Curb abuse of vibrate API |
|||||||
Issue descriptionThe vibrate API is abused by sites and ads for social engineering. This bug is to track and combine mitigation strategies, abuse reports, and major updates. We are currently working on two abuse mitigation strategies: (1) crbug/625044 Block navigator.vibrate in cross origin iframes (specificaly to combat social engineering and malicious ads) (2) gating Vibrate API on positive Site Engagement (crbug/464234) - still scoping implementation, will attach bug when work is started
,
Aug 17 2016
,
Aug 17 2016
,
Aug 18 2016
Emily, would you mind documenting (2) at the WICG interventions github whenever you have something worth sharing more broadly? We have (1) at https://github.com/WICG/interventions/issues/25. I've added (2) to the intervention backlog (bit.ly/proposed-interventions) and assigned you as the PM to drive it* with Bin Lu marked as tentative engineer owner. We'll ping you / read the relevant bug for updates (e.g. following up with spec/interventions requirements & process, quarterly newsletter). Best, *: let me know if you would prefer that someone else takes care of it :)
,
Aug 18 2016
,
Oct 13 2016
,
Mar 23 2017
,
Apr 4 2017
,
Jul 4 2017
I have not once seen this api used in a non abusive way and as a web developer I have zero interest in using it. If the permissions cannot be altered I'd rather see the feature completely removed until that has been implemented. There isn't even an option to disable vibration globally in the settings.
,
Jul 17 2017
When we've broken vibrate in the past, we've definitely heard from people who are using it legitimately. As per https://www.chromestatus.com/features/5644273861001216 vibrate requires a user gesture from Chrome 60 onwards. We believe this will address the abuse of this API, but if you see any abusive uses of vibrate in Chrome 60 or later, we'd love to hear about them so we can see what ca be done to mitigate it further. Closing the bug assuming that the recent complains were from older Chrome's. We can reopen or open new bugs if people are still seeing problems in Chrome 60+. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by emilyschechter@chromium.org
, Aug 17 2016