God, I hate posting a Reddit comment, but this is huge. Every claim is sourced (I have not verified personally).
Edit: Well, Reddit does what reddit does, it’s been removed. Here is a github link: https://github.com/upper-up/meta-lobbying-and-other-findings
cross-posted from: https://lemmy.bestiver.se/post/985257
App stores and anything else that makes a call to that API.
Your browser would have to allow that.
You mean the browsers all based on code from Google and Apple, who also want that info, and will be pressured to use that API to “protect the children” from adult websites?
No, I do not.
That question was rhetorical. Apple and Google account for 95% of the browser market.
I know what you meant, but I guess you’ve never heard of this little thing called a fork. Or Firefox.
Hi, I am here to tell you that it is not particularly trivial to make the kind of changes required to make the websites keep working while also preventing stuff similar to JS fingerprinting.
Some extensions do a decent job in certain cases, but the only ones that completely fix the problem are the ones that simply turn off JS. I checked out what Librewolf’s changes do, using amiunique.org and in some tests it even ends up increasing the uniqueness.
You will essentially require identifying different parts of the JS engine that expose said vulnerabilities and then creating mitigations for each of them, with either the “blend in” or “randomise” strategy and will also require to make sure they are not detected over any domain (due to partial overlap of either change).
This kind of change for a single person will require properly understanding the JS engine codebase and then making and maintaining all required patches over the course of the fork as the main project goes forward. This is pretty much a full time job.
Even if multiple people are working on it, one would still require a good understanding of the codebase.
I suggest recruiting one of the retired/laid-off Firefox engineers, if you have the funds.
…why are we talking about JS and fingerprinting?
The application of age indication is just going to be another metric that these companies use for fingerprinting and person identification, one that some analyst on their inside possibly considered a useful data point.
And while this particular API might be an easy one to target, for removal as a patch, it might end up being part of a JS framework that many websites use and will break in case the return value is not available.
So if people require sites to work, this will become just another feature, requiring similar mitigations to other JS features I mentioned, that will need to be handled in a way that it increases the anonymity of the user, lest the user be subjected to harassment.
By “harassment”, I mean the actual inescapable kind, not just random internet trolls.
You honestly believe that the general public is going to suddenly rush to chromium or Firefox forks?
Didn’t say they would.
Then why would they be relevant to a discussion about legislation that affects the general public?