The Committee on Liberatory Information Technology has announced a long-standing Chromebook bug that could reveal user location history. Evidently already on the radar of Google, the platform has a feature allowing anyone with physical access to your device to connect as a guest and view your Wi-Fi logs.
Of course, once said intruder has accessed these logs, they would then need the technical knowhow to make sense of them. However, if they are skilled enough, they may be able to track your place history by viewing your Wi-Fi network access over the past seven days.
It turns out the bug exists largely due to Chrome OS’s constant sharing of information with the Internet in order to enhance ease-of-use for the user. So far, a Google representative has stated that they are investigating this issue.
For the time being, users can avoid such tracking by disabling guest browsing mode on their devices. Furthermore, a device owner should only allow guest users run of their device by first having the guest sign into his or her own account from the lock screen. Once finished, the guest should immediately log out, and the device owner should use the user drop down menu to remove the guest from the device.
In order to avoid this bug, users can navigate to the ‘Everything’ button on their keyboard and input ‘Settings’. Next, in the left sidebar, they should visit the ‘People’ section and then select ‘Manage other people’. From there, the user should turn off ‘Enable Guest browsing’. However, if your device version shows the ‘Accounts’ section on the ‘Settings’ left sidebar instead of ‘People’, users must click on ‘People’ in order to access the ‘Manage other people’ option.
Google has known about this for years and has done nothing about it, so we had to say something.
Your safety and security don’t matter to them, you are eyeballs for the ad money machine.
For-profit tech is anti-liberatory. Pretty baubles to hide the truth: You are the product. https://t.co/UmcAct6eOV
— Committee on Liberatory Information Technology (@_C_L_I_T_) March 30, 2021
Moreover, users can take the further action of ‘Restrict sign-in to the following users’, which can be found in the same section. That way, by selecting the option ‘Add user’, a single device owner with multiple Google accounts can add their email addresses so that Chromebook recognizes and allows access from only those accounts. Once the user makes this change, even someone with physical access to the device will not be able to get anywhere without knowing the credentials of the whitelisted email account.
In terms of reactions to this bug, various outlets such as The Verge have stated that they would prefer Google spend time and effort securing its products rather than inviting potential vulnerabilities simply to provide users higher tech gadgets.