the issue with scripting on web engines down to abstracting hardware into javascript or emitting LLVM LLIR based assembly (wasm) isn’t that it’s possible at all

it’s that the granularity of the permissions with these things doesn’t exist. the security is hastily stapled onto it as an afterthought because flash died a horrible death due to basically not having any.

and because of this, there’s privacy invading abuse.

in addition to javascript and such being so chaotic to implement, there’s a lot of undefined behaviors that can be used to fingerprint devices, compounding onto that.

like you can use the canvas api to fingerprint devices based how your hardware actually renders to the canvas

but this same api is used to add a badge number to the favicon, a completely mundane and honest use case.

there is a reality where we can have both, just not with the javascript we have today.

@ada nevermind how much the GPU APIs leak lol

unfortunately while the internet is run by:

• an ad company
• a company that does not give a shit about web scripting
• and a company that sells itself to the highest bidder, which currently is a tie between the aformentioned ad company and another ad company

i don’t see this happening

(google, apple and mozilla)

@ada librewolf actually blocks html canvas access by default for this reason! it has since the day i started using it

@shroomie yes but that only is one half of the problem with that specific api

there are real legitimate uses to use the canvas api. there is no granularity between “export data”, “download data” and “use data on page” which is an issue

because these security controls aren’t designed alongside the system, they’re slapped on after the fact

@shroomie @ada which means any images re-compressed (just to remove exif data, even) in librewolf turn into wonky lines. because canvas is the only way to do that without bundling in a webassembly libvips or something

@kopper @shroomie cropping images on upload also

but also removing as many tracking parameters as possible itself is an indicator that could be uniquely fingerprinted. especially if you are leaking a few unique identifiers like timezone, window size, what your default “standard” permissions are

@kopper @shroomie like vruh 😭

@ada yeah i know pretty well :pensive: