tantek.com

↳ In reply to

issue 453 of GitHub project “standards-positions”


I have user-surveillance and user-control concerns about the Idle Detection API. Even with the required 60 second mitigation, it can be used for monitoring a user’s usage patterns, and manipulating them accordingly. (Also noted in Mozilla’s formal objection to the proposed 2021 W3C DAS WG charter: https://lists.w3.org/Archives/Public/public-new-work/2021Jul/0011.html)

As it is currently specified, I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation (e.g. hunger, emotion, choice [1][2][3]). In addition, such coarse patterns could be used by websites to surreptiously max-out local compute resources for proof-of-work computations, wasting electricity (cost to user, increasing carbon footprint) without the user’s consent or perhaps even awareness.

Thus I propose labeling this API harmful, and encourage further incubation, perhaps reconsidering simpler, less-invasive alternative approaches to solve the motivating use-cases.

[1] https://pubmed.ncbi.nlm.nih.gov/31589063/
[2] https://www.apa.org/pubs/journals/releases/emo-emo0000422.pdf
[3] https://www.sciencedirect.com/science/article/abs/pii/S0195666310000723

Mentions:
* Christine Hall. (2021-10-04). Google’s New Spyware in Chrome 94. https://fossforce.com/2021/10/googles-new-spyware-in-chrome-94/

on (ttk.me t5Dw1) using BBEdit