Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am honestly more surprised by the fact that we let these kinds of APIs creep into our browsers. What’s the scenario where a website needs to know how much RAM or what kind of video adapter I have? I get it for a game or a desktop app, but a website?

At the end of the day, we all know that any kinds of unique identifiers will be used in combination. We need to reduce those to an absolute minimum. Today’s browser APIs are leaking information like a 1920s faucet.



Sometimes people put games and desktop apps in websites.

And, really, when you download a game or desktop app as a traditional executable, the OS gives it so much access to your private data that the term "leak" isn't meaningful any more. Any video game you install as a .exe can silently access every email and online banking account you either are logged into or will log into in the future.


A video game installation is a conscious choice that I can make depending on whether I trust the vendor or not. Me visiting New York Times and getting 58 trackers scraping my device configuration and preferences is not a choice.


It is as much a choice as installing an .exe. Treat the web browser like the OS of old, because that's exactly what browser makers think of it.


It is not. I can open someone’s blog without knowing what trackers they have. A site has inherently a different trust boundary than an executable, and it should stay that way.


Not only that, you can vet someone's blog, decide you are ok with the trackers and revisit 24 hours later only to find that they've changed since you last visited.


True in theory but good luck explaining this to my grandma/99% of internet users. People click links freely even if they shouldn’t,


Twenty years ago they ran .exes just as freely.


And? Why should we still be adapting the security and privacy model we had 20 years ago?

To your analogy, 20 years ago this bit us all in the ass just as much because every EXE brought with it all sorts of toolbars and adware. I don’t want the web to become this.


20 years ago laptop weight was measured in pounds, clock speeds we're in MHz, storage was in single GB ranges, and battery life was a quarter of what it is today. Dial up was common, there was no youtube or spotify. Let's not hold ourselves to the standards of 3 generations ago of technology


Yes, and we established that was an awful idea..


And how do i get back to a hypertext reader?


> I get it for a game or a desktop app, but a website?

Browsers "had to" replace Java Applets and Flash. With the great side effect that users can no longer easily just disable those plugins to get rid of the malware build on top.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: