Google puts the last coat of polish on Chrome 61 Google has wrapped up coding the desktop version of Chrome 61, and will be rolling it out for Windows, Mac and Linux “over the coming days/weeks”. Chrome 61 extends the visibility of USB-connected devices to Web apps. First proposed last year, WebUSB was pitched as an easier way to set up USB devices, since (for example) a …
It may sound scary, but is it more scary than having to download an exe to update your drivers or an app that will update them automatically over insecure http?
You would need to give permission to use webUSB, I presume, which would probably be granted once, or every time for that particular site.
The issue I could see is whether it would require a user with admin privileges, as I wouldn't want my kids to be able to update the firmware just by popping along to a web page. If you can't lock down who can make use of the feature then it could well have issues.
> It may sound scary, but is it more scary than having to download an exe to update your drivers or an app that will update them automatically over insecure http?
YES. At least when I download an exe, I can verify the website belongs to the manufactuer. With this feature I could visit a random website and find that I've been owned. The only uncertainty in my mind is will I need to wait for DEF CON 26 for the first public exploits. Don't forget that Web Bluetooth is also included in this.
Currently I use several browsers and tend to reserve one for important stuff (online banking, email, etc.). With this development, I'm seriously considering devoting a VM to general browsing. Updates are a hassle, but one that is becoming more bearable.
Quite: "Honest question here. Why would I need to download a driver for a USB device?".
Basically USB provides connectivity to the device, but doesn't necessarily provide the driver to actually use it.
Many USB devices, such as keyboards, mice, data drives etc. Follow a USB standard, defined for that device type (the 'class'). For example keyboards and mice should be using the USB HID class (Human Interface Device).
The idea being you plug any keyboard or mouse in (and other devices) and USB, and so the OS, knowns how to work with it automatically. A driver is still used, it's just that it's included as standard with the OS, and so is basically transparent to the user. (It's also why you can plug USB keyboards into devices like an XBox One, smart TVs, Sky box etc. and they actually work).
But for rare devices, not covered by a specific class (recent examples being VR headsets for example), as mentioned in the article, they may not be covered by one of the standard USB device classes, and so need a specific driver to be installed to be used (the computer knows a USB device has been plugged in, but not how to use, or at least not properly, it till the driver is installed).
In the early days of USB, many USB device needed it's own driver, these days it should be fairly uncommon to need to install a separate driver..
See here for a list of the standard USB classes:( I know, wiki!)
Google's UK Privacy Check-up design is a convoluted process to be as dedious as possible. In the UK we are now prompted to confirm Google's Privacy Checkup Tool, before using Google Services.
It's a deliberately tedious 35 step process to review just 5 settings...(so you can't be bothered to protect your Privacy). And of course, this all has to be done again, if you clear your cookies or use a Private Window in Firefox. Google have gone to a lot of lengths to make sure you don't opt out of their data collection. This is the process for Firefox...
1. Click Review Now
2. Clcik Blue Arrow
3. Click Blue Arrow (again). Other Options or "I Agree" becomes visible.
4. Click Other Options
5. Search Customisation, click edit settings.
6. Signed Out search activity is on, toggle blue switch by clicking on it.
This blue toggle connects to Google and takes a dedious 2-3 secs to toggle each way. In effect, a timed switch.
7. Click Back Button
8. Click the on the right Scroll Bar, to bring Ad-Settings into visibility (if not already)
9. Click Edit Settings
10. Ads Personalisation on Google Search, toggle blue switch by clicking it.
A Pop-up appears asking you to confirm this
11. Confirm, by clicking on Turn-off.
A Second Pop-up appears with the weasel words "This may take some time, across their systems"
12. Confirm a second time, by clicking 'Got it'.
13.Ads Personalisation Across the Web, toggle blue switch by clicking it.
A Pop-up appear asking you to confirm this
14. Confirm, by clicking Turn-off
A Second Pop-up appears "Ads personalisation Across the Web is now off"
15. Confirm a second time, by clicking 'Got it'
16. Click the White X in the top right corner (this is not obvious)
At this you return to the other options dialog and deceptively, it's not obvious there are still other options to set.
17 .Click on the down arrow on the scroll bar
18. Cick on the down arrow on the scroll bar (second)
19. Clcik on the down arrow on the scroll bar (third)
Youtube Customisation settings should be now visible
20. Click Edit Settings
21. Videos that you watch on YouTube, toggle blue switch by clicking it.
22. A Pop-up appears All videos watched while signed out will be deleted from your watch activity, click OK to confirm (about 1 sec delay)
23. Videos that you search for on YouTube. toggle blue switch by clicking it.
24. A Pop-up appears All searches made while signed out will be deleted from your search activity, click OK to confirm (about 1 sec delay)
25. Click the back button
26. Click the scrol bar down arrow
27. Click the scroll bar down arrow
28. Click the scrollbar down arrow
29. Select Browser based controls, by clicking Edit Settings. There are no options to set there other than downloading Google's Analytics opt-out tool.
30. Click the back button
31 Click the scroll bar down arrow
32. Click the scroll bar down arrow
33. Click the scroll bar down arrow
End of Page
34. Click the back button
35. Click 'Agree'.
FFS. Done!
"35. Click 'Agree'. FFS. Done!"
but you aren't they will ask you the same questions in a few weeks hoping you cant be arsed going through it all again, and then a few weeks later again.... and again.... and again......
Google sets out on a war of attrition with users in a bid to wear you down.
There are basically only two activities that you would care so much as to not want authorities to know. Which one are you?
Classy. Troll and ad hominem in one.
Daily Mail comments are over there --->
"but you aren't they will ask you the same questions in a few weeks hoping you cant be arsed going through it all again, and then a few weeks later again.... and again.... and again......"
This struck me as odd because I don't log in very often (and cookies are killed by default after a session) - so I'm surprised I've never seen this prompt to do the so-called "Privacy Check-up".
Out of curiosity, I've just logged in - and still no prompt, so I went in search of it ("My Account" - > second box in the middle column). Since I was in, I went through it. Most of my controls were set to "Mind your own fucking business you evil data slurping bastards!" - but a couple weren't.
VinceH.
It happens when aren't logged in, say when cookies have been cleared/new browser install. You have to agree to these terms via the Privacy Check-up tool, to use Google's Services in the UK, even when you're logged out now, and it's pretty nagging.
"There are basically only two activities that you would care so much as to not want authorities to know."
What a fuckwit. Anon too, obviously upset at questioning Google's methods.
Shoot the messenger why don't you, looks like they are spending their time showing the underhand, deceitful methods used by Google+others, to get round EU Privacy laws.
"It happens when aren't logged in, say when cookies have been cleared/new browser install. You have to agree to these terms via the Privacy Check-up tool, to use Google's Services in the UK, even when you're logged out now, and it's pretty nagging."
Okay, just took a look and I see what you mean. I hadn't noticed that at the bottom of the screen before. This is probably a reflection of how often I visit any of Google's domains - i.e. not that often.
However, I notice there is a "Fuck off and let me get on with stuff" link (aka "Remind me later"). If, like me, you have your cookies wiped anyway, and don't keep browsing sessions up for very long, it can probably be (reasonably) safely clicked (or the entire prompt ignored).
A different matter if you are logging in, though.
This happens to me whenever I clean cookies using Ccleaner or similar products.
Now, one would expect his security preferences to be stored with his Google account, not in his cookies!
I think Google is being 'cunning' here, giving us a total of three options:
1- Leave Google's security settings as they're by default.
2- Never delete our cookies (which in turn probably will facilitate Google's data slurping regardless of the security settings)
3- Spend some serious amount of time setting up the security options every time the cookies are deleted.
There's also a fourth option, but this one is not offered by Google.
Seriously, when a company starts playing this kind of games with its customers, it's time to ditch said company ASAP.
The Web Share stuff seems like a good idea, but I can't help wondering if the likes of Facebook and Twitter will really be happy with *not* having their code embedded on loads of websites and therefore no longer being able to glean meta-data about where their users browse?
Wasn't some company recently accused of tracking users on third-party sites even after they'd logged out?
Also re the WebUSB stuff... it'll be fine! Seriously you guys are worrying about nothing. It won't do anything without confirmation, and it means you can update some kit without needing to install Windows *just* to do that. It may be exploited, but outside of a bug in the implementation, I can't see it being more exploitable than downloading *.exe files.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
