Chrome: Detect Active User?

TL;DR

Websites running in Google Chrome cannot reliably determine if a user is actively using the computer. While some techniques can offer hints, they are easily bypassed and aren’t foolproof. Modern browsers prioritize user privacy.

How Websites Try to Detect Activity

Websites use several methods to try and figure out if you’re still paying attention. Here’s a breakdown:

1. Visibility API

1. What it does: The Page Visibility API tells a website whether its tab is currently visible in the browser window.
2. How it works: A JavaScript function checks the document.hidden property. If true, the tab isn’t visible; if false, it is.
3. Code example:

   function handleVisibilityChange() {
     if (document.hidden) {
       // Tab is hidden - user likely switched tabs or minimized window.
       console.log('Tab is hidden');
     } else {
       // Tab is visible - user is likely actively using it.
       console.log('Tab is visible');
     }
   }
   document.addEventListener("visibilitychange", handleVisibilityChange);
   

4. Limitations: This only detects if the tab *appears* hidden. It doesn’t know if you’re actively interacting with it, just that another tab is in focus or the window is minimized.

2. User Activity Events

1. What it does: These events (mousemove, keydown, wheel) can indicate user interaction.
2. How it works: JavaScript listens for these events on the document object. If an event fires, the website assumes activity.
3. Code example:

   document.addEventListener('mousemove', function() {
     console.log('Mouse moved');
   });
   document.addEventListener('keydown', function() {
     console.log('Key pressed');
   });

4. Limitations: Easily bypassed by background tabs or automated scripts. Also, some browsers throttle event listeners in inactive tabs to save resources.

3. Web Workers

1. What it does: A Web Worker runs JavaScript code in the background, independent of the main browser thread.
2. How it works: Websites might use a worker to periodically check for activity or send ‘heartbeat’ signals while the tab is hidden.
3. Limitations: Workers have limited access to browser APIs and can be resource-intensive if used excessively. They don’t provide definitive proof of active usage. Modern browsers restrict background processing in inactive tabs.

4. Battery Status API (Deprecated)

Previously, websites could use the Battery Status API to infer activity based on charging state. This is now largely deprecated due to privacy concerns.

Why These Methods Aren’t Reliable

• Privacy: Browsers actively block or limit these techniques to protect user privacy.
• Bypassable: Users can easily switch tabs, minimize windows, use browser extensions (like tab suspenders), or run scripts that prevent activity detection.
• Resource Usage: Constant monitoring for activity is inefficient and drains battery life.

What Websites *Can* Do

Websites can reliably detect if a user leaves the page (using the unload or beforeunload events), but not whether they are actively using it.

In conclusion

While websites try to determine active usage, these methods aren’t foolproof. You have control over your browser and can prevent most activity tracking attempts. Don’t rely on a website knowing if you’re actively engaged – prioritize privacy settings and extensions.