The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?

That’s hardly the Turing Test I’d expected.

You are viewing a single thread.
View all comments View context
5 points

Interesting that my mouse movement is available to anyone who wants it.

It seems like a small step from that to accessing my keyboard.

permalink
report
parent
reply
45 points

Your mouse movement and keyboard events are available to webpages that you’ve loaded, when the browser window is focused.

This isn’t nefarious - it allows websites to build nice UIs that most people enjoy using, most of the time.

There’s lots of shady stuff going on in browsers, this isn’t really one of them.

permalink
report
parent
reply
-3 points

Hmm, I can think of some ways to misuse this. And I’m not very smart at all.

permalink
report
parent
reply
7 points

I mean, how do you think websites work? Of course your mouse and keyboard events are available, otherwise you wouldn’t be able to interact with a website at all.

permalink
report
parent
reply
4 points

Say more

permalink
report
parent
reply
16 points

If you’re using a webpage JavaScript can see your mouse cursor and anything you type. But only if the browser has focus. So if you’re typing in another window it can’t

permalink
report
parent
reply
14 points

Your mouse movement on that page is. Just like if you typed into the page.

It’s not tracking you in other windows and apps.

permalink
report
parent
reply
9 points

They can only access it while you’re focused on their webpage. CORS is all about that.

If you click off to another web page and enter information or type of password into a secondary app they can’t gather that. As soon as they lose focus they lose the ability to capture your data.

permalink
report
parent
reply
3 points

Nbd, but it sounds like you’re talking about encapsulation of event capture (viewport stops receiving events after losing focus).

CORS is a protocol for client-side enforcement of a server-side security policy. It ensures that a resource request (e.g. “my-totally-safe-resource.wasm”) only loads from a location your server permits (e.g. “my-valid-origin.biz”, “friends-valid-origin.org”, etc).

permalink
report
parent
reply
5 points

There is a lot of other data available to sites you visit unless you are using some kind of fingerprint protection

permalink
report
parent
reply
2 points

If loaded with pages didn’t have access to keyboard events, you wouldn’t be able to write comments on Lemmy posts. I’m not a front-end guy, but that should be limited to just white the browser is focused.

permalink
report
parent
reply

Asklemmy

!asklemmy@lemmy.ml

Create post

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it’s welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

Icon by @Double_A@discuss.tchncs.de

Community stats

  • 9.6K

    Monthly active users

  • 5.9K

    Posts

  • 319K

    Comments