I have user-surveillance and user-control concerns about the Idle Detection API. Even with the required 60 second mitigation, it can be used for monitoring a user’s usage patterns, and manipulating them accordingly. (Also noted in Mozilla’s formal objection to the proposed 2021 W3C DAS WG charter: https://lists.w3.org/Archives/Public/public-new-work/2021Jul/0011.html) As it is currently specified, I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation (e.g. hunger, emotion, choice [1][2][3]). In addition, such coarse patterns could be used by websites to surreptiously max-out local compute resources for proof-of-work computations, wasting electricity (cost to user, increasing carbon footprint) without the user’s consent or perhaps even awareness. Thus I propose labeling this API harmful, and encourage further incubation, perhaps reconsidering simpler, less-invasive alternative approaches to solve the motivating use-cases. [1] https://pubmed.ncbi.nlm.nih.gov/31589063/ [2] https://www.apa.org/pubs/journals/releases/emo-emo0000422.pdf [3] https://www.sciencedirect.com/science/article/abs/pii/S0195666310000723 Mentions: * 2021-09-22 Octavio Mares, Information Security Newspaper. “New Google Chrome update has a dangerous idle detection feature that will track system usage in detail” https://www.securitynewspaper.com/2021/09/22/new-google-chrome-update-has-a-dangerous-idle-detection-feature-that-will-track-system-usage-in-detail/ * 2021-09-23 Rob Thubron, TechSpot. “Google Chrome 94 arrives with controversial Idle Detection API” https://www.techspot.com/news/91390-google-chrome-94-arrives-controversial-idle-detection-api.html * 2021-09-23 Hindustan Times. “Mozilla warning! Google Chrome lets websites invade YOUR privacy” https://tech.hindustantimes.com/tech/news/mozilla-warning-google-chrome-lets-websites-invade-your-privacy-71632373561899.html * 2021-09-23 Kajol Aikat, TechGig. “Mozilla roasts Chrome for breaching user privacy in the new update” https://content.techgig.com/technology/mozilla-roasts-chrome-for-breaching-user-privacy-in-the-new-update/articleshow/86423129.cms * 2021-09-24 Arkadiusz Strzala, Gamepressure. “Google Chrome 94 Introduces Controversial AFK Detection” https://www.gamepressure.com/newsroom/google-chrome-94-introduces-controversial-afk-detection/z939e8 * 2021-09-28 Brandon Vigliarolo, TechRepublic. “New Chrome feature can tell sites and webapps when you’re idle” https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/ * 2021-10-02 Zak Doffman, Forbes. “Why You Suddenly Need To Delete Google Chrome” https://web.archive.org/web/20211002160041/https://www.forbes.com/sites/zakdoffman/2021/10/02/stop-using-google-chrome-on-windows-10-android-and-apple-iphones-ipads-and-macs/ * 2021-10-02 Reddit. “Chrome has implemented an API that can detect when you are idle or not” https://www.reddit.com/r/savedyouaclick/comments/pzxyxt/why_you_suddenly_need_to_delete_google_chrome/ * 2021-10-04 Christine Hall. "Google’s New Spyware in Chrome 94” https://fossforce.com/2021/10/googles-new-spyware-in-chrome-94/ * 2021-10-07 Evan Schuman, Computerworld. “Google now tells criminals when Chrome users are ‘idle.’ What could go wrong?” https://www.computerworld.com/article/1615523/google-now-tells-criminals-when-users-leave-their-devices.html

I have user-surveillance and user-control concerns about the Idle Detection API. Even with the required 60 second mitigation, it can be used for monitoring a user’s usage patterns, and manipulating them accordingly. (Also noted in Mozilla’s formal objection to the proposed 2021 W3C DAS WG charter: https://lists.w3.org/Archives/Public/public-new-work/2021Jul/0011.html)

As it is currently specified, I consider the Idle Detection API too tempting of an opportunity for surveillance capitalism motivated websites to invade an aspect of the user’s physical privacy, keep longterm records of physical user behaviors, discerning daily rhythms (e.g. lunchtime), and using that for proactive psychological manipulation (e.g. hunger, emotion, choice [1][2][3]). In addition, such coarse patterns could be used by websites to surreptiously max-out local compute resources for proof-of-work computations, wasting electricity (cost to user, increasing carbon footprint) without the user’s consent or perhaps even awareness.

Thus I propose labeling this API harmful, and encourage further incubation, perhaps reconsidering simpler, less-invasive alternative approaches to solve the motivating use-cases.

[1] https://pubmed.ncbi.nlm.nih.gov/31589063/
[2] https://www.apa.org/pubs/journals/releases/emo-emo0000422.pdf
[3] https://www.sciencedirect.com/science/article/abs/pii/S0195666310000723

Mentions:
* 2021-09-22 Octavio Mares, Information Security Newspaper. “New Google Chrome update has a dangerous idle detection feature that will track system usage in detail” https://www.securitynewspaper.com/2021/09/22/new-google-chrome-update-has-a-dangerous-idle-detection-feature-that-will-track-system-usage-in-detail/
* 2021-09-23 Rob Thubron, TechSpot. “Google Chrome 94 arrives with controversial Idle Detection API” https://www.techspot.com/news/91390-google-chrome-94-arrives-controversial-idle-detection-api.html
* 2021-09-23 Hindustan Times. “Mozilla warning! Google Chrome lets websites invade YOUR privacy” https://tech.hindustantimes.com/tech/news/mozilla-warning-google-chrome-lets-websites-invade-your-privacy-71632373561899.html
* 2021-09-23 Kajol Aikat, TechGig. “Mozilla roasts Chrome for breaching user privacy in the new update” https://content.techgig.com/technology/mozilla-roasts-chrome-for-breaching-user-privacy-in-the-new-update/articleshow/86423129.cms
* 2021-09-24 Arkadiusz Strzala, Gamepressure. “Google Chrome 94 Introduces Controversial AFK Detection” https://www.gamepressure.com/newsroom/google-chrome-94-introduces-controversial-afk-detection/z939e8
* 2021-09-28 Brandon Vigliarolo, TechRepublic. “New Chrome feature can tell sites and webapps when you’re idle” https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/
* 2021-10-02 Zak Doffman, Forbes. “Why You Suddenly Need To Delete Google Chrome” https://web.archive.org/web/20211002160041/https://www.forbes.com/sites/zakdoffman/2021/10/02/stop-using-google-chrome-on-windows-10-android-and-apple-iphones-ipads-and-macs/
* 2021-10-02 Reddit. “Chrome has implemented an API that can detect when you are idle or not” https://www.reddit.com/r/savedyouaclick/comments/pzxyxt/why_you_suddenly_need_to_delete_google_chrome/
* 2021-10-04 Christine Hall. "Google’s New Spyware in Chrome 94” https://fossforce.com/2021/10/googles-new-spyware-in-chrome-94/
* 2021-10-07 Evan Schuman, Computerworld. “Google now tells criminals when Chrome users are ‘idle.’ What could go wrong?” https://www.computerworld.com/article/1615523/google-now-tells-criminals-when-users-leave-their-devices.html