A web page that shows you everything the browser told it without asking

Posted by mwheelz 1 day ago

A web page that shows you everything the browser told it without asking(sinceyouarrived.world)

583 points | 287 commentspage 8

crazygringo 1 day ago|

This is just... silly. Everything it told me, while browsing on my iPhone, seems entirely reasonable.

> Every page you have ever visited knows at least this much. Most of them know more. None of them told you.

So? Why would I want the news site I'm visiting to "tell me" it knows my preferred language, that I'm using light mode, or the estimated location of my IP address...?

It's not surprising that a browser which renders text can be used to identify which fonts are available. It's not surprising that a browser which allows calculation with your GPU will identify your type of GPU.

The "without asking" framing is just silly. I expect to be asked for consent to use my webcam or microphone or exact precise location. But the last thing I want is to be asked for permission around detecting my local time zone or preferred language or my screen resolution or 20 other totally reasonable things for a website to be able to know.

mwheelz 1 day ago|

Right that most of these aren't surprises individually, and right that nobody wants a permission prompt for Accept-Language. The argument isn't that you should, it's that the combination is enough to identify you across sites without your awareness, and that the wider tracking ecosystem trades on that bundle. The piece is editorial about the thing existing, not a proposal to gate every header. Reasonable to push back if you find the bundle isn't the point.

crazygringo 1 day ago||

Fingerprinting has exited for a long time. But this site is specifically saying "None of them told you".

The site does seem to be implying that disclosure and consent are the issues:

> We did not ask for your location.

> Nothing about this was requested. The information arrived on its own.

> Your device volunteered all of this in the first milliseconds of the connection. It will do this again on the next page you visit, and the one after that.

> No permission is required.

It's framing this as if browsers are maliciously volunteering information that ought to be protected, and that sites are maliciously hiding the information available to them.

It does seem to be clearly suggesting that even basic pieces of information ought to be available only upon request and that this must be disclosed to users.

You say this is "not a proposal to gate every header", but it's sure looking like something close to that to me.

basilikum 1 day ago||

> This volume requires JavaScript. That is part of the point — your browser is what is being read.

> With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.

What? When I enable JS it shows me a lot of stuff that is only queriable with JS.

Retr0id 1 day ago||

> Your screen is 1512 by 982 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display. Your device volunteered all of this in the first milliseconds of the connection.

No it didn't. It was queried by the JS running on the page. It's a fun demo but it could really do without the slop prose.

mwheelz 1 day ago||

Pedantic but right. The JS queries them; the browser returns them without prompting the user. "Volunteered" is the editorial verb for that round-trip but it does paper over a layer.

Retr0id 1 day ago||

It's relevant because connection-level fingerprinting is directly visible to intermediaries like cloudflare.

pixel_popping 1 day ago||

Yeah, no need JS to track resolution or even mouse movements with timing, pure HTML/CSS can do.

wickerdan 1 day ago||

Its pretty scary when you see it like this

notatoad 1 day ago||

the breathless fearmongering but also condescending tone of this really makes it hard to take seriously. yeah, you can "digitally fingerprint" me when i browse the web. do you know when else you can get my fingerprints? literally any time i touch something in the real world, i leave my fingerprints behind. and nobody is making websites telling us all what a risk to privacy that is.

if you want to make me afraid of browser fingerprinting, try explaining how that information can be used to harm me. i'm aware that it's possible, i just don't care because it doesn't seem like it's that big of a deal.

sitzkrieg 1 day ago||

dark gray on black text was a terrible choice, virtually unreadable contrast

efilife 23 hours ago|

It's Claude that chose this and it doesn't really have eyes, so that's the reason

sitzkrieg 17 hours ago||

what a terrible reason lol. i should mention i use light mode and it got that wrong to boot

thatguy0900 1 day ago||

Man what a awful looking site. I shouldn't have to crank my brightness to max to kind of read the words

fodkodrasz 1 day ago|

I agree, this site is an eyesore.

I use windows color filters (Grayscale inverted is my preferred, in the past I used plain inverted) for poor man's dark mode (or light mode in this case) for stuff that doesn't honor my color scheme and hurts my eyes. It also has a hotkey, so it is really handy sometimes, but you need to enable it in the settings.

Assistive technologies are great, not only because they benefit those who have no choice but to rely on them, but also they can benefit the luckier people.

rappatic 1 day ago||

Vibecoded slop with LLM-written copy. When will it stop

none_to_remain 1 day ago||

According to the "Sources" popup, creator can't even excuse the slop as AI slop:

> The prose

> Hand-written · Template-based, not generative

> Every sentence on this page was written by Matt. The code selects among prose templates based on what your browser returned. No language model writes or rewrites anything at runtime. If a condition is not covered by hand-written prose, the page stays quiet about it — we'd rather say less than say something false.

efilife 1 day ago||

We desperately need some tagging system/convention here. Maybe just putting [AI] into the title. This bullshit is getting really tiring.

It looks like this is an ad by the way, check op's posting history

camillomiller 1 day ago||

All these submissions come from bots, and users with accounts younger than a month with one single submission (in this case three times the same submission). Maybe the system should block anyone with lower than xyz points and 20 comments to post any link? I dunno, I guess it's hard but this shit is really affecting the community.

pixel_popping 1 day ago||

It's really bad, it's not using proper fingerprinting techniques, no network stack fingerprinting, no browser history via DNS poisoning, no narrowing down exact country with timing and so on. I mean this is even inferior from basic tools like amiunique, what's the point?

camillomiller 1 day ago|

It's a piece of AI slop that this user, with an account created 21 days ago, has been spamming here for the third time.

relevant_stats 1 day ago|

The stats are wrong - on Android my finger has not moved triple digit times, and I haven't tapped double digit times. In 4 seconds.

My general location is also wrong.

This site's theme is barely visible.

And the entire idea for the site is at least couple decades old.

Unoriginal slop.

More comments...