On January 5, Beijing time (later on January 4, us time), Google officially released the stable version of chrome 97 browser, which has been launched through the browser’s automatic update system. It is noteworthy that a keyboard API (keyboard map API) updated during the release of the new version of chrome 97 has caused a lot of controversy.
It is reported that previously, because the keyboard map API could not be used in iframe, some previous web experimenters could not use this function, and Microsoft’s Office Web applications and other applications could not use the API to detect the keys on the keyboard layout (the keyboard layout varies according to region or language).
The API updated in chrome 97 this time allows web applications in iframe to use this function, that is, the keyboard map API can obtain the user’s keyboard layout and further track and identify users. Therefore, it has also caused no small controversy.
In this regard, Google officials specifically explained the implementation of the new functions of the keyboard map API:
Getlayoutmap () is used in combination with code to solve the problem of using different layout diagrams (such as English and French keyboards) to identify the actual keys pressed in the keyboard. However, because getlayoutmap () is not available in all contexts (it can not be used in iframe), such as office web applications such as Excel, word, PowerPoint, etc This API cannot be used by applications that are displayed as embedded experience in teams and run in iframe. However, you only need to add the keyboard map to the allowed attribute list to solve this problem.
Despite Google’s explanation, many browsers in the industry can’t sit still and have issued statements of “boycott”.
Among them, developers of Mozilla, apple, brave and other browsers have expressed concern about this matter. A key argument of these companies against browser integration is that websites may use this function for fingerprint identification purposes.
In a reply released on GitHub, apple stated that “the keyboard map API discloses a high entropy fingerprinting surface. It is unacceptable in terms of security and privacy, so Apple’s WebKit team is not interested in implementing this function proposed / regulated at present.”
Brave software, the manufacturer of brave browser, said: brave inherits the keyboard API implemented by chrome, but does not provide users with any functions (only supported by chrome and opera, but not actually used by any sites), and also expressed concern that the API may be used for fingerprint identification.
WICG keyboard map draft mentioned that the API can be used for fingerprint identification: users who use unusual ASCII layouts (such as Dvorak or colemak) – users who use ASCII layouts do not match the default layout of their area.
Mozilla directly added the keyboard map API of chrome 97 to the list of “harmful APIs” and stressed that they would never use these APIs in Firefox web browsers.
Now, Google announced that it would use the API in chrome 97 browser, but many other chrome based browsers said they would not support the API or disable it directly. Things became “anxious”.
I still remember that last time, Google caused controversy due to the introduction of idle detection API function after chrome 94 update. This time, Google introduced the keyboard map API in chrome 97, which once again caused controversy. We will also continue to pay attention to the further development of this event. If you have relevant views on this event, you are also welcome to interact in the comment area!