Chrome 56 Quietly Added Bluetooth Snitch API

Zarathustra[H]

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,861
The folks over at The Register noticed something interesting about the latest Chrome 56 release over the weekend, that seems to have gone mostly unnoticed despite Google announcing it in the video below. Webpages can now communicate with nearby Bluetooth devices using the Web Bluetooth API, and by "communicate" they mean that by using a few lines of Javscript webpages can "discover and control" nearby devices.

While I am sure there are some great potential uses for this capability, and the user does have to grant permission, it also does not seem to be a stretch to envision how this might be abused. As the Register points out, the response on Twitter was pretty harsh.

As pointed out to The Register last year by privacy researcher Lukasz Olejnik, the API makes it possible for site owners like Google to gather a huge amount of privacy-intrusive information. The Bluetooth Web API community would have trouble denying this, since its first example code is for retrieving data from a heart rate monitor.
 
Jim Kim said:
Is there such a thing as a safe, fast, efficient Web Browser anymore?
Click to expand...

Palemoon, SeaMonkey, Firefox (with Classic Theme Restorer and some other extensions to make it usable) — all depending on what you need.
 
I honestly feel like most of you guys here give Google/Chrome a pass with all the spying Google does, while the torches and pitchforks come out for Win10.
 
Man, it's high noon to start surfing the web only from within a VirtualBox session I guess, and maybe just on a Linux guest too. Sounds like the browser wants to collect information, instead of help me browse information.
 
While I am sure there are some great potential uses for this capability, and the user does have to grant permission, it also does not seem to be a stretch to envision how this might be abused.
Click to expand...

It'll be abused. In the past, to test a theory, I used a few modules and some custom lines of code to extract the GPS location of a person who viewed an image on their mobile phone. It did this without permission of the user to share their location.

Essentially, I sent them an image link in a text message, in actuality, the image.jpeg was really a custom script with HTML to look like it was the standard browser image viewer. In the background, the script acquired your location lat/lon from the OS and emailed it back to me. I only ever used it on my sister/dad as unknowing test subjects. I doubt it still works, as that was a year ago.

So I can see this having potential abuses until they're found and patched.
 
xorbe said:
Man, it's high noon to start surfing the web only from within a VirtualBox session I guess, and maybe just on a Linux guest too. Sounds like the browser wants to collect information, instead of help me browse information.
Click to expand...

Google wants to collect information, for sure. It's what they're dependent on, it's what they do. No one should be surprised that a Google product collects information.
 
People do realise that Google's Chrome is based around the open source browser 'Chromium'?!

It's literally identical to Chrome with none of the privacy issues.
 
BulletDust said:
People do realise that Google's Chrome is based around the open source browser 'Chromium'?!

It's literally identical to Chrome with none of the privacy issues.
Click to expand...

Except for those times when Google has snuck closed "black box" packages into Chromium after the fact, anyway.

and any browser that uses Blink is still helping push Google's proprietary nonsense over inter-operable standards.
 
BulletDust said:
People do realise that Google's Chrome is based around the open source browser 'Chromium'?!

It's literally identical to Chrome with none of the privacy issues.
Click to expand...
comes absent with some features incluing no reliable auto-update or update notification and I have had certificates problems with it as well, while Chrome just hums along. I would say it's crippled to the average user. I'm trying out more obscure browsers now like Brave, Vivaldi.
 
jpm100 said:
comes absent with some features incluing no reliable auto-update or update notification and I have had certificates problems with it as well, while Chrome just hums along. I would say it's crippled to the average user. I'm trying out more obscure browsers now like Brave, Vivaldi.
Click to expand...

In an OS with a package manager (like Linux) you don't have that problem.

I use Chrome over Chromium mostly for historical purposes. back in the day I needed flash support for something, and Chrome has built in Flash, Chromium does not. This really isnt an issue for me anymore though. I ought to switch back.
 
D4rkn3ss said:
oh yeah, i used chrome for a loong time but i had enough with it, im in the process of dumping all my 10+ years gmail accounts too, fuckem, theyre just a data mining shitty ads company anyway.
Click to expand...

Don't forget Android too if you use one of their phones.

I'd love to see a stripped down ROM without all of their spying/data mining junk.
 
When I first started using Linux I downloaded and used Chromium for quite some time as I didn't associate the difference between it and Google Chrome. I have to say, in all that time I never had an issue - I just used to wonder why the icon was blue!
 
What *possible* legit use could this have? Oh, I know. Three-letter agency shenanigans.
 
I'm with the Tweeters in that article: How do I turn this off and keep it that way?
 
Wow, that sounds like a horrible, useless, potentially dangerous ability to add to a web browser.
 
You must log in or register to reply here.
Back
Top