Google Chrome Will Soon Warn Users About Web Pages With Unclear Mobile Billing Services (venturebeat.com)

← Back to Stories (view on slashdot.org)

Google Chrome Will Soon Warn Users About Web Pages With Unclear Mobile Billing Services (venturebeat.com)

Posted by msmash on Thursday November 8, 2018 @07:30AM from the up-next dept.

Google is introducing a small but important update to its Chrome browser, one designed to prevent consumers from being swindled by underhanded or unclear mobile subscription services. From a report: Some web pages invite visitors to input their mobile phone number in order to subscribe to some kind of service, such as a mobile game, but it's not always clear how much they will be charged or even if that they are being charged at all. This is enabled by a service known as carrier billing, something that allows users to bypass more laborious subscription methods by having a fee charged directly to their mobile phone bill. [...] Starting from December 2018 with the launch of Chrome 71, Google's browser on mobile and desktop, as well as in Android WebView, will display a warning if it detects that there is insufficient mobile subscription information available to the user.

40 comments

Min score:

Reason:

Sort:

Dang! by cascadingstylesheet · 2018-11-08 07:35 · Score: 2, Interesting

I'm all for security, but this is getting almost comically fine grained.
1. Re:Dang! by Anonymous Coward · 2018-11-08 07:50 · Score: 0
  
  It's probably something that's relatively easy to detect (or one of the devs has been personally burned), so they've thrown in the feature as a bonus
2. Re:Dang! by ShanghaiBill · 2018-11-08 07:54 · Score: 2
  
  I'm all for security, but this is getting almost comically fine grained.
  Phone companies collaborating with sleazy online marketers to add charges to their customers' phone bills without their explicit consent, and the solution is to get sporadic and intrusive warnings about impending transactions from an advertising company.
  What is comical about that?
3. Re:Dang! by Anonymous Coward · 2018-11-08 08:00 · Score: 0
  
  How is this "intrusive" to be warned about? You're making it out to be more ridiculous than it actually is.
4. Re:Dang! by DontBeAMoran · 2018-11-08 08:15 · Score: 2
  
  What's comical is that we're paying to have powerful computers on our desk and in our pockets but that power is being wasted on a war that's been going on between users and marketing departments for over a decade now.
  
  --
  #DeleteFacebook
5. Re:Dang! by Anonymous Coward · 2018-11-08 08:44 · Score: 0
  
  Already dropped. Firefox provides all of the bloat of Chrome, so I'm not missing much, and I've switched to Opera for the porn browsin' I used to do with Firefox.
6. Re:Dang! by Anonymous Coward · 2018-11-08 12:16 · Score: 0
  
  It's pretty funny that there's still people who carry smart phones around.
  No shortage of dummies I guess.
7. Re:Dang! by cascadingstylesheet · 2018-11-09 02:13 · Score: 1
  
  I'm all for security, but this is getting almost comically fine grained.
  Phone companies collaborating with sleazy online marketers to add charges to their customers' phone bills without their explicit consent, and the solution is to get sporadic and intrusive warnings about impending transactions from an advertising company.
  What is comical about that?
  That someone is building defenses against it into a browser?
  Defense that "detects that there is insufficient mobile subscription information available to the user"?
  Sure, anything could be useful, but it's not as though Chrome tries to detect if the web page gives me insufficient information before I enter a credit card, for example.
Feature request by Anonymous Coward · 2018-11-08 07:41 · Score: 1

When launching Chrome, it should automatically uninstall itself to better protect the users.
1. Re: Feature request by Anonymous Coward · 2018-11-08 13:01 · Score: 0
  
  I love it.
Carrier billing is mostly fraud by Anonymous Coward · 2018-11-08 07:50 · Score: 0

I can't recall one situation where I've dealt with this payment method that was not part of a fraud scheme. Either a user tricked in to it, or some shady outfit just outright fraudulently billing people by spam billing numbers they got out of a database.
Carriers get a cut, so they're pretty complacent and don't have any incentive to fix the problem.
How about ... by PPH · 2018-11-08 07:52 · Score: 4, Insightful

... we just don't allow the common carriers to do billing for third parties. Want to use dial-a-porn? Fine. Call and enter your credit card number. No more of this $5.99/minute charging through the phone company. There are far too many scams (telemarketing) that will never go away until the telecoms are no longer allowed to be silent partners in the deals.
I'm with Google on this. But I suspect that their motive might be to drive these web services to their own billing platform.

--
Have gnu, will travel.
1. Re:How about ... by ShanghaiBill · 2018-11-08 08:07 · Score: 1
  
  Call and enter your credit card number.
  1. Not everyone has a credit card.
  2. Credit cards are LESS secure than DCB (direct carrier billing).
  Your CC #, exp date, and CVV are all printed on your card, and you give that information to anyone you transact with. They can then use the same information for fraudulent purchases.
  With DCB, you enter your phone number, and then you get a confirmation on your phone, and are then prompted for a PIN.
  DCB is 2 factor: Something you have (the SIM card in your phone) and something you know (the PIN).
  CC is 0 factor: Something you know, but which is also semi-public information.
  There are some problems with the way DCB is currently implemented, but implying that CCs are somehow "better" is absurd. They are worse in every way.
2. Re:How about ... by PPH · 2018-11-08 08:14 · Score: 2
  
  1. Not everyone has a credit card.
  Cash cards are a thing. Just line up at the local speedy mart with the other homeless people and you are good to go.
  
  2. Credit cards are LESS secure than DCB (direct carrier billing).
  Credit cards are VERY secure. I have a federally mandated right to dispute charges. Cash (debit) cards, less so. But there are regulations covering these as well. I am comfortable with them.
  
  --
  Have gnu, will travel.
3. Re:How about ... by squiggleslash · 2018-11-08 08:27 · Score: 3, Informative
  
  With DCB, you enter your phone number, and then you get a confirmation on your phone, and are then prompted for a PIN.
  
  Is that how you think it works? Because that's not how it works. As someone who suffered continuous fraud for several months until T-Mobile was persuaded to block these things (which it still couldn't do properly, it decided to block shortcodes too, which means I don't get text notifications from my bank when my credit card is compromised), I can tell you we never had any communication at all between us and the company stealing money from us.
  And two other differences:
  1. Credit card companies can and do pro-actively watch for fraud. We never saw T-Mo do the same thing.
  2. T-Mobile refused to remove the charges directly, telling us we had to work with the company fraudulantly billing us.
  It isn't more secure, it's stupidly insecure, and it should be banned. There's no reason whatsoever for this feature to exist, and if this country had any accountability, the execs who came up with this scheme would be in prison.
  
  --
  You are not alone. This is not normal. None of this is normal.
4. Re:How about ... by Anonymous Coward · 2018-11-08 08:50 · Score: 0
  
  2. T-Mobile refused to remove the charges directly, telling us we had to work with the company fraudulantly billing us.
  Which tells me everything I need to know about T-Mobile.
  Wow, they allow a fraudulent charge, and expect you to sort that out with the fraudsters, who you probably have no idea who they are.
  Basically T-Mobile are happy to facilitate fraud from the sounds of it. Wonder if they're getting a cut?
5. Re:How about ... by Etcetera · 2018-11-08 09:52 · Score: 1
  
  1. Not everyone has a credit card.
  Cash cards are a thing. Just line up at the local speedy mart with the other homeless people and you are good to go.
  DCB requires nothing more than the billing method you're already using. For whatever the service is, they have no billing data other than the info they already have (the phone number).
  
  2. Credit cards are LESS secure than DCB (direct carrier billing).
  Credit cards are VERY secure. I have a federally mandated right to dispute charges. Cash (debit) cards, less so. But there are regulations covering these as well. I am comfortable with them.
  The only thing more secure than payment method X is payment method N/A. And if you're being super paranoid, you don't have to head into your local speedy mart, use a throw-away account, whatever. Deal directly with the phone company. This is, after all, why services like Paypal remain popular -- I don't have to provide more billing data, just authorization and they vendor and billing provider handle it back and forth with a token of some type.
  As far as challenging billing, I suspect that depends more on your provider than anything else (subject to regulation). Yes, in the pre-Internet world there were lots of horror stories about this, but the relatively few times I've done DCB (for example, on a second line) I've had no issues with and never been overcharged for. YMMV.
  
  --
  Hire a Linux system administrator, systems engineer,
6. Re:How about ... by PPH · 2018-11-08 10:03 · Score: 1
  
  Deal directly with the phone company.
  
  The idea is to cut the phone company out of the billing loop. Since they suffer no consequences for the fraud that they enable.
  
  --
  Have gnu, will travel.
7. Re:How about ... by pete6677 · 2018-11-08 16:37 · Score: 1
  
  I was going to say. Anybody who has no credit or debit card also does not have a phone that will work with carrier billing, since they probably have some Tracfone or Boost Mobile prepaid shit. Carrier billing is a bad solution to a non-existent problem.
It only takes a Phone Number? by Anonymous Coward · 2018-11-08 07:52 · Score: 0

Surely these services require more than just a phone number to start billing you.
Isn't there typically some form of 2 factor authentication involved, which should be a red flag to anyone not expecting it.
1. Re:It only takes a Phone Number? by PPH · 2018-11-08 07:56 · Score: 1
  
  "Hello sir. Can you hear me?"
  They have you saying 'Yes' and now they can scam you for anything. This is a major profit center for the phone companies.
  
  --
  Have gnu, will travel.
Google being the Internet Police again by Anonymous Coward · 2018-11-08 07:56 · Score: 0

This won’t end well. Offer a service to white males, boom your site gets banned in Chrome.
Why is billing not a HTTP feature? by Anonymous Coward · 2018-11-08 08:04 · Score: 0

This here obviously won’t work, like any attempt at whitelisting.
The first thing an evil developer will do, is check his site against this service. Regularly. And have a backup site ready and running, to switch to when it does start to warn.
In fact, he likely will have a whole farm of such sites, sprawling like spring fountain onto the net, in far greater numbers than users can report and Google can warn about them.
I mean I thought about this less than 10 seconds. Imagine somebody who actually makes a living that way.
Why is there no HTTPS error code in case one has to pay for receiving a document? It exists for authentication already. It’s nearly trivial to extend it that way, and it’d be great and universal I mean if browsers add utter nonsense like "web sockets" (that are exactly replicating real sockets, except they are not compatible with real sockets, which makes them more than just a pointless re-invention of the wheel, but idiotic on top of it), and become literal operating system platforms, except shittier, then they can add this too.
1. Re:Why is billing not a HTTP feature? by DontBeAMoran · 2018-11-08 08:18 · Score: 0
  
  So... GoogleCoins?
  
  --
  #DeleteFacebook
cram bam thankyou m'am by bugs2squash · 2018-11-08 08:14 · Score: 0

so is this web-cramming, mobi-cramming, cell-cramming, what ?

--
Nullius in verba
Mobile Billing Services aka premium rate text are by Joe_Dragon · 2018-11-08 08:27 · Score: 1

Mobile Billing Services aka premium rate text are not web based.
Google overboard for security by biggaijin · 2018-11-08 08:36 · Score: 1

The Google Chrome browser in my Android phone now prevents me from using any public WiFi that requires a login screen, as in an airport or a hotel. This has been profoundly irritating. I know that these hotspots are not safe and am willing to take responsibility for my own data. Having Google slamming the door on me in these situations makes me want to abandon them entirely, but it's like hating the government. There really is no alternative.
1. Re:Google overboard for security by Anonymous Coward · 2018-11-08 09:16 · Score: 0
  
  You can download Firefox and set your default browser to that prior to attempting to connect. Then it will open Firefox instead of Chrome and allow you to click the terms and agreements button. Then you can set your default back to Chrome.
  Pain in the butt, but it works.
2. Re:Google overboard for security by Actually,+I+do+RTFA · 2018-11-08 09:30 · Score: 1
  
  Chrome has been doing that on my laptop for a long time.
  iOS and Safari are alternatives. At least they recognize the the login screen and handle it well.
  
  --
  Your ad here. Ask me how!
3. Re:Google overboard for security by Anonymous Coward · 2018-11-09 05:13 · Score: 0
  
  The Google Chrome browser in my Android phone now prevents me from using any public WiFi that requires a login screen, as in an airport or a hotel. This has been profoundly irritating. .
  Only that!
  Google has blocked me from using the gmail account I have been using for the last 8 years.
  The evil morons claim that they suspect the account is not mine. I have been jumping through their
  hoops of answering secret questions on my family, providing alternative emails so that
  they could contact me, etc., and so far, no contact from their part, and my (well, I know, technically,
  it's theirs) account remains blocked.
  And I wonder every day why this has happened, after 8 years of daily use.
  And I suspect this may be because a part of the account name has some similarity with a
  part of the name of a now becoming famous soccer player. Who did not exist 8 years ago,
  to be sure.
  BTW, if you know of a way of contacting someone at Google who is a human and with a
  modicum of reasoning power, so that I may try to get that email account back, please, let me know.
Could be worse by Locke2005 · 2018-11-08 08:45 · Score: 3, Informative

My ex got hit by the scam where this company sent her a text message, then because she received the message, they started billing her $9.99/month for the "service" of receiving that text message. Problem is, her account was on autopay and she never even opened her bills, so it wasn't until I looked at her bill 6 months later that she found out. Not sure why that scam wasn't illegal.

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Question by Locke2005 · 2018-11-08 08:47 · Score: 3, Interesting

Why don't the carriers give me the option of disabling Direct Carrier Billing for my account? In fact, why don't they give me the option of disabling equipment purchase plans? More than once people have order hardware billed to my phone number! (No, I didn't have to actually pay for it, but it took a lot of work on my behalf to fix it.)

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
1. Re:Question by tlhIngan · 2018-11-08 10:02 · Score: 2
  
  Why don't the carriers give me the option of disabling Direct Carrier Billing for my account? In fact, why don't they give me the option of disabling equipment purchase plans? More than once people have order hardware billed to my phone number! (No, I didn't have to actually pay for it, but it took a lot of work on my behalf to fix it.)
  Because they get a cut. And the scummier the company, the larger the cut. Heck, it can be huge, like 90% of what you paid goes to the carrier.
  And for that, they don't have to do anything - customers are forced to deal with the scummy company, there's no such thing as blocked charges, etc.
  It completely benefits the carrier to allow it, completely screws over the customer.
  The only way to get any of that sort of crap fixed is legislation, because right now it's tilted too much in the carrier's favor for them to do anything about it.
2. Re:Question by Anonymous Coward · 2018-11-08 10:03 · Score: 0
  
  Because carriers make money off of scams. They are implicit money launderers. But they are safe from prosecution because they are practically monopolies and they work government contract jobs. AT&T was a major developer of Radar systems for the u.s. govt. "Nice service you got there. It'd be a shame if something were to happen." as "they" say.
Simple solution in case you get such billing by Anonymous Coward · 2018-11-08 08:52 · Score: 1

but havn't signed up willingly: call your provider and tell them to remove the item from the bill - in case they refuse press charges at your local police department (or federal institution, should your provider work across borders) as your provider, the moment he refused to not process a fraudulent transaction from which he profits, crossed the line from being an innocent third party to being an active complicit in a crime.
I wonder by renegade600 · 2018-11-08 09:17 · Score: 1

I wonder if this means that any subscriptions that does not go through the google play store will be suspected and a warning will be given?
what the fuck? specific as fuck. by Anonymous Coward · 2018-11-08 12:34 · Score: 0

what the fuck? specific as fuck.
No shit? That's my point! by Anonymous Coward · 2018-11-09 00:49 · Score: 0

Thank you Captain Obvious. That was my point. You genius.