Mozilla says Chrome’s latest feature enables surveillance

I am a privacy-conscious person but I really wish these debates could be a little more nuanced.<p>This API is behind a permission prompt that can only be triggered in response to a user gesture, so the bar to entry is high. The example on web.dev is a chat app that would automatically set an active&#x2F;away status: seems useful! IMO I ought to have the ability to cash in some of my privacy chips (so to speak) on a site that I know and trust and that I want extra functionality from.<p>Relatedly, I feel like Safari is heavy-handed in the opposite direction. For example, it removes all locally stored data from a site if it isn&#x27;t used within 7 days. There are sites I use less frequently than that where I&#x27;d still appreciate the ability to save information, but I don&#x27;t have a choice. It all but guarantees sites need logins, backend storage etc. just to store simple data, which ends up being just as big a privacy danger!

&quot;As you might expect, developers love this new feature—anything that can provide them with more information regarding how users are interacting with their apps is a positive.&quot;<p>Here I am deliberately designing apps that track no user interaction data at all. Maybe that&#x27;s why Google doesn&#x27;t even list my app even though it&#x27;s one of the longest running &quot;web apps&quot; alive and used to be listed #1 when it first came out. Now they have more ads for similar apps than search results on a search results page.

I already don&#x27;t really like how websites can detect whether a tab is active or not (perhaps because callbacks&#x2F;timers get delayed when a tab is inactive?). For example, dslreports&#x27;s speedtest fails your measurement if you switch tabs, and Duo&#x27;s web 2FA interface fails to approve a device which you&#x27;ve set to remember for 30 days if you&#x27;re in a different tab.

I find the page visibility API, supported by every browser including Firefox, just as creepy. Perhaps even more, since most users don&#x27;t know it exists and gave no permission for it to operate. Websites have no business knowing if I&#x27;m looking at them or not, and making assumptions about what I want them to do when I&#x27;m not.<p><a href="https:&#x2F;&#x2F;developer.mozilla.org&#x2F;en-US&#x2F;docs&#x2F;Web&#x2F;API&#x2F;Page_Visibility_API" rel="nofollow">https:&#x2F;&#x2F;developer.mozilla.org&#x2F;en-US&#x2F;docs&#x2F;Web&#x2F;API&#x2F;Page_Visibi...</a>

For reference, it requires a permission dialog and the demo is here: <a href="https:&#x2F;&#x2F;reillyeon.github.io&#x2F;scraps&#x2F;idle.html" rel="nofollow">https:&#x2F;&#x2F;reillyeon.github.io&#x2F;scraps&#x2F;idle.html</a>

As long as you&#x27;re asked for permission I don&#x27;t see the problem

Thats the sort of thing that will climax when video ads pause while you&#x27;re not actively looking at them.

Couldn&#x27;t this information already be discerned fairly easily by user interaction such as mouse movements, requests or scrolling?

Another example of why I avoid Chrome like the plague.

A closed-source browser built by an ad company <i>enables surveillance???</i> Do go on...

Think about it: if a device&#x27;s gyroscope is left idle, it presumes the behavior of a virtual machine. I imagine trust scores use this as a metric when deciding if the user is human or a machine: `device was left in the same geo-coords for a long period of time`: then it is a bot.

If private companies spying on you is &quot;surveillance capitalism&quot;, then the NSA spying on you is surveillance socialism?

&quot;We’ll have to wait and see how developers use this new API in Chrome. It could end being an absolute privacy nightmare—or it could be no big deal.&quot;<p>Gee whiz! I guess we&#x27;ll just have to wait and see if G ends up being evil or not

I think the real story here is that the browser has really become the OS. But whereas before we left all decisions up to the users about what they could install and trust, and they trusted the dev to not do anything nefarious, the browser makers realized that users are a bad judge of character and devs cannot be trusted to be honest. So the browsers created a complex api access process to protect users from bad actors.<p>To move this sort of paradigm back into OS would require a wholesale re-write of APIs and how they&#x27;re accessed.<p>Surprise! Both Apple and Microsoft did that, but neither of their new APIs caught on, because the benefit of being a native app was outshined by losing the easy access to the user data. So from the dev&#x27;s stand point they may as well get the benefits of cross platform that web-apps afford if they&#x27;re gonna have to deal with the gate-keeping anyways; native performance be damned.

How does Chrome find out?<p>Is it watching my camera?<p>Or just no mouse or keyboard activity for a while — because if the latter, my website could already know that.<p>We built an app for distance learning which put something a lot more invasive (but with permission)… namely eye tracking and facial recognition to see whether the kids are paying attention. It’s actually LESS invasive than the current alternative — requiring the kid to keep their camera on. Now the teacher jusy knows when the kid is present and when not.<p>Frankly, USA public schooling is about as invasive and controlling for kids as schooling can get. Every minute of their lives inside the school is regimented. So distance learning can be a respite.

Says the company which has no intent whatsoever of providing a half decent alternative to Chrome.<p>Instead of designing a system that allows third parties to offer alternative browsers they decided to be selfish and do everything by themselves for themselves, and wonder why their market share continues to plummet.<p>Where is the GeckoView alernative for desktops that would allow their technology further reach?

Imagine if Mozilla spent even one tenth the amount of effort on their own crappy product as they do hand-wringing about Chrome. We might have another viable web browser.