back to article Google puts the last coat of polish on Chrome 61

Google has wrapped up coding the desktop version of Chrome 61, and will be rolling it out for Windows, Mac and Linux “over the coming days/weeks”. Chrome 61 extends the visibility of USB-connected devices to Web apps. First proposed last year, WebUSB was pitched as an easier way to set up USB devices, since (for example) a …

  1. Mephistro
    Facepalm

    "WebUSB was pitched as an easier way to set up USB devices"

    What could possibly go wrong?

    No, this concept will cause a a pwnfest, but that's not a bug, it's a feature.

    1. Mephistro

      Addendum:

      I just saw the article titled "Microsoft won't patch Edge browser content security bypass". The subheading also included the "Not a bug..." meme.

      There seems to be a tendency here: to boot, companies wiping their posteriors with users privacy and security.

    2. Voland's right hand Silver badge

      The worst of UPnP

      The worst of UPnP and Javascript combined. Excuse me while I retch (I hope there is setting to disable this).

    3. Anonymous Coward
      Anonymous Coward

      It may sound scary, but is it more scary than having to download an exe to update your drivers or an app that will update them automatically over insecure http?

      You would need to give permission to use webUSB, I presume, which would probably be granted once, or every time for that particular site.

      The issue I could see is whether it would require a user with admin privileges, as I wouldn't want my kids to be able to update the firmware just by popping along to a web page. If you can't lock down who can make use of the feature then it could well have issues.

      1. mathew42
        Flame

        > It may sound scary, but is it more scary than having to download an exe to update your drivers or an app that will update them automatically over insecure http?

        YES. At least when I download an exe, I can verify the website belongs to the manufactuer. With this feature I could visit a random website and find that I've been owned. The only uncertainty in my mind is will I need to wait for DEF CON 26 for the first public exploits. Don't forget that Web Bluetooth is also included in this.

        Currently I use several browsers and tend to reserve one for important stuff (online banking, email, etc.). With this development, I'm seriously considering devoting a VM to general browsing. Updates are a hassle, but one that is becoming more bearable.

      2. Chemical Bob

        "It may sound scary, but is it more scary than having to download an exe to update your drivers or an app that will update them automatically over insecure http?"

        Honest question here. Why would I need to download a driver for a USB device?

        1. Boothy

          Quite: "Honest question here. Why would I need to download a driver for a USB device?".

          Basically USB provides connectivity to the device, but doesn't necessarily provide the driver to actually use it.

          Many USB devices, such as keyboards, mice, data drives etc. Follow a USB standard, defined for that device type (the 'class'). For example keyboards and mice should be using the USB HID class (Human Interface Device).

          The idea being you plug any keyboard or mouse in (and other devices) and USB, and so the OS, knowns how to work with it automatically. A driver is still used, it's just that it's included as standard with the OS, and so is basically transparent to the user. (It's also why you can plug USB keyboards into devices like an XBox One, smart TVs, Sky box etc. and they actually work).

          But for rare devices, not covered by a specific class (recent examples being VR headsets for example), as mentioned in the article, they may not be covered by one of the standard USB device classes, and so need a specific driver to be installed to be used (the computer knows a USB device has been plugged in, but not how to use, or at least not properly, it till the driver is installed).

          In the early days of USB, many USB device needed it's own driver, these days it should be fairly uncommon to need to install a separate driver..

          See here for a list of the standard USB classes:( I know, wiki!)

          https://en.wikipedia.org/wiki/USB#Device_classes

          1. Chemical Bob
            Pint

            Thanks Boothy. Have one of these ----->

    4. Simon 15

      Always ask the question "What's the worst that can happen?".... Most of the time it's exactly what will happen.

  2. Anonymous Coward
    Anonymous Coward

    Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

    Google's UK Privacy Check-up design is a convoluted process to be as dedious as possible. In the UK we are now prompted to confirm Google's Privacy Checkup Tool, before using Google Services.

    It's a deliberately tedious 35 step process to review just 5 settings...(so you can't be bothered to protect your Privacy). And of course, this all has to be done again, if you clear your cookies or use a Private Window in Firefox. Google have gone to a lot of lengths to make sure you don't opt out of their data collection. This is the process for Firefox...

    1. Click Review Now

    2. Clcik Blue Arrow

    3. Click Blue Arrow (again). Other Options or "I Agree" becomes visible.

    4. Click Other Options

    5. Search Customisation, click edit settings.

    6. Signed Out search activity is on, toggle blue switch by clicking on it.

    This blue toggle connects to Google and takes a dedious 2-3 secs to toggle each way. In effect, a timed switch.

    7. Click Back Button

    8. Click the on the right Scroll Bar, to bring Ad-Settings into visibility (if not already)

    9. Click Edit Settings

    10. Ads Personalisation on Google Search, toggle blue switch by clicking it.

    A Pop-up appears asking you to confirm this

    11. Confirm, by clicking on Turn-off.

    A Second Pop-up appears with the weasel words "This may take some time, across their systems"

    12. Confirm a second time, by clicking 'Got it'.

    13.Ads Personalisation Across the Web, toggle blue switch by clicking it.

    A Pop-up appear asking you to confirm this

    14. Confirm, by clicking Turn-off

    A Second Pop-up appears "Ads personalisation Across the Web is now off"

    15. Confirm a second time, by clicking 'Got it'

    16. Click the White X in the top right corner (this is not obvious)

    At this you return to the other options dialog and deceptively, it's not obvious there are still other options to set.

    17 .Click on the down arrow on the scroll bar

    18. Cick on the down arrow on the scroll bar (second)

    19. Clcik on the down arrow on the scroll bar (third)

    Youtube Customisation settings should be now visible

    20. Click Edit Settings

    21. Videos that you watch on YouTube, toggle blue switch by clicking it.

    22. A Pop-up appears All videos watched while signed out will be deleted from your watch activity, click OK to confirm (about 1 sec delay)

    23. Videos that you search for on YouTube. toggle blue switch by clicking it.

    24. A Pop-up appears All searches made while signed out will be deleted from your search activity, click OK to confirm (about 1 sec delay)

    25. Click the back button

    26. Click the scrol bar down arrow

    27. Click the scroll bar down arrow

    28. Click the scrollbar down arrow

    29. Select Browser based controls, by clicking Edit Settings. There are no options to set there other than downloading Google's Analytics opt-out tool.

    30. Click the back button

    31 Click the scroll bar down arrow

    32. Click the scroll bar down arrow

    33. Click the scroll bar down arrow

    End of Page

    34. Click the back button

    35. Click 'Agree'.

    FFS. Done!

    1. wallaby

      Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

      "35. Click 'Agree'. FFS. Done!"

      but you aren't they will ask you the same questions in a few weeks hoping you cant be arsed going through it all again, and then a few weeks later again.... and again.... and again......

      Google sets out on a war of attrition with users in a bid to wear you down.

      1. Anonymous Coward
        Anonymous Coward

        Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

        What exactly are you doing on the internet that makes you care so much? There are basically only two activities that you would care so much as to not want authorities to know. Which one are you?

        1. Voland's right hand Silver badge

          Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

          There are basically only two activities that you would care so much as to not want authorities to know.

          Since when a slimy marketeer scumbag is an authority?

        2. Dan 55 Silver badge
          Trollface

          Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

          There are basically only two activities that you would care so much as to not want authorities to know. Which one are you?

          Classy. Troll and ad hominem in one.

          Daily Mail comments are over there --->

        3. Anonymous Coward
          Anonymous Coward

          Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

          "There are basically only two activities that you would care so much as to not want authorities to know. Which one are you?"

          The one with acupuncture needles and foaming engine degreaser.

      2. VinceH

        Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

        "but you aren't they will ask you the same questions in a few weeks hoping you cant be arsed going through it all again, and then a few weeks later again.... and again.... and again......"

        This struck me as odd because I don't log in very often (and cookies are killed by default after a session) - so I'm surprised I've never seen this prompt to do the so-called "Privacy Check-up".

        Out of curiosity, I've just logged in - and still no prompt, so I went in search of it ("My Account" - > second box in the middle column). Since I was in, I went through it. Most of my controls were set to "Mind your own fucking business you evil data slurping bastards!" - but a couple weren't.

        1. Anonymous Coward
          Anonymous Coward

          Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

          VinceH.

          It happens when aren't logged in, say when cookies have been cleared/new browser install. You have to agree to these terms via the Privacy Check-up tool, to use Google's Services in the UK, even when you're logged out now, and it's pretty nagging.

          "There are basically only two activities that you would care so much as to not want authorities to know."

          What a fuckwit. Anon too, obviously upset at questioning Google's methods.

          Shoot the messenger why don't you, looks like they are spending their time showing the underhand, deceitful methods used by Google+others, to get round EU Privacy laws.

          1. VinceH

            Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

            "It happens when aren't logged in, say when cookies have been cleared/new browser install. You have to agree to these terms via the Privacy Check-up tool, to use Google's Services in the UK, even when you're logged out now, and it's pretty nagging."

            Okay, just took a look and I see what you mean. I hadn't noticed that at the bottom of the screen before. This is probably a reflection of how often I visit any of Google's domains - i.e. not that often.

            However, I notice there is a "Fuck off and let me get on with stuff" link (aka "Remind me later"). If, like me, you have your cookies wiped anyway, and don't keep browsing sessions up for very long, it can probably be (reasonably) safely clicked (or the entire prompt ignored).

            A different matter if you are logging in, though.

    2. Mephistro
      Flame

      Re: Google's UK Privacy Check up. A 35 step process to hell, to set, what are just 5 toggles.

      This happens to me whenever I clean cookies using Ccleaner or similar products.

      Now, one would expect his security preferences to be stored with his Google account, not in his cookies!

      I think Google is being 'cunning' here, giving us a total of three options:

      1- Leave Google's security settings as they're by default.

      2- Never delete our cookies (which in turn probably will facilitate Google's data slurping regardless of the security settings)

      3- Spend some serious amount of time setting up the security options every time the cookies are deleted.

      There's also a fourth option, but this one is not offered by Google.

      Seriously, when a company starts playing this kind of games with its customers, it's time to ditch said company ASAP.

  3. Anonymous Coward
    Anonymous Coward

    Does it play nicely with LastPass ????

    Which is currently borked under Linux Chrome

  4. Tom 38
    Facepalm

    adds native support for JavaScript Modules via the script type=module element

    Crap, does this mean now that I finally have yarn, npm, webpack and all these other shite making a single bundle for my website, I've now got to unpack them all again and serve as single modules?

    1. Charlie Clark Silver badge

      Yes. http/2 makes most of them irrelevant anyway.

  5. Peter X
    Happy

    Web Share API

    The Web Share stuff seems like a good idea, but I can't help wondering if the likes of Facebook and Twitter will really be happy with *not* having their code embedded on loads of websites and therefore no longer being able to glean meta-data about where their users browse?

    Wasn't some company recently accused of tracking users on third-party sites even after they'd logged out?

    Also re the WebUSB stuff... it'll be fine! Seriously you guys are worrying about nothing. It won't do anything without confirmation, and it means you can update some kit without needing to install Windows *just* to do that. It may be exploited, but outside of a bug in the implementation, I can't see it being more exploitable than downloading *.exe files.

    1. David 164

      Re: Web Share API

      I was think with the WebUSB stuff wouldn't they implement similar validation that Microsoft or presumably Google chrome and Linux own online update mechanisms uses. Which are all themselves reasonably secure and safe to use.

  6. Anonymous Coward
    Anonymous Coward

    Polish?

    Now, we have this wonderful Brexit, we rather need a layer of British, don't we?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like