A web page that shows you everything the browser told it without asking

Posted by mwheelz 1 day ago

A web page that shows you everything the browser told it without asking(sinceyouarrived.world)

582 points | 286 commentspage 6

pugworthy 23 hours ago|

Trying this in Lynx I'm surprised it didn't at least get some information from me in the request headers. You don't need JavaScript to pull things out of them.

deferredgrant 1 day ago||

Browsers are stuck between compatibility and privacy. Every bit of environment detail has some site that claims to need it, and every extra bit makes users easier to distinguish.

Cider9986 1 day ago||

I prefer https://fingerprint.com/demo

Terrible company-at least you know you are testing what is being used.

pixel_popping 1 day ago|

What's terrible about them?

Cider9986 1 day ago||

They track us around the web.

pixel_popping 23 hours ago||

But anybody knows (in tech I mean) that a browser client leak a lot of things and sustained tracking is easy even cross-browsers (and cross-devices too with more advanced techniques), including history (easy to know which websites were visited with timing analysis in loops and iteration), it falls on the responsibility of the user to achieve privacy, but it requires heavy sacrifices that frankly most users are not willing to do, fingerprint.com is really basic and doesn't go to a great length at all actually to track users (fortunately).

Reality is that most do not care about privacy (look at the number of Google users, even developers themselves who are completely aware of it and continue to "embrace" the mass tracking). There is also the mass brainwashing which is an issue where people that use VPNs think that they are anonymous and this is terrifying to think (thank you NordVPN non-sense, which also use Google Analytics which then correlate entire traffic later-on, what a joke).

Cider9986 22 hours ago|||

Similarly, just like how somebody would think that a company selling weapons that are expressly used to harm protestors is a terrible company, a company that tracks its users and invades their privacy is a terrible company.

We can see that big companies are able to do a great deal for privacy like Cloudflare and Apple (relatively speaking).

>Reality is that most do not care about privacy

Most people don't understand how much they are being tracked online, and even less know how to start preventing it. The vast majority of people care deeply about privacy. It is a natural human desire. Ask someone that says they have "nothing to hide" if they would be willing to let you install a camera pointed at their bed. Are they doing anything wrong in bed? Anything to hide? No. They still deserve privacy.

Saying you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say. [1]

Just because people don't care about the issue doesn't mean they shouldn't have the right by default. Privacy should be the default. It is bad for you to have less privacy because it gives governments, corporations, and other people significant power over you and allows them to harm you more easily. Also it is your right, just like the 1st amendment.

[1] Edward Snowden

Cider9986 22 hours ago|||

I would never use NordVPN–I think their marketing is deceptive and they don't accept private payments, among other issues, but there is a big difference between the VPN collecting data and just their website. Bitwarden has a privacy respecting pw manager, but their website uses analytics.

pixel_popping 22 hours ago||

Absolutely, Nord is a sh*t company when it comes to privacy, they removed the anonymity claim as well recently and changed it by "Security", but anyway a VPN is far (very far) from being enough to reach decent level of Opsec. Anyway, VPNs that care can start use Enclave at the very minimum, but it's insufficient as traffic can easily be correlated if you disconnect peers one by one (gov can just sniff DC firewall, then DDoS each IP connecting through it, check if the guy is still online... (ton of ways)). Mullvad is clearly more trustable regarding the steps taken to ensure more privacy, but it's not enough on its own and even them say so.

For Bitwarden, well, US government (and Google, and more) is aware of your usage of it through their analytics so I wouldn't say it's really privacy respecting but sure, there is a bigger effort yeah.

simonw 21 hours ago||

Cute detail: if you switch to another tab and then back again it shows a banner at the top:

> You left for 6.3 seconds. We noticed.

baddash 23 hours ago||

pretty interesting but why's this website so dramatic, like it thinks it's making me uneasy and paranoid or something

efilife 20 hours ago|

Because it's AI slop. It's the same tone every time

internet2000 1 day ago||

Yes, I'm on a MacBook Air in Eastern Time and I speak English. I'd have told the website that myself if they had asked it.

Ylpertnodi 23 hours ago|

Eastern Time, USA, or closer to Bangladesh?

donatj 23 hours ago||

The text legibility of the gray on black is a serious problem. My eyes aren't that bad but I can barely read this.

rectang 23 hours ago|

My eyes aren't great and I had to pinch-zoom to read parts of this page.

amarcheschi 1 day ago||

You could have used show hn since you made it

superkuh 1 day ago|

With javascript off it just stalls at "reading" forever. There are certainly some viewport properties and other things it does know even without JS execution, but the mitigation is significant. And the page itself (the JS application) cannot act on that data or communicate it. Instead it has to be processed by some other application on the backend or wherever. Not in my browser by my computer.

Steve16384 1 day ago|

I can't help feeling that if you're turning JS off, you might as well turn off your computer to protect your data.

dylan604 1 day ago|||

As an experiment, I made a small retail shop (< 30 products) that would use JS for modern style async/await calls, but would then use old school POSTs if JS was disabled with full page reloads on every POST. it sucked to dev and as UX, but it was possible to do. Had the non-JS POST style updates been any less annoying, it might have been viable. Nobody likes full reloads. They suck. JS can do nice things for UX. It's just that we can't have nice things because people suck

efreak 17 hours ago||

That's what frames are for. Only reload the frame with the important data in it (total cost, list of products in cart) and point the category links in the page to open in the same frame as the shopping cart. You can even style the frame contents with the main page's stylesheet so it only needs to load a `$41.29` total if that's all that's changed.

dylan604 15 hours ago||

No, I did not defile myself that badly by using frames nor layout with tables either. <shudder> I did layout with CSS. It wasn't just an update to the total. It was a proper modern day UI look (if not so much feel) so that it had a collapsible shopping cart on the side so you could see the items and quantities and link back to the item's page.

efreak 46 minutes ago||

If you're smart about the style/display format, this can be done with a frame that only has the necessary markup (ie just the contents of the cart, with links, think a sidebar/pop-up shopping cart embedded in the middle of the page). You can avoid the flash with css page transitions, too. It's not as nice as scripted setup, but if you're on a decent connection (latency) it's about even with other forms of progressive enhancement since you're not loading an entire UI framework. I'm not sure how well this would work for accessibility though, plain old frames aren't used much anymore.

andai 1 day ago||||

Nah, HTTP logs still leak my circadian rhythm.

MarsIronPI 1 day ago||||

This site actually works just fine without JS.

MarkusQ 1 day ago|||

That's actually a fantastic idea!

Oh wait, no, I'm an e-addict. Drat! Curse this monkey!

More comments...