Skip to main content

Google announces new privacy requirements for Chrome extensions

Google today announced two major changes to how it expects Chrome extension developers to protect their users’ privacy. Starting this summer, extension developers are required to only request access to the data they need to implement their features — and nothing more. In addition, the company is expanding the number of extension developers who will have to post privacy policies.

The company is also announcing changes to how third-party developers can use the Google Drive API to provide their users access to files there.

All of this is part of Google’s Project Strobe, an effort the company launched last year to reconsider how third-party developers can access data in your Google account and on your Android devices. It was Project Strobe, for example, that detected the issues with Google+’s APIs that hastened the shutdown of the company’s failed social network. It also extends some of the work on Chrome extensions the company announced last October.

“Third-party apps and websites create services that millions of people use to get things done and customize their online experience,” Google Fellow and VP of Engineering Ben Smith writes in today’s announcement. “To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road.”

With today’s announcements, Google aims to provide these rules. For extension developers, that means that if they need multiple permissions to implement a feature, they must access the least amount of data possible, for example. Previously, that’s something the company recommended. Now, it’s required.

Previously, only developers who write extensions that handle personal or sensitive data had to post privacy policies. Going forward, this requirement will also include extensions that handle any user-provided content and personal communications. “Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data,” Smith adds.

As for the Drive API, Google is essentially locking down the service a bit more and limiting third-party access to specific files. Apps that need broader access, including backup services, will have to be verified by Google. The Drive API changes won’t go into effect until next year, though.



from TechCrunch https://tcrn.ch/2wv5auI
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it . We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge. To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifica...
Post a Comment
Read more

Try NopSCADlib for your Next OpenSCAD Project

Most readers of this site are familiar by now with the OpenSCAD 3D modeling software, where you can write code to create 3D models. You may have even used OpenSCAD to output some STL files for your 3D printer. But for years now, [nophead] has been pushing OpenSCAD further than most, creating some complex utility and parts libraries to help with modeling, and a suite of Python scripts that generate printable STLs, laser-ready DXFs, bills of material, and human-readable assembly instructions complete with PNG imagery of exploded-view sub-assemblies. Recently [nophead] tidied all of this OpenSCAD infrastructure up and released it on GitHub as NopSCADlib . You can find out more by browsing through the example projects and README file in the repository, and by reading the announcement blog post on the HydraRaptor blog . Some functionality highlights include: a large parts library full of motors, buttons, smooth rod, et cetera many utility functions to help with chamfers, fillets, precis...
Post a Comment
Read more

The Newbie’s Guide To JTAG

Do you even snarf? If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills. Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator . Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned. We always apprec...
Post a Comment
Read more