4 comments

  • trec 4 days ago

    I hope that if this feature requires permission from the user. Otherwise it allows one more variable for fingerprinting the browser.

    • cstuder 4 days ago

      New browser APIs generally take privacy and fingerprinting concerns into account. This one too: https://web.dev/multi-screen-window-placement/#security-and-...

      • 0xy 4 days ago

        Audio APIs were released as recently as last year that are used for widespread fingerprinting via audio hardware latency information that is available with no notice to the user and without their permission, even on websites with zero audio.

        This simply isn't true. That's not even the only recent API that Chrome has spearheaded that is being abused by ad networks and other nefarious actors.

        • gruez 4 days ago

          > Audio APIs were released as recently as last year that are used for widespread fingerprinting via audio hardware latency information that is available with no notice to the user and without their permission, even on websites with zero audio.

          That seems to be fixed, at least on firefox. The result from console.log(new AudioContext()) seems to be generic values that don't correspond to the actual values (eg. it reports the sample rate as 44.1khz, but my system sample rate is 48khz).

          • 0xy 2 days ago

            None of what you said is relevant to Chrome. Chrome still allows ad networks to pilfer this information as of the latest version.

            Chrome is the worst browser for privacy by far. Between cookie policies, X-Client-Data backdoors for DoubleClick and APIs like this one it seems awfully convenient that this stuff continues to make it to production for ad networks to abuse with impunity.

      • wolrah 4 days ago

        Yeah, that was my immediate thought as well.

        I have a WQHD (3440x1440) main display with two old 1680x1050 panels mounted side by side above it. Even amongst those with three monitors my setup is quite unusual and thus would be incredibly useful as a fingerprint.

        I see that it'll be gated behind a permission popup like many other modern browser features, but based on the number of clients I've had to clear ad networks out of their "Allow Notifications" lists for it's quite clear that a lot of people just hit "yes" to whatever they're prompted about.

        I of course see the value to developers of complex web apps, but IMO this is the sort of thing that shouldn't actually happen in the browser itself. Make it exclusive to Electron or similar platforms that use a web browser style engine but can have additional capabilities beyond what's reasonable to expose to a plain old browser.

        • rcarmo 4 days ago

          I came here to point out _exactly_ this. And I wouldn't stop at permissions, these things should be session-only and not persist across visits.

      • donatj 4 days ago

        This is a very odd, very niche feature. I can’t imagine ever wanting a webapp to organize my windows across displays for me.

        • tomayac 4 days ago

          I wouldn't call slide show apps niche at this point in history. https://web.dev/multi-screen-window-placement/#use-cases:~:t....

          • donatj 3 days ago

            I'd say the need to not just move your windows yourself in that given case is niche.

          • PaulHoule 4 days ago

            Who writes native desktop apps anymore?

            Sure, HP writes UWP application to harass you into buying more ink.

            However a wide swath of firms develop on Mac for a Windows world, thus electron.

            I have looked long and far for a good cross platform ui toolkit and I don't believe there is anything that comes close to the web platform.

            • rektide 4 days ago

              It's an old legacy mentality when you can't imagine web systems filling the role of regular applications. Please update your mental models accordingly.

              That you happen to think of the web as being for this specific thing that you imagine is not a fair constraint. The web does not want to be excluded from becoming more, please stop placing it in the corner.

            • judge2020 4 days ago

              Early on in the article you might see that you have to sign up for a token to use it while it's in the trial stage. If you're wondering what this is about, see https://github.com/GoogleChrome/OriginTrials/blob/gh-pages/d...

              > The TL;DR is that we strongly value the feedback of real web developers (that means you!) during the process of designing and standardizing new features. We believe origin trials provide a good way of encouraging that feedback, while being extremely careful that the experiments aren’t used by sites in production-critical roles or as if they’re finalized features.

              • agentultra 4 days ago

                So... when are we going to see machines that just init into a web browser instead of a desktop? 2 years?

                • andrewaylett 4 days ago

                  Chromebooks? FirefoxOS too -- it might not have taken off enough to be viable, but it worked.

                  • agentultra 4 days ago

                    Good point, I have been missing out!

                  • anaganisk 3 days ago

                    Nerds at Google keep making Chrome browser a full blow OS and Bean counters keep finding ways to abuse them for data, demand supply right there.