A Chrome OS bug might reveal user location history

https://techxplore.com ^ | APRIL 1, 2021 | by Sarah Katz , Tech Xplore

[Red Badger]

The Committee on Liberatory Information Technology has announced a long-standing Chromebook bug that could reveal user location history. Evidently already on the radar of Google, the platform has a feature allowing anyone with physical access to your device to connect as a guest and view your Wi-Fi logs.

Of course, once said intruder has accessed these logs, they would then need the technical knowhow to make sense of them. However, if they are skilled enough, they may be able to track your place history by viewing your Wi-Fi network access over the past seven days.

It turns out the bug exists largely due to Chrome OS's constant sharing of information with the Internet in order to enhance ease-of-use for the user. So far, a Google representative has stated that they are investigating this issue.

For the time being, users can avoid such tracking by disabling guest browsing mode on their devices. Furthermore, a device owner should only allow guest users run of their device by first having the guest sign into his or her own account from the lock screen. Once finished, the guest should immediately log out, and the device owner should use the user drop down menu to remove the guest from the device.

In order to avoid this bug, users can navigate to the 'Everything' button on their keyboard and input 'Settings'. Next, in the left sidebar, they should visit the 'People' section and then select 'Manage other people'. From there, the user should turn off 'Enable Guest browsing'. However, if your device version shows the 'Accounts' section on the 'Settings' left sidebar instead of 'People', users must click on 'People' in order to access the 'Manage other people' option.

Moreover, users can take the further action of 'Restrict sign-in to the following users', which can be found in the same section. That way, by selecting the option 'Add user', a single device owner with multiple Google accounts can add their email addresses so that Chromebook recognizes and allows access from only those accounts. Once the user makes this change, even someone with physical access to the device will not be able to get anywhere without knowing the credentials of the whitelisted email account.

In terms of reactions to this bug, various outlets such as The Verge have stated that they would prefer Google spend time and effort securing its products rather than inviting potential vulnerabilities simply to provide users higher tech gadgets.

Explore further

Assessing how much data iOS and Android share with Apple and Google

[Red Badger]

It's not a "BUG", it's a FEATURE!......................

[Red Badger]

Ping!..................

[ShadowAce]

[z3n]

"It turns out the bug exists largely due to Chrome OS's constant sharing of information with the Internet in order to enhance ease-of-use for the user"

~~~

BS! Let me fix that.

It turns out the bug exists largely due to Chrome OS's constant sharing of information with the Internet in order to enhance Google's tracking and monetizing of private user information

[Red Badger]

‘Bugs’ don’t just spontaneously appear in software; if it’s there it’s because somebody put it there.............

[ShadowAce]

<>Evidently already on the radar of Google, the platform has a feature allowing anyone with physical access to your device to connect as a guest and view your Wi-Fi logs.

If anyone has physical access to your device, you've got other problems than just wifi history.

[z3n]

‘Bugs’ don’t just spontaneously appear in software; if it’s there it’s because somebody put it there.............

~~~


Exactly. You don't need to keep Wifi "logs", with one exception; if a user tells their OS to remember a WiFi connection and reconnect automatically. But those should not be time and place logs, and the information should be encrypted, or at the very least the passwords should.

[dayglored]

ChromeOS has bugs? Who knew? ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Red Badger for the ping!

[Still Thinking]

You stole my response!

[dayglored]

> If anyone has physical access to your device, you've got other problems than just wifi history.

Seriously. :-)

I have a little Chromebook I got for listening patiently to a 30-minute spiel from Google about using Google Cloud Services a few years ago. It hasn't left my office all that time, except to come home with me at the start of the Great WuFlu Episode. So my WiFi history has exactly two locations in it.

Pretty boring.

[ScubaDiver]

That other link at the bottom of the story is also very interesting...

Assessing how much data iOS and Android share with Apple and Google

While it's not surprising Android/Google...

...collects a much larger amount of data from nearby devices than Apple. As a comparison, Google receives about 1MB of data versus 42KB for Apple. While idle, the Android Pixel sends around 1MB every 12 hours, while iOS shares 52KB of data. Furthermore, Google even collects about 20 times more handset data than Apple, and the majority of users in the US have Android devices

Apple is also, just to a slightly lesser degree...

There are even additional features such as iCloud, Safari and Siri that send user data to Apple regardless of whether the user permits this activity or even knows their data is being shared.

Apple, a company that touts its superior privacy protections, needs to explain this.

[moovova]

“COOL! WE HAVE MOOVOVA’S LOCATION HISTORY!”

“Oh, never mind. Apparently, he spends most of his day on the den sofa watching Prime. The only time he’s not there is when he gets up to get a beer, go to the bathroom, get another beer, or go to bed.”

“Now find someone who has a life...”

[Uncle Miltie]

It’s not a bug, Jim.

[Red Badger]

Lazamataz.......................

[minnesota_bound]

Google does... for a price to anyone.