In Australia we call them “seppos”. Short for “septics”, which comes via rhyming slang from “yank” -> “tank” -> “septic tank”.

Reread the comment you replied to. Not one word of it was in there accidentally.

Oh yes, that’s a very good point, actually. That actually seems such a fundamental use case that you could almost justify it being available without a permission.

Maybe, but I’d like to see a concrete example of how they are “designed to talk to each other” that couldn’t be achieved by the extension just reading the DOM.

I agree with you about dropdown menus being something that could/should be natively available to HTML, but I’m less convinced about form submission. Sure, if we assume everything is happy path it’s a great idea, but a system needs to be robust enough to handle a variety of cases. Maybe you want to redirect a user to a log-on page if they get back a 401, or present an explanation if they get a 403. A 5XX should usually display some sort of error message to the user. A 201 probably needs to add an element into the page, while a 200 might do nothing, or might alter something on the page.

With the huge range of possible paths and desired effects, it pretty quickly becomes apparent that designing an HTML & CSS–only spec that can meet the needs is infeasible. There’s definitely a case to be made that JavaScript has become too powerful and can do too many potentially dangerous or privacy-invading things. And maybe a new range of permissions could be considered to limit a lot of that at a more fundamental level. But what we’re talking about here with the form submission stuff is the real bare-bones basic stuff JavaScript was designed to make easier—alter the contents of web pages on the fly in response to user actions. And it’s really, really good at that.

• Your operating system
• Your CPU architecture

Agree. No reason they should have this.

• Your JS interpreter’s version and build ID

I can see a reasonable argument for this being allowed. Feature detection should make this unnecessary, but it doesn’t seem to be fully supported yet.

• Plugins & Extensions

This is clearly a break of the browser sandbox and should require explicit permission at the very least (if not be blocked outright…I’m curious what the legitimate uses for these would be).

• Accelerometer and gyroscope & magnetic field sensor

Should probably be tied to location permission, for the sake of a simple UX.

• Proximity sensor

Definitely potential legitimate reasons for this, but it shouldn’t be by default.

• Keyboard layout

As someone who uses a non-QWERTY (and non-QWERTY-based) layout, this is one I have quite a stake in. The bottom line is that even without directly being able to obtain this, a site can very easily indirectly obtain it anyway, thanks to the difference between event.code and event.key. And that difference is important, because there are some cases where it’s better to use one or the other. A browser-based game, for example, probably wants to use event.code so the user can move around based on where WASD would be on a QWERTY keyboard, even though as a Dvorak user, for me that would be <AOE. But keyboard shortcuts like J and K for “next”/“previous” item should usually use event.key.

There could/should be a browser setting somewhere, or an extension, that can hide this from sites. But it is far too useful, relative to its fingerprinting value, to restrict for ordinary users.

how sensors are used to fingerprint you, I think it has to do with manufacturing imperfections that skew their readings in unique ways

It’s also simple presence detection. “You have a proximity sensor” is a result not every browser will have, so it helps narrow down a specific browser.

Collapses? Wish Amazon would collapse after it was revealed their magic grocery store where you just walk out with what you want was just Indians viewing CCTV.

The problem comes when it’s not an app you’re using for the app’s sake, but because it’s the app of some company you have a real-world relationship with. Your bank’s app being the most important one that comes to my mind, considering I’ve already heard about some banks trying to restrict users to only Google’s flavour of Android before this.

I’ll admit I’ve not looked into it. My computer won’t even upgrade to Windows 11 if I wanted it to, thanks to MS’s artificial restriction on compatibility. Maybe it is all on-device. But if so, whence all the privacy complaints? And does it not allow syncing between devices?

But with no karma system, and not even any popular extensions for keeping track of users, how do you keep track of “trust built up over a long time”? That’s literally what karma was for, and the Lemmy devs removed that extremely valuable feature.

Nothing they mentioned in the article seems too egregious in truth

Doesn’t it? To be honest, if the article is telling the truth and not exaggerated, I find this pretty egregious. How you installed an app should be irrelevant, so the idea of an API to say “did this come from the Play Store” is fucking shit. And the ability to block installation of apps that call certain APIs entirely is even worse.

One could argue that it’s a feature that could be done on-client without sending to a server. Or with its server component doing nothing more than syncing with E2E encryption.

Yikes this really doesn’t look good. Is there any reporting on it from independent journalists (or anyone else who isn’t also advertising their own competing operating system)?

But it’s a really common one

That may be the problem. If the site detects you coming from an address with a history of other users abusing it, they may have implemented protections against it.

Where are you located, and are you using a VPN or something else that may affect how the site sees you?

*instance

The domain is a Lemmy instance. A community is the equivalent of a subreddit. !fediverse@lemmy.world is a community within the lemmy.world instance, for example.

Yes, but people can no longer engage with that content. It creates the appearance of relatively dead communities.

Individual users’ follows are not very useful in the threadiverse compared to backlog of content.

If I brought it up to her now, she’d 100% deny it

The axe forgets; the tree remembers. It’s why we should be far, far more careful than we usually are about throwing around things like that.

Installing fuck