Consider removing/disabling Idle Detection API #1659
Comments
|
I don't see why the feature should be removed from ungoogled-chromium. It appears to not be connected with any Google services and as such does not violate the objectives of this project. Privacy tweaks (as stated in the readme) are mainly available as opt in flags, the idle detection api can be disabled even easier by opening the settings. |
You've got a point there.
That's why I also suggested to disable this new "feature" by default, as it is clearly a privacy issue. |
|
The idle detection api is permission-based like the others in the It would be weird to have just that one permission disabled by default instead of, for example, access to USB devices, location, camera, and microphone as well. Personally I'd never grant a site usage for the majority of the entries there but I like knowing what sites are requesting those permissions and when, so I leave the radio buttons on 'ask'. |
|
Given the ability to set this setting in your profile, which should be preserved for you, there seems to be very little benefit of disabling it via ungoogled-chromium patches. |
|
It should be removed but it SHOULD be disabled by default. The reason is that many people won't even be aware of the toggle existing, so will inadvertently leave it to enabled. Since it is a privacy issue it does not make sense to have the default setting at enabled. Switching the default setting to disabled surely is no big deal programming-wise? |
I think you mean:
Mozilla and Apple already decided that Firefox and Safari won't support the Idle Detection API, at least not in its current form because it has the potential for abuse. |
ungoogled-chromium users are not in this group of users. There is no need for the browser to disable it by default, you can change it in the settings easily. I would even go as far as to say that changing this default would defeat the object to keep the ungoogled-chromium experience close to chromium. |
|
@nicolaasjan thanks for pointing out the typo: yes it should read should not. |
I am fully aware of that, but with that policy you ignore the fact, as I pointed out, that many people won't even be aware of the toggle existing, so will inadvertently leave it to enabled. Since it is a privacy issue it does not make sense to have the default setting at enabled. Since Ungoogled Chromium was created precisely to improve privacy by blocking/taking away certain Google privacy invading features, I cannot marry that noble principle with letting unsuspecting users fall into this trap, when it is so easy to provide that togglable protection upfront. |
Most of them probably not, but not all of them, I'm afraid.
I get that, but IMO exceptions should be be considered when google makes controversial decisions like this. |
|
@DutchPete As far as I can see, there is no What remains is whether Ungoogled Chromium should disable this by default by principle. I would be all for it, but as you can see by the extra privacy-related flags added to it, they're all disabled by default, so it's not the project's general approach. |
That being the case it makes even less sense to not disable this one too. After all, a site asking a browser user permission to know when they are using a device is highly unusual. Moreover, “sites may convince users to give the permission”, something that is open to abuse. So, why not disable it, and if a user feels the need that certain sites may indeed “know”, that means the user is likely to have thought about it and to know what it means, in stark contrast to the unknowing user clicking “yes” to just keep browsing smoothly when a site asks. |
In my view that statement does not make sense: considering all the privacy flags UC already has in place, you are arguing this single one destroys the Chromium experience? Come on. |
That's not how you should read it: these extra flags are patches on top of the Chromium codebase, optionally giving you extra privacy features. They're disabled by default, which would translate directly to leaving the Idle Detection feature from the Chromium codebase untouched, i.e. ask-per-site.
I agree with you on that. In my previous post I was trying to say that
In place, but not enabled.
I would generally like to see this approach in Ungoogled-Chromium to be honest, but I'm not sure it will ever come to this. |
Sure, it is for the devs to decide whether they want to implement it or not. Hopefully they are open to good, valid arguments, but at the end of the day we'll have to defer to them. |
A project that does have this philosophy is LibreWolf, based on Firefox, but inevitably this will break some sites. This is probably one of the reasons Ungoogled Chromium won't do it. |
I doubt it because a number of other flags already in place also break sites. |
|
The important difference is that all those are opt in |
So, disabling Idle Detection API would be right in line with that philosophy and make the feature also an opt-in. Or do I misunderstand? |
|
FWIW, Brave disabled it. |
|
@nicolaasjan Thanks, I know, I also use Brave. |
|
I heard about this via r/privacy. In the thread, a commenter said "WTF ??? I trusted this browser until now ! From now on I will stop recommending to anyone." It currently stands at ~170 upvotes, so there are at least ~170 people who have not responded but feel similarly. Please reconsider. |
|
For reference it is this comment: https://www.reddit.com/r/privacy/comments/pwkkbj/comment/hehr81w/?utm_source=share&utm_medium=web2x&context=3 I've already stated my reasoning why I personally don't see the need to disable this by default. The r/privacy community at least has a different opinion although I'm sure that if people would actually read the issue the outcry wouldn't be so loud. I respect the community that has formed around this project and deeply believe in democracy for finding solutions. Even if I personally don't see the need for change as I already said I'm fine to approve such a change if other maintainers aggree |
|
The current focus of ungoogled-chromium is not to address all the privacy issues in Chromium, but this is part of the larger, complex discussion about the project's vision I will be having with the collaborators in the future. There needs to be more clarity about what exactly ungoogled-chromium should encompass, since I've seen developers and the community get confused. If the change is small enough, it should be fine to include it. |
|
It wouldn't be a complicated change to have the default set to disabled. The problem is that would only apply for new profiles. Anyone with an existing profile already has the setting set and would still have the permission set to 'ask' after the patch. I believe that has happened to some Brave users since there are some reports that it's not disabled for them. Making a patch to change that would be rather messy and prone to overwrite legitimately-set settings. I don't mind making a PR to disable this but I'd also like to disable all of the other permissions at the same time. Any argument for someone accidentally allowing the permission for idle detection could equally be made for any of the other ones. |
Official Chromium now has a controversial feature called:
"Idle Detection API" (enabled by default).
You can check the internal page:
chrome://settings/content/idleDetectionMozilla:
mozilla/standards-positions#453 (comment) (@tantek from Mozilla)
Apple:
https://lists.webkit.org/pipermail/webkit-dev/2020-October/031565.html
Can this "feature" be removed from Ungoogled Chromium or at least be set to disabled by default?
The text was updated successfully, but these errors were encountered: