this post was submitted on 02 Apr 2026
265 points (79.9% liked)
Technology
84603 readers
4107 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Here's the information a web server needs to deliver content to a browser:
Everything else is a fucking security hole. There's no good reason for servers to know what extensions you have installed, what OS you're running, the dimensions of your browser window, where your mouse cursor is positioned, or any one of a thousand other data points that browsers freely hand over.
There are absolutely reasons. Firefox is done by a reasonable job of anti-fingerprinting, and it's a fine line to walk to disable as many of those indicators as possible without breaking sites.
Browsers do give away too much, but at least Firefox is working on it. And it's not extremely straightforward.
I use waterfox with all of the privacy and security settings enabled to the max, plus a few extensions like ublock origin, decentraleyes, consent-o-matic, and clearurls.
Not that many sites break. And the ones that do, I don't visit. If you don't need to offer an https option, or you don't work without trackers, I don't need to go to your site. Simple as that.
The browser can never know what information is needed for a certain use case. So it needs to be permissive in order to not break valid uses.
For instance, your list does not include the things a user clicks on the website. But that’s exactly the info I needed to log recently. A user was complaining that dropdowns would close automatically. We quickly reached the assumption that something was sending two click events. In order to prove that, I started logging the users’ clicks. If there were two in the same millisecond, then it’s definitely not a bug but a hardware (or driver or OS or whatever) issue.
Bug fixing is not a reason to enable massive privacy violations.
If the site doesn't know the window width of can't react to mobile or desktop users automatically or scale elements/ change to best for your display.
You need mouse input for hovering effects as well
That can all be done 100% client side. The server does not need this information.
If you can do it client side, you can send it to a server...
The difference is intent.
Yes, because web browsers, under current web architecture, allow this.
This is entirely my point.
They will always allow it as long as you have javascript or any other code.
That much is true.
How would they prevent it? If they allow your app to read a value client side, it can do whatever it wants with it, including sending it.
If your app needs to present different behavior based on user settings, it needs to read it.
They allow this because they are being developed to allow this.
Browsers that don't allow this in a Web-like system without such functionality (like Gemini) can be written in two days or a week if you don't hurry.
Or at least take as long as Mosaic or Arena took to become usable.
Enormous resources are being invested into continued development of a platform where users provide valuable feedback.
By the way, ML is long past the point where that data could even be interpreted ambiguously. Those who have the data know exactly who you are and probably some useful traits of what you are thinking the moment you are typing a comment at any big website.
Ah I read as the Brower doesn't need that data. I'd say it needs width (maybe height) but that's it
But this info talked about in OP is done via client sending the data to a server not the server getting it all the time
False. Browsers can announce themselves as desktop or mobile, or even advertise pre-determined fake window and screen sizes for this purpose (in Firefox it's called "letterboxed" in the hidden settings). There is no need for a server to have any of this information anyway - either the design of the webpage should be responsive by default, or the server can send specifically whichever files for styles the browser specifically asks for, perhaps falling back to a "all.css" or something.