itself is not its a proprietary browser that is based on chromium and having code running throughout your entire browser that you cant, see or audit for yourself or have independently audited, is really bad because you dont know what its doing it could be Improperly configured or have buggy code leading to zero day vulnerabilities and hacking, but even worse, the company behind the proprietary code could be using it to spy on you, which is very likely in this case. Considering that googles, entire business model involves them collecting as much data as possible on their users and just think about how much data about you is going through your browser. Every single day, google, with access to your entire search, history and browser activity, may know more about you than your closest friends. Now maybe you think that this perspective is just tinfoil hat schizotalk, but google just recently added a new feature into their chrome browser to track your attention on web pages. They call it idle detection, api and heres a description of it from web.dev the idle description, api notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard mouse screen activation of a screen, saver, locking of the keyboard or moving to A different screen, a developer, defined threshold triggers this notification, so this is something that the developers of different sites are going to be able to utilize to track their user interaction, their web pages, or, i guess, really, the lack of user interaction on their web pages and Theres also some example use cases listed here, so chat applications or online social networking sites could use this api to let the user know if their contacts are currently reachable, so, whether theyre at the computer or not publicly exposed kiosk apps, for example, in museums, can use This api to return the home view, if no one interacts with the kiosk anymore apps that require expensive calculations, for example, to draw charts, can limit these calculations to moments when the user interacts with their device, so not wasting those resources when somebodys not actually looking at It now, if you ask me this api sounds pretty sus, or at least it could be very easily used by the devs to spy on their users a lot more closely.

I mean, i know its an api, so i guess its ultimately just going to depend on how its used its pretty hard to say whether its just totally bad or not. But one thing that i do think is pretty bad. Is googles, implementation to show users when a site is trying to use it? So basically, this is the kind of pop up that youre going to get right here, right, so its similar to the same thing that you get whenever you visit a site and it prompts you to use, say your webcam or your microphone for a video chat, except This prompt says that the site wants to know when youre actively using the device, and i dont know if this description of what the api can do is uh good enough for an end user to make an informed decision whether or not to allow this. You know the microphone and camera prompts. Those are straightforward. You dont have to be a tech savvy person to understand it. You know if it wants to turn on the camera, then the site can see me. If i turn on the mic, then the site can hear me, but for the site to know when youre using the device. That means that they have to know when youre on that tab or, if youre on another tab or when youre clicked onto another screen. If, at a desktop or like we got in the description it can tell if your screen saver is on things like that, when the tab is minimized now browsers already do have apis.

That can accomplish a lot of this functionality, so in another way it also kind of brings into question. What exactly is this api supposed to? Accomplish? I mean at the very least it kind of seems like it might be bloat to me, because, for these simple example use cases that are given theres already other ways to accomplish this without using an idle detection api. Now i guess you could use this for more complicated use cases. Like one thing, i see certain people bringing up a lot and discussions about this api is that developers might use it to see when their users are afk and then use the computer to mine bitcoin. For them until the user returns uh, and i really doubt that they would be mining bitcoin, i mean maybe ethereum or ravencoin, because those can be mined with gpus. But that sounds like a possible malicious use case for this uh. If the api can provide a higher degree of certainty, that someone is afk or not just playing a game on steam or something like that, you might be able to mine crypto without the user noticing or even start deploying some kind of malware. That might make something pop up onto the screen, but the end user wont be there to see it because theyre completely away from the computer. This could also be used to try and get ideas about a users routines and their habits like if you go afk around the same time for 30 minutes or half an hour every afternoon.

Around the same time, you can think. Oh, this is probably when that person is going to go, eat lunch or if they go afk every friday evening for a few hours. Maybe you know, oh, this person is at a bar enjoying happy hour. I know that theyre away from the computer and even away from their house for several hours, it could be used as a way to stake, someones routine out remotely another use case, which im pretty sure is going to be used. A lot which kind of sucks is spying on employees or kids that are taking online classes through zoom, or something like that to make sure that they are staying on the browser tab or whatever. Has the lesson plan open for the entire length of the lesson which really sucks like some kids? They get their work done faster or theyre, just able to learn faster, especially in public school, where the classes tend to be slower anyway. They dont need three or four lessons about how the mitochondria is the powerhouse of the cell, so yeah. Of course, if a kid is bored in class, theyre going to go, play fortnite or whatever, and the same applies to adults that are working some people, they just get their work done many times faster than their colleagues, so im going to call it right now. This is definitely going to be used by schools and employees or employers rather to spy on their students and their employees, but there is a solution to all this theres.

Actually, a couple of solutions. Uh to this you can disable the auto detection completely in google chrome, which im going to show you right now. I installed this browser. Google chrome on my linux mint partition just to show you how to mitigate it. So if you go to chrome colon forward, slash forward slash settings, content, idle detection inside of your browser here, uh its going to bring you to the settings page, so its buried deep within the menu. You know this is something that is kind of difficult to find, but you just have to change it to dont, allow sites to know when youre actively using your device and there you go so as far as we know its turned off as far as google chrome Goes but in all honesty, you should just use a browser that doesnt have a bunch of spooky nonsense built into it. I would say: firefox is a pretty good choice. Generally, i do still recommend some hardening and turning off pocket and some of the additional bloat thats built into firefox, but as far as the privacy concerns go theres nowhere near as many with firefox as there is with google chrome, but anyway hope.

https://www.youtube.com/watch?v=nk-Ghf1L6R4