22
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Jun 2024
22 points (86.7% liked)
Firefox
17049 readers
452 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
once the javascript gets that information from the browser it's kinda impossible to prevent it from being included in a request without just blocking all requests. It could be anywhere in arbitrarily structured data and/or encrypted
But couldn't the JS runtime track which objects and variables interact with such information, so if they make any HTTP requests with the info after getting it and maybe processing it then it could be rejected?
It would at least be a very intensive process to do so, and that doesn't even solve that there would be other ways to glean the same information without accessing it directly. For example, one could create an element with 100% screen width set by CSS and query the element's size instead of using the simpler window.innerHeight. How do you detect every possible way a script could determine the viewport dimensions?