this post was submitted on 02 Apr 2026
198 points (82.4% liked)
Technology
83601 readers
3667 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Still don’t really understand why browsers expose this data to sites.
Web browsers are just such a massive security hole.
On the contrary, websites are incredibly sandboxed. It’s damn near impossible to find out anything about the computer. Off the top of my head: Want to know where the file lives that the user just picked? Sure, it’s C:\fakepath\filename. Wanna check the color of a link to see if the user has visited the site before? No need to check. The answer will be ‘false’. Always.
Here's the information a web server needs to deliver content to a browser:
Everything else is a fucking security hole. There's no good reason for servers to know what extensions you have installed, what OS you're running, the dimensions of your browser window, where your mouse cursor is positioned, or any one of a thousand other data points that browsers freely hand over.
There are absolutely reasons. Firefox is done by a reasonable job of anti-fingerprinting, and it's a fine line to walk to disable as many of those indicators as possible without breaking sites.
Browsers do give away too much, but at least Firefox is working on it. And it's not extremely straightforward.
I use waterfox with all of the privacy and security settings enabled to the max, plus a few extensions like ublock origin, decentraleyes, consent-o-matic, and clearurls.
Not that many sites break. And the ones that do, I don't visit. If you don't need to offer an https option, or you don't work without trackers, I don't need to go to your site. Simple as that.
The browser can never know what information is needed for a certain use case. So it needs to be permissive in order to not break valid uses.
For instance, your list does not include the things a user clicks on the website. But that’s exactly the info I needed to log recently. A user was complaining that dropdowns would close automatically. We quickly reached the assumption that something was sending two click events. In order to prove that, I started logging the users’ clicks. If there were two in the same millisecond, then it’s definitely not a bug but a hardware (or driver or OS or whatever) issue.
Bug fixing is not a reason to enable massive privacy violations.
If the site doesn't know the window width of can't react to mobile or desktop users automatically or scale elements/ change to best for your display.
You need mouse input for hovering effects as well
That can all be done 100% client side. The server does not need this information.
If you can do it client side, you can send it to a server...
The difference is intent.
Yes, because web browsers, under current web architecture, allow this.
This is entirely my point.
They will always allow it as long as you have javascript or any other code.
Ah I read as the Brower doesn't need that data. I'd say it needs width (maybe height) but that's it
But this info talked about in OP is done via client sending the data to a server not the server getting it all the time