355
Researchers say they can spy on your browsing by measuring SSD activity through a browser API
(www.tomshardware.com)
this post was submitted on 28 May 2026
355 points (98.6% liked)
Technology
84988 readers
4621 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They really gave internet browsers too much access. Why the fuck does my browser need this level of clearance
Yeah - stuff like this really shows that computing went in the wrong direction. You shouldn't install every crap software on your computer. You shouldn't install every crappy app. Browsers have too much access and are therefore a security risk by themselves. So we are left without any sensible way to run small programs like the one you are using to flash some firmware or to configure your mouse or whatever. Install it on your computer and it will spy on you. Flash the firmware from your browser and you are totally fucked, because your internet-facing thingy can flash a firmware
They better hope there isn't another pandemic. Cuz I am officially labeling that quantity of free time as "1 Degoogle". and if I ever get my hands on another fuckin degoogle I am going to degoogle all over my fucking house
You can Degoogle one step at a time. Make it a weekly habit to spend 10 minutes Degoogling every week and you won’t need to wait for another worldwide shutdown
True. And I did hear if you degoogle at least 20 times a month it reduces your risk of prostate cancer.
Nocturnal google emissions
Holy shit, what do you mean all over your house? How did you ever let it get that bad?
Becau of the push for web apps to get around platform (and platform store) limitations.
e.g. Apple banned apps for vapes (not just talking about nic vapes but e.g. there's a number of cannabis flower vapourisers that use Bluetooth for fine tuned settings, those were forced to move over to web apps as the native apps simply got pulled), but also software like ESPHome is completely web based and needs access to raw USB devices to write the new firmware onto them, the list goes on.
Main issue seems to be that a lot of these APIs don't require explicit user approval. USB, Bluetooth does, but apparently accessing detailed system statistics doesn't? Make that make sense...
Well it’s all potential advertisement revenue
That's not a legitimate reason. The correct response is to make a standalone application, not a web app, and distribute it elsewhere than the main store. It's one more reason sideloading needs to be allowed. If it isn't we end up with vulnerabilities because of workarounds.
Good luck distributing it "elsewhere" when it comes to iPhones.
Yes, even with the DMA forcing Apple to open up to alternative app stores in Europe, Apple still has a definitive say as to what apps can be published, and what those apps have access to.
Also, a lot of the time, a full blown app is unnecessary, or not practical.
The solution isn't to prevent functionality from existing - this includes browsers and web apps having access to certain aspects to the hardware - but giving the user absolute control over what they allow an app to do.
Without creating the stupid browser based loopholes, it wouldn't be a choice. Developers would be pushing Apple and Google to allow "sideloading" (as if alternative sources are any less legitimate than from their stores).
It's just as practical. It's unnecessary for a browser to be built to function as a replacement to an application for literally any purpose. If you're making a website, then fine, you don't need an app. If you're making something that interfaces with the functionality of the device, that isn't the job of a browser.
How do you do this? If the browser has permission it has permission. Each application should be separate so the permissions are separate.
Even without the "browser loophole", developers are pushing Google and Apple about further permissions being granted and sideloading and whatnot. Apple and Google careth not... Your argument is pretty moot at this point.
And no, you can already do per website permissions. Or what the fuck do you think the notification settings are for, or the PER INSTANCE BASED REQUESTS for e.g. Bluetooth or USB device access? Or when a website asks you to access your camera or microphone? These are all instances of the browser having access and the website having to request permission separately from it...
Ever heard of this nifty thing called "sandboxing" that browsers have been doing for, oh, about a decade now?
No, not even without it. Without it there would be a significantly larger push. It wouldn't just be a small movement. It'd be necessary. It's like being on a computer and getting everything from the Microsoft store (if you're on Windows). Sometimes they don't have what you need, so basically every moderate user has had to download something elsewhere. It'd be the same on phones. Apple and Google would not be able to get away with preventing sideloading because every user and developer would care, not just the few of us there are now.
And this is why you shouldn't use any browser based on Chromium, because where Google goes (implementing ever more invasive APIs) they all follow.
Modern browsers are basically an OS of their own at this point. And, in fairness, for many users their actual OS is effectively just a means by which they access a browser. This is not even mentioning something like Chrome OS.
I’m not saying it’s a good idea or that it should be this way, but it is where we are.
I'm not even sure I'd allow them to know my resolution...
If you don’t allow ReCaptcha access to your address book, the website will fail to load.
Then that website can get fucked.