So the other day someone linked to a website that highlighted how much information is just gifted to any place you visit on the web.
I’m aware of some of it being intrinsic to the manner of connection. A website knowing your IP (even if that is the IP of the vpn or tor exit node you’re using) is basically essential to the function of the internet. Why everything else though? What fucking idiot/asshole decided to even have an api for your gpu? Why the fuck is my browser reporting on the battery status? Light/dark mode? Visibility (whether or not the tab is ‘active’, the fuck?!? My OS?!!???!?!!!?!?!?
As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?
So that you can run interactive 3D applications like games in your browser.
To adjust the performance of a web application to save more power.
To give you matching website.
Again to adjust performance or to pause an application.
Is often used to give you a download link that matches your OS.
You can disable or fake most of the stuff. But that usually makes you stand out even more in their statistics.
Hardware info does not need to be sent server side to accomplish this. OpenGL and Vulkan APIs can both say what the current hardware supports without hardware identifiers. A malicious website could probably still fingerprint based off those listed features, but that’s just a justification for “don’t accept requests for GPU hardware acceleration without user permission”. Currently modern web browsers broadcast it no matter what the page is requesting.
Name me one web “page” that does this. A web “application” doesn’t count. My native browser should should never broadcast this, ever.
Can/should be ran client side.
Can/should be ran client side. Its none of the websites/applications business whether I have frozen its process or not.
A small quality of life, isn’t worth it. Thankfully its the easiest thing to fake/lie about on this list. Most of these “features” on this list are not user facing and cannot be turned off with basic configurations.
Most of these things actually are purely client side. But nothing can prevent the website from sending that information back to the server.
Or they can be inferred from the client behaviour. Like you said from the GPU capabilities you can get to the actual hardware. If a client only downloads the dark mode CSS it knows which mode the user is currently on.
Why do you think a client should have to download a dark mode CSS separately? Have you put any thought into why that is treated as a separate request, rather than a function of an existing page that could be switched between offline without any acknowledgement sent from the client?
Web standards have been butchered to force these constant validation measures for the sole purpose of telemetry/spyware. A client should be able to render a web page however the fuck it wants and the server that sent the page should be none the wiser.
And what of things like battery status? That has no legitimate purpose at all. No web site is going to change its behavior in response to your battery status, but current charge % and battery wear stats alone are enough to perfectly distinguish your mobile device from anyone else that you would be sharing a IP address with.