Stories
Slash Boxes
Comments

SoylentNews is people

Chrome 56 Quietly Added Bluetooth Snitch API

posted by martyb on Tuesday February 07 2017, @05:04AM   Printer-friendly
from the watching-those-who-watch-us dept.

Fnord666 writes:

When Google popped out Chrome 56 at the end of January it was keen to remind us it's making the web safer by flagging non-HTTPS sites. But Google made little effort to publicise another feature that's decidedly less friendly to privacy, because it lets websites connect to Bluetooth devices and harvest information from them through the browser.

[...Pete] LePage, in the video, says: "Until now, the ability to communicate with Bluetooth devices has been possible only for native apps. With Chrome 56, your Web app can communicate with nearby Bluetooth devices in a private and secure manner, using the Web Bluetooth API. "The Web Bluetooth API uses the GATT protocol, which enables your app to connect to devices such as light bulbs, toys, heart-rate monitors, LED displays and more, with just a few lines of JavaScript."

Let's start with LePage's security-and-privacy claims: what Google means is that the server-to-browser connection is over TLS, and users have to allow connection with a touch or a mouse click. To reiterate: as a user, you have to explicitly grant the remote web app access to your Bluetooth gadgets before anything happens. Then you select a device to pair with the webpage, and away you go. The webpage can filter for devices, so for example, a health site can ask to be paired with gadgets that have a heart rate sensor. A site can't see any device until it is paired.

Source:

https://www.theregister.co.uk/2017/02/05/chrome_56_quietly_added_bluetooth_snitch_api/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Chrome 56 Quietly Added Bluetooth Snitch API | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Rich on Tuesday February 07 2017, @08:48PM

    by Rich (945) on Tuesday February 07 2017, @08:48PM (#464275) Journal

    Heh. Finally a topic where I can reasonably post this comment, of an idea that occured to me recently after being similarly being reminded how fat browsers got:

    We need Browsing as a Service. BaaS. Some lard-assed browser, like recent Firefox or Chrome will sit in the cloud, and be accessed through a thin client that only does display and input. That way, all the light and nimble devices with a meager (tell that to a mainframe op of the '80s...) 1 GB of RAM or so, have access to all the comfort that a modern "full feature" browser provides. And on top of that, the client would never have to care about updating.

    To touch the proper topic, I, purely out of sanity, wouldn't tunnel Bluetooth through said client, though...

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday February 08 2017, @01:05AM

    by Anonymous Coward on Wednesday February 08 2017, @01:05AM (#464383)

    You should look into X or Wayland...