Google shoving a gloved hand up users rectums again.....
Chrome 56 quietly added Bluetooth snitch API
When Google popped out Chrome 56 at the end of January it was keen to remind us it's making the web safer by flagging non-HTTPS sites. But Google made little effort to publicise another feature that's decidedly less friendly to privacy, because it lets websites connect to Bluetooth devices and harvest information from them …
COMMENTS
-
-
Sunday 5th February 2017 22:03 GMT elDog
But it's only to feel your privates, dearie. Perhaps we can also unclog some of your colocated pipes. Silver Stallion? Getting carried away (literally).......
But now we need to come up with other ways to spoof our USER-AGENT and other mis-identifying information. They're getting down to total personal identification with every use of chrome.
-
This post has been deleted by its author
-
-
Sunday 5th February 2017 22:05 GMT Anonymous Coward
It gets worse every year it seems...
I use Opera which is build upon Chromium simply because I like some of the features but mistrust Google. So I'm hoping that Opera will keep out a lot of bullshit like this here. But even so, it never stopped to amaze me how intrusive the whole thing has become.
When I go to my Opera settings it even states that websites could ask for permission to access ny connected microphone, camera and MIDI devices. The recommended setting being "ask me", but I turned the whole thing off.
But seriously: a website asking me to access a microphone or camera? Not in a million years.
And now we're onto Bluetooth. Yaaay.
But it's the main thing which I think people should do more often: go carefully over the settings of your software (browser in this case) and (try to) figure out what each option does and if you really want to leave this turned on or off.
And thanks to Microsoft's new "hippie" upgrade model: also continue doing this from time to time. Because nowadays you can no longer be 100% sure that no silent updates haven't run which added, changed or removed certain features (especially when you're running Windows 10).
-
Sunday 5th February 2017 23:26 GMT davenewman
Re: It gets worse every year it seems...
The most common way to access a video conference on a computer these days is via a browser. So the site will need to access the camera and microphone if you are going to talk to someone at a distance using a Google Hangout, Zoom.us etc. The alternative is an app on a phone.
-
Monday 6th February 2017 06:10 GMT P. Lee
Re: It gets worse every year it seems...
>The alternative is an app on a phone.
Or an app on your laptop with the built in mic and camera.
Seriously, who runs a camera over bluetooth? If I want to run my bluetooth mic with it, I'll pair it with the computer or phone so the browser can use it as a local device. It does not need to go direct.
There is no good reason for this "feature." Look at the figures, the suggested use case is IoT but how many of those are there? By how much has the attack surface of the web browser increased? Got a bluetooth tether available on your phone?
It's definitely time to ditch Chrome if you haven't already.
And as I've said many times before, we need more fine-grained OS control of applications. I don't care what the current configuration is, remote-triggering of a tunnel between remote websites and (probably) network-capable devices behind a firewall is idiocy.
-
Monday 6th February 2017 07:05 GMT Paul Hargreaves
Re: It gets worse every year it seems...
> Or an app on your laptop with the built in mic and camera.
Installing an app (on a desktop) for a single use camera isn't ideal either.
And, one you've installed that app, it's got complete access to local filesystems, bluetooth, local network devices (e.g. can start to sweep your local subnet), etc.
Don't get me wrong, I want this new functionality disabled/optional as well, but installing software is much worse for security.
-
-
-
-
-
Monday 6th February 2017 08:51 GMT VinceH
Re: perfectly reasonable?
"A web site only ought to know the window size."
Quite. The 'fingerprint' nature of the information they can give is already bad enough - and this this new feature expands that.
Thankfully #1, I don't use Chrome except on very rare occasions - but even so, thankfully #2 is that I don't use anything with Bluetooth enabled. I suppose I should add "that I know of".
-
Monday 6th February 2017 11:45 GMT Jason Bloomberg
Re: perfectly reasonable?
A web site only ought to know the window size.
And perhaps not even that. But browsers have become far more than rendering engines; have become the thin clients of today.
Some people really do want to interact with devices through their browsers, want to be able to 'one-click upload' their health tracking dongle data and have it appear as a graph before their eyes. Browser manufacturers can either tell those users to fuck off or cater to their whims.
-
-
-
Monday 6th February 2017 12:52 GMT Anonymous Coward
Re: It gets worse every year it seems...
It's always good to be cautious, sceptical and some times even a little paranoid.
However, I have never been asked by a website to access my Camera or Microphone unless it was legitimate for the task it was trying to do - voice calls, conferencing etc. The less apps I need to download to do this which then have far more access than I would like to give and stick it with a temporary session in a browser that I can then restrict straight after is a better thing, I feel.
The alternative to the bluetooth searching for an IoT or smart wearable (completely agree that some may be wary of IoT in general, however for some people they find them very useful) is to have it connect over WiFi (sometimes via a zigbee style network first) and then control it via a command and control centre on the web. This raises a whole host of more issues, such as the control website going offline, opening up your IoT to the internet etc.
This would at least give you the opportunity to control bluetooth devices locally and also without requiring an app for each and every device. Any app you install that has the Bluetooth permission can already access all your Bluetooth devices and Google can already access them all if it wanted that data from an Android or IOS device or even directly from the Browser, regardless of this API.
So this is more of the push to be app-less and allow web apps to take their place, no install, write once - run anywhere (that's been touted a lot before). A developer doesn't need to write different apps for different devices and persuade users to install them, they can just write for the browser and use standards.
So, if you mistrust Google then 1) they've been able to collect this information if they wanted it in far more details for a long time from Chromw 2) you wouldn't be using Chrome 3) you wouldn't allow the permission in the first place
If you mistrust a website to use this information then 1) Don't visit the page on a site that requires it (you probably don't have their device anyway) 2) Don't allow permissions to access it when the site asks you 3) Don't install their app as that would have far greater access to your system anyway.
TL;DR Why would you care, it doesn't affect you anyway?
-
Monday 6th February 2017 14:15 GMT Doctor Syntax
Re: It gets worse every year it seems...
"However, I have never been asked by a website to access my Camera or Microphone unless it was legitimate for the task it was trying to do - voice calls, conferencing etc."
Why do you think all those sites which have accessed your camera and microphone for illegitimate reasons didn't ask you?
-
Monday 6th February 2017 15:40 GMT My Alter Ego
Re: It gets worse every year it seems...
"Why do you think all those sites which have accessed your camera and microphone for illegitimate reasons didn't ask you?"
I'm pretty sure they have to ask you. We use the notification and location APIs but I've never seen a browser give access to those permissions by default - it's always asked (unless the user has explicitly told the browser to "Always Allow"
Take Chrome (v.56 Debian) - Location, Camera, Microphone & Notification are all set on installation to "Ask"
-
-
-
-
Tuesday 7th February 2017 11:29 GMT tiggity
On one of my machines I run an out of date browser on an out of date OS (OS cannot be upgraded to newer versions due to hardware limitations).
I have no hassles (then again scripting is off by default, login as non admin user with limited rights, machine specific whitelisting in operation so only allows certain sites to be accessed and whitelist extension cannot be done by the low level account) - works for me - but don't go round surfing random sites just have a small number of sites I regularly visit (the likes of faecebook etc. are not amongst them!) and keeps an old machine in use instead of it going to landfill (& saves me buying a new machine just for CPU undemanding browsing / email )
-
-
Monday 6th February 2017 00:48 GMT Anonymous Coward
Cheers for calling Google out
We could use more of this.... BS Claims of ease-of-use or connecting-the-world always breezes past the mainstream media unquestioned. Whereas anyone not in a coma knows that Google and Facebook are run by sleazy f*cks who'll sell their granny for a buck. Welcome to the 'cult' of data collection...
......"The Register considers it perfectly reasonable to consider the API as another means for sites to gather and aggregate information about users; and if challenged the industry will use familiar weasel-words about how users can experience wonderful new services users will get if they just hand over a little more private data.".......
-
Monday 6th February 2017 00:50 GMT Anonymous Coward
Keep waiting for the day when users will start to push back....
But that seems further and further away... So will people ever wake up... I thought Win10 slurping might do the trick, but no. Sorry to sink to the depths of Godwin's Law, but we live in an era of Stasi / Nazi / data fascism, where annihilation of data rights and privacy is repeatedly sold as being good for us....
-
Monday 6th February 2017 03:21 GMT ecofeco
Re: Keep waiting for the day when users will start to push back....
You will have to wait until long after you and I are dead.
I keep saying this: the average person has no clue about computers and never will and THAT'S why they are being taken advantage of. Nor will they ever for a long, long time. Think about how many people actually know how their car works. That will eventually be the same average for computers.
-
Monday 6th February 2017 10:50 GMT Triggerfish
Re: Keep waiting for the day when users will start to push back....
I have to agree with this, until it get's to a point where it becomes so intrusive people psh back it's going to carry on.
But I think not just because most people don't understand computers, but because companies actively are trying many different ways to get your data.
In a way, slurping on the QT can cause some issues because you can get bitten once people catch on, there's even companies who have taken decent size hits because of this.
The way it really works is companies working the angle through omnichannel marketing and such. Want some vouchers for your supermarket? Sign up, give them your details let them tie that to the data they are picking up when you now connect via wifi to use those vouchers in the shop, and your profile and data footprint grows.
Only the most tinfoil of us would not sign up to nothing, I use things like Amazon for example, and it's these ways that people are really giving away their data, sign up to that supermarket and give them your name, and next thing you know the ad hoarding in your shopping centre is reading your wifi MAC and saying "Hello dave, want to buy some stretchy pants?" (I know you keep buying pie, the supermarket told me so).
Problem is we are getting generations of people who are more and more used to this, and havng the convenience of things just working when they expect, which is the other side of omnichannel marketing, and for the current and coming generations a lot of this is also the boiling frog effect.
-
-
Monday 6th February 2017 12:23 GMT DropBear
Re: Keep waiting for the day when users will start to push back....
Doesn't matter how intrusive it will get, nothing will happen. Not until consequences start coming back to users and hurt them somewhere they do care about: right now, there's no tangible consequence of any kind due to the (very real) loss of privacy. That's why you have such a problem explaining anyone else why you care about it - because right now it's down to ideology, and an "oh no I'm not walking into that trap" attitude rather than practical considerations. Sooner or later it will have to get so bad as to cause real hurt, and then people might suddenly prefer to care - but I suspect by that point it will be way too late and resistance will be genuinely flat out impossible..
-
-
This post has been deleted by its author
-
Monday 6th February 2017 03:58 GMT luminous
Good grief you live in a bubble then. You've never heard of the site years ago called pleaserobme.com - took facebook posts of idiots boasting about their new massive tv then going on holiday for 2 weeks. They got robbed. It happened so frequently that insurers updated their policies to exempt them if the insured person made such posts.
And I guess you've never heard of identity theft either? Or someone not getting a job or something because of a stupid post online.
You can still be online and keep most things private. It's about the choices you make.
-
Tuesday 7th February 2017 02:40 GMT Anonymous Coward
"And I guess you've never heard of identity theft either? Or someone not getting a job or something because of a stupid post online."
Read what I wrote. "Big tech data privacy issues" I specifically made the distinction between *security* issues (e.g. someone stealing your credit card info), which is obviously a problem, and "big tech data privacy" (e.g. fb or Google securely collecting click data to serve more relevant ads). I have never heard of anyone who has had a negative impact because of Google or fb or MSFT or another big tech player securely collecting their data.
Did you honestly think I meant that I have never heard of a negative impact from people getting their credit card stolen?
-
Tuesday 7th February 2017 10:22 GMT folbec
"big tech data privacy" :
- unless you live in China, and the government is helpfully computing your "social score", which will determine if you get credit, or access to a university, or to the local gulag...
- unless you live in the USA, and you need credit, and your credit score is computed from those "big tech data privacy" data. The catch is you won't even know it, unless you go on an expensive legal rampage, which you won't, because if you need credit, you don't have the money
-
-
-
-
-
-
Monday 6th February 2017 18:20 GMT Anonymous Coward
Hmmm.
I keep the WiFi on my Android mobile switched OFF most of the time for power-saving reasons, and when I turn it back on at home, surprise! It briefly presents me with a list of all the WiFi hot spots I've been near while I was out and about WITH WIFI SWITCHED OFF. Clearly, the WiFi receive functionality *never* turns off (it's an open question whether the *transmit* functionality is still running or not). I wonder how much of that location info gets sent to The Mighty Google, and how much of it is being used for location-based pestering.
Anon because I'm just a paranoid bastard.
-
Tuesday 7th February 2017 11:38 GMT tiggity
Re: Hmmm.
Ensure you have wifi scanning off too - this is used by location services they will wake up wifi to aid in geolocation (you probably want location services disabled anyway)
Also check what apps are running in the background in case some of them are waking wifi.
Permission are a lot of apps want is huge.
-
-
-
Monday 6th February 2017 12:31 GMT I Like Heckling
Re: aaaaaaaaaaaannnnnnnnnnnnndddddddddddddd that's why....
Even better as none of my windows machines use bluetooth, and BT on my phone/tablet is turned off until I actually need to turn it on... IE, when using my BT headphones or in the car (most of the time I forget anyway).
I do have chrome installed on one desktop, but it's only used for google hangouts because they do their best to stop it working right on anything else... I also stop any chrome related background services from starting with windows.
-
-
-
Monday 6th February 2017 02:54 GMT Andrew Jones 2
I'm so confused - why is there an outcry exactly? This can't detect anything until the website has asked for and been granted permission right? The whole point of this is supposed to be to do away with the current stupid situation we are in where every product you buy (like for example Bluetooth controlled Christmas Lights) - also requires an app to be downloaded for whatever mobile operating system you happen to be running - and usually it's only available for Apple and Google, Microsoft is often left out. Further - it's only for mobile users. Having a website that allows you to configure the product on whatever platform you are on - regardless of whether it is mobile or desktop via Bluetooth seems like a no-brainer idea to me.
If anyone even bothered to watch last years IO - the plan would be that you could go to a parking meter or EV charger and the Bluetooth Eddystone beacon broadcasts the URL for the parking meter to your phone which announces it's existence, and then the Bluetooth API allows you to connect to it locally so you can pay for your parking or electricity. But I mean if you would prefer absolutely everything should be connected to the internet and you would do things via a central server requiring an account and something sitting constantly listening for commands from a central server - feel free.
I know which solution sounds better from a privacy aspect to me.
-
Monday 6th February 2017 04:13 GMT Kevin McMurtrie
Google usually asks for permission to do things deep down in a terms of service agreement. Chrome is essentially a Trojan horse data harvester so it would not surprise me one bit if Google gives themselves continuous Bluetooth access. On Android, Google grants itself such permissions after nagging you to change the Location Settings to "improve performance."
-
Monday 6th February 2017 10:48 GMT Anonymous Coward
Kevin McMurtrie>>nagging you to change the Location Settings to "improve performance"
Every single bloody location based app tells me that I need to turn on WiFi for improved accuracy. This is simply a lie: my GPS fixes in seconds with a resolution of <10m, and I do not believe either time to first fix nor resolution can be improved by WiFi triangulation. In fact it's worse --- my phone kept thinking I was back at home 30 miles away simply because I brought my hotspot with me!
-
Monday 6th February 2017 15:52 GMT My Alter Ego
That's not how the API works - it's required to ask for permission (unless the user has explicitly told the browser to always allow access to Location, Camera, etc).
Easiest way to see is to click on the Info icon (or Certificate) in the address bar. It'll give you a list of all the permissions the website has. Any of the ones that have privacy issues will be Ask (default), unless you've previously given access.
-
-
-
Monday 6th February 2017 09:38 GMT sabroni
re: the API lets websites ask your browser “what Bluetooth devices can you see,”
And who is in control of which bluetooth devices the browser can see? The article totally omits any talk of the user interface for this feature. How does it work? Can the browser see any bluetooth device that's active and in range of my pc or does it have to be paired with the pc? Can I "pair" devices with the browser like I do with my phone?
There's no reason this API should be a problem if the user still has control over what is visible. If the browser prompts the user before sharing any information, like it does with the location api, then what's the issue?
-
Monday 6th February 2017 14:21 GMT DaLo
Re: re: the API lets websites ask your browser “what Bluetooth devices can you see,”
You don't need to pair with a device you see it but you may need to pair with the device to read any information or communicate directly with it (depends on the security settings of the device).
This is most likely to be used for Bluetooth LE devices which often don't require traditional pairing or authentication.
-
Monday 6th February 2017 21:16 GMT Tim 37
Re: re: the API lets websites ask your browser “what Bluetooth devices can you see,”
On Windows 10 you can't currently see Bluetooth Low Energy devices (the only ones which work with this API) unless they've already been paired so the risk is even lower. Microsoft are planning on fixing this in the future as every other platform allows BLE discovery without pairing and some basic devices don't even support pairing.
-
-
Monday 6th February 2017 10:10 GMT Natasha Live
My first thought is "Why not turn off my computers bluetooth?". Then I remembers I'm on a Mac so my keyboard and mouse are both bluetooth. A quick run of "show available bluetooth devices" gives mouse, keyboard and soundbar within detection range. Okay no so bad. Oh wait, there's my neighbours phone (computer on a shared wall). Well now Google can link me with him. Hum.
Just tried to run some of the google examples for this feature and received this error message:
"Web Bluetooth API is not available. Please make sure the "Experimental Web Platform features" flag is enabled.". So right now it's only a test that you have to enable to us.
-
Monday 6th February 2017 10:12 GMT Christian Berger
It's a general trend in the browser community
Instead of doing things that would improve security (limiting Javascript from external servers, turning off APIs, simple client certificates) they do everything to solidify their oligopoly.
Every new API makes it harder for a new competitors to enter the browser engine "market", which gives the browser vendors more power. Just imagine there would be a truely free browser that does everything you want, like blocking external Javascript or selectively blocking Flash, instead of constantly making the UI less usefull. Mozilla would be broke in months.
-
Monday 6th February 2017 11:00 GMT Trilkhai
Re: It's a general trend in the browser community
Well, at the moment, Pale Moon with its AdBlock Latitude (for selective crap–blocking) fulfills those needs quite nicely for me. I agree, though: if PM existed to make money rather than as a community project, it'd be kaput in pretty short order.
-
-
Monday 6th February 2017 10:13 GMT Mystic Megabyte
Shopping
Yesterday I was buying something online using Chromium Version 55.0.2883.87 Built on Ubuntu , running on Ubuntu 16.04 (64-bit).
IIRC I had clicked on the PayPal button when a Google box appeared saying something like "As this is a Google approved store would you like to pay Google instead?" It also mentioned £1000 cover for losses. I should have taken a screen shot but I was so annoyed that I hastily closed the box.
I have never seen this before, has anybody else?
-
Monday 6th February 2017 11:33 GMT Anonymous Coward
Re: Shopping
Yes, and in order to get that £1000 cover you have to sell your soul to the devil.
"Your Privacy
Google will not share personally identifiable information about You or Your order with any third parties except as set forth in the privacy policy applicable to the Program. By agreeing to participate in the Program, You agree that Google may contact You, Your Merchant, Your product manufacturer, and/or any other relevant party regarding any claims You file; and Google may contact You requesting feedback about Your experience with the item(s) and/or the Merchant. Google will use any personally identifiable information about You which You provide to Google in accordance with the privacy policy applicable to the Program."
And of course, we know that Googles standard policy includes, we will use every last shred of information we can gather about you.
-
Monday 6th February 2017 11:53 GMT Ogi
Re: Shopping
> I have never seen this before, has anybody else?
Yeah I have seen it a few times. Usually when the store you are buying from has been approved by Google (i.e. they signed up to Google store and added Googles JavaScript to their site), Google will spam you incessantly every time you try to buy something using anything other than Google payments.
I get it when I pay by PayPal, or when I pay direct using my credit card. Basically, if you do anything apart from the Google way, you will get the messages.
Irritating, yes, also annoying as I block as much google JS as I can (I usually have to switch to Chrome to actually do the online purchase because if you block Google JS, it breaks the site even if you are not paying by Google) but fewer and fewer options are out there. More and more stores sign up for it.
My biggest worry is one day stores will just cease providing direct purchase options via CC, and you will have no choice but to go through Google or PayPal.
-
Monday 6th February 2017 14:23 GMT Doctor Syntax
Re: Shopping
"My biggest worry is one day stores will just cease providing direct purchase options via CC, and you will have no choice but to go through Google or PayPal."
OTOH, if you pay through PayPal you have to trust just one business. With CC you have to trust every single place you shop to keep your CC details safe; good luck with that.
-
Tuesday 7th February 2017 16:50 GMT Ogi
Re: Shopping
> OTOH, if you pay through PayPal you have to trust just one business. With CC you have to trust every single place you shop to keep your CC details safe; good luck with that.
To be honest, the one and only reason I use CC is because my bank provides me protection against such fraud anyway. That is the main benefit to CC (in my case, the only benefit).
Hence I am not so worried about my CC details being leaked, but that it just me. Having Google profile, datamine and force me into their system worries me far more than anything else. So I am happy to risk leakage of my CC data for that.
-
-
-
-
Monday 6th February 2017 10:25 GMT Anonymous Coward
So now they're phishing find my wireless headphones as well as my credit card details...
I know which one I'm more worried about.
No, Chrome, I do not want to store my credit card details, with you, or within any other piece of software. I'll re-install you when you give me a clear, easy to find option to turn off that nagging for good.
-
Monday 6th February 2017 10:43 GMT Doctor Syntax
A year or so ago there was a lot of talk about Thunderbird finding a new home and the Document Foundation was mentioned. My own view was that they would do well to take over not only Thunderbird but also Seamonkey. I liked the idea of a browser free from the influences of both Google and Mozilla. Sadly I haven't heard about the Thunderbird proposals for months.
-
Monday 6th February 2017 11:29 GMT Anonymous Coward
Bluetooth controlled what?!
Wow, this has really got me feeling like I've time-slipped from the 1990's - Bluetooth controlled Xmas tree lights, eh? (stunned look of amazement). I still haven't gotten over the shock of realisation that there are people actually using Bluetooth (which ISTR was roundly derided many years ago as being rather cack - or did I dream that?), and have never felt any need for Bluetooth enabled anything. Indeed, it annoys me that there are bits in Linux to do with Bluetooth that apparently can't be removed from some dsitros without knackering them, unless you're prepared to do far more faffing around than I am. I digress, apologies...
Seriously, Xmas tree lights do not require bluetooth. Neither do your regular lights, both are fine with perfectly good manual switches. I can just about see the case for some form of wireless headsets, and if Bluetooth can do that, well and good, but I'll stick with wires, thanks very.
As for websites being enabled to sniff for other devices in ones home, I refer my fellow esteemed commentards to my rant about HTML5 being able to force users browsers into fullscreen mode - in short, it's a shitheaded decision to allow this that only a cretin or thief would consider a good idea. IMHO, of course.
It'll all end badly, at this rate.
-
Monday 6th February 2017 12:00 GMT Anonymous Coward
And this is news how?
OK, granted, they have found yet another hole to gather information with, totally by accident and just the work of a rogue engineer who also just happened to set up a data collection back end for it .. sorry, I was channeling the Streetview team for a moment there.
What I want to know is why this comes as a surprise.
Google's money comes from the
theftacquisition of personal data and its resale and, in the best tradition of most US companies, it's hot on profit and not so hot on laws so why, oh why, does it come as a surprise that something supplied by them for "free" doesn't make you pay in a different way? Surely you're not expecting benevolence from Google?If you haven't figured out by now that you always pay for "free" with Google you really are beyond hope.
-
Monday 6th February 2017 15:10 GMT Anonymous Coward
Re: And this is news how?
"...acquisition of personal data and its resale... "
Where can you buy the data that Google collects? Why would they sell it? Google profile you into certain demographics, categories and locations which advertisers can then bid to target ads at if you fall into that category.
Their targeting never seems great and I'm yet to see an advert that I think is particularly relevant, however Ad Block/Ghostery* helps.
*How do you know you can trust them? They see every page you visit and can access all that information even on 'https' sites. Web Of Trust (WOT) did something of a reputation service and were then found to be selling all the private search data to third parties.
-
-
Monday 6th February 2017 12:50 GMT pop_corn
> "Merely scanning for nearby devices is a marketer's dream"
I have never understood why people think marketers having more information is an issue? As a middle aged, balding, pot bellied man, I don't want to see adverts for Barbie dolls or frilly dresses, I want to see adverts for powertools, beer and gadgets.
Marketers being able to target ads is good for everyone concerned: I see ads for things I'm interested in buying and that are relevant to me; and they spend less money on advertising, so the cost of their product is cheaper, which helps to keep the cost to me the consumer down.
Further more, if all ads could be better targeted, that would likely lead to less adverts overall, as many marketing schemes currently just go for the blanket approach, hoping to hit their intended audience. E.g. if pizza companies know I don't eat pizza, that would save 30+ leaflets a year being shoved through my door unnecessarily.
Let's use a more practical example, if I want to buy a new case for my phone, wouldn't it be useful for the website to be able to check what phone I've got and warn me if I've accidentally picked the wrong model case, without me having to manually remember my model number, and then compare it to the probably very long list of supported models?
Now of course that's a task you and I may find easy, but my pensioner parents certainly don't!
So I see no problem with this at all, though yes of course as long as we can turn it off... at those times when we *do* want to buy that special frilly dress! :)
-
Monday 6th February 2017 13:12 GMT Martin an gof
Marketers being able to target ads is good for everyone concerned: I see ads for things I'm interested in buying...
Are you actually admitting that your buying decisions are influenced by adverts? That you are still interested in an advert for a power drill, even though you already own three?(*) You are one of the very few people that would admit to that. Even when people do watch adverts, I know very few people who would choose a particular product (especially if it's different from their "normal" one) simply because they've seen an advert for it. Most people I know couldn't tell you what adverts for which products they saw even just five minutes ago.
Unless and until I know that I need product type x I do not want to see any adverts for product type x, from any manufacturer of said product. If there are such adverts on a website I usually don't notice them - I've developed a kind of blind spot - even if they are potentially relevant. For TV, I'll do five minutes of washing-up or feeding the washing machine or putting the kettle on and making a pot of tea rather than watching adverts.
When I need product x I will go and do my research and at that point, if a site like Amazon says "people who considered buying x also considered y from a different manufacturer" I'll accept that kind of advert. But not before that point.
Heck, we're so tired of being bombarded by adverts in general that we rarely watch anything "live" these days, except on a BBC channel.
Save my bandwidth. Save my sanity. Turn off the adverts. When I want something, I will go looking for it.
</rant>
M.
(*)Most half-serious DIY-ers that I know own two or three drills; a battery one for 90% of the jobs, a mains one when the battery one won't cope and probably an SDS for the really tough stuff, or a pillar drill if they're that kind of person. I don't want to see adverts for drills until one of the above needs replacing and probably not even then; I'll look through the Screwfix catalogue, check out some details online and pop down to the local counter.
-
Monday 6th February 2017 22:02 GMT pop_corn
I appreciate what you're saying Martin. Yes we'd all like less / no adverts, but the reality is that's not going to happen, so the least I can hope for is that they are made more relevant to my needs and wants.
And yes, though most people don't like to admit it, we are influenced by ads, that's an undeniable fact.
I used the example of drills just cos it was an easy stereotype. Here's a better example perhaps: last week I bought a card game (Hero Realms if you're interested, it's excellent), so if this week I were to see adverts for card sleeves perhaps, that would be a relevant crossover product. Or ads for the expansion card packs, they would be a relevant up sell advert.
That's got to be better then getting bombarded with random ads, surely?
-
Monday 6th February 2017 14:30 GMT Doctor Syntax
"As a middle aged, balding, pot bellied man, I don't want to see adverts for Barbie dolls or frilly dresses, I want to see adverts for powertools, beer and gadgets."
Frankly, unless I'm specifically looking for something I don't want to see adverts for any of them. If I need something I'll conduct a search. When I've done that I'll try to avoid any vendor who's managed to piss me off by slinging ads at me in the past.
-
-
Monday 6th February 2017 13:19 GMT Patrician
All Bluetooth devices in my house are off unless, for some reason, I'm using it. But as I have enabled and used Bluetooth less times in the last five years than I have fingers on one hand and then only for a few minutes each time, I don't see it's an issue really.
Just don't leave Bluetooth enabled on devices unless you need to use Bluetooth surely? Chrome can't detect devices where they're disabled so a scan of my house would reveal no Bluetooth devices at all.
-
Monday 6th February 2017 15:02 GMT Jason Bloomberg
The sky is falling
you can also find out what phone/s are in the house, whether they're using Philips or Osram smart lights, their TV and so on
For all the good that will do them. At best they'll be able to target ads a bit better, set some flags for me in their database, but I am struggling to see how it would actually and profoundly impact my privacy.
Even if they discovered a cache of Bluetooth-enabled sex toys I can't see how they'd use that against me or that they would.
I know, I know; if some fascist regime comes to power and seeks to round up everyone with a Nexus phone or who uses Colgate toothpaste I'll have to eat my words. In the meantime I'm pretty satisfied that all they'd be collecting is data which is of no real use to man nor beast, and that some people have a concept of 'privacy' and 'personal data' that goes well beyond the sensible.
-
Monday 6th February 2017 16:02 GMT Anonymous Coward
Re: The sky is falling
Well, I would guess that if they knew you used the "Low-Cost Insecure" Lightbulb and they know you are on IP 100.200.100.200 then they can set a worm to inject a malicious script into a poosly secured interface or wait until the default 1:00am software update it performs to inject a new firmware etc.
Custom attacks based upon your hardware.
-
-
Monday 6th February 2017 21:08 GMT matt
"you have to explicitly grant the remote web app access to your Bluetooth gadgets before anything happens".... This is like complaining "Firefox (and every single other browser) sucks because they can spy on you with the webcam and getUserMedia api"... if you click the link allowing it. The big difference between this and the battery API issue was the fact that the battery API did not prompt for access.
-
This post has been deleted by its author
-
Tuesday 7th February 2017 15:20 GMT suth_a
Fearmongering
A classic example of a journalist writing about something they don't understand. First read Google's post on the subject where they explain that for public websites this will only be possible on sites with HTTPS:
"We care deeply about security, so you will notice that new Web capabilities require HTTPS. The Web Bluetooth API is no different"
https://developers.google.com/web/updates/2015/07/interact-with-ble-devices-on-the-web
On top of this a user gesture is required, i.e. the user has to give permission.
With regards to Mozilla's view on the API, they haven't given one, the warning you reference is their default warning for every browser feature that they don't support, see zoom for example:
https://developer.mozilla.org/en-US/docs/Web/CSS/zoom