Hi, I’m xNT User.
Google will bring new NFC features to the web from Chrome 81.
Does this mean use for any DTproducts will be able to login to the website?
2 Likes
Is it bad that I hate this? 
The idea is sound, in practice, but I always think worst case scenario. What happens if they just build on this to be the de facto way to use NFC websites etc, like the whole google amp stuff…
I don’t really know enough about it to ease my mind or, thankfully, worry silly.
2 Likes
Chrome is the new OS. Google is the new Microsoft. Anything that comes out of Google is suspicious at best. My guess is that Chrome will start reporting NFC UIDs, tag data and associated websites to the mothership - as if Google didn’t have their grubby paws in enough of people’s personal data already…
2 Likes
I’m not willing to fight Google. They’re going to take whatever actions they want to take. Anything they do that makes integrating NFC into sites and services easier for us is good news in my book.
We’ll have to see. Keep updating this thread if you catch anything else about this. Some of it will come down to if developers plan to distribute pre-programmed tags out into the world and have Android users interact with them, or whether the developer will provide a way to program fresh tags using the website. Either way we should be able to duplicate the data that is required to take the desired action onto our tags.
Probably not… authentication based on UID (which is about the best you can hope for with NFC tags) is no better than a crappy password you can’t change… but VivoKey might expand support for this as a browser extension … if they ever release it for desktop (this article is about chrome on android).
2 Likes
I’d be willing if there was still a chance to do anything about the Google problem. But I believe it’s too late and there isn’t. They’ve grown so big and pervasive (and invasive) that they get to do as they please and dictate everybody’s agenda, including governments’. The best you can do as an individual is to be extra-paranoid about how, how much and where you dish out your personal data. And even that’s probably not enough to fly under the Google radar…
So, sadly, you’re right. I don’t have to like it though, or ignore the fact that they’re going to sell NFC as a convenience functionality, but silently milk it for all it’s worth as an easy internet tracking mechanism. For that reason, I won’t let anything released by Google touch my NFC data. Not a snowball’s chance in hell.
Business-wise, you’re definitely right I guess.
2 Likes
I don’t think that using DT products to log in would be a good idea. Unless it is something more secure like Vivokey, or something supporting encryption like DESFire.
It would be like having a login that you can never change the password. NFC chips report a UID, which in this case is like both the username and password in one.
1 Like
DT sells “insecure” products because there are readers and use cases for them out there, and people want to buy them (also, define insecure: it depends on what the user wants to do with them). So anything that promotes NFC is good for the business.
As for Google, they love nothing better than an unchanging UID they can tie forever to an individual. So insecure chips are good for them.
So from a strictly business standpoint - as in, what drives the bottom line and nothing else - the former needn’t have the users’ best interest in mind, and the latter aggressively doesn’t.
I will be using my implants for password management even before the apex comes out but I will be using a microcontroller to decode an encrypted blob of data to pull the passwords from. So essentially exactly this:
The currently available products are only as insecure as your use case for them.
1 Like
Thank you for your advice.
I found some documentation about Web NFC and I’ll post it!
https://www.chromestatus.com/feature/6261030015467520
