Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

W-why is window LOCATION exposed to websites? Apparently even in FF private browsing...

At first I thought this is an electron only thing. I get it that we gave up on fingerprinting resistance but this is like pissing on it's grave.

EDIT: privacy.resistFingerprinting set to true fixes the coords to 0



I thought you meant literal `window.location` and was confused, but yeah `window.screenX/Y` is a pretty suspect feature, now that you mention it.


I'm as surprised as well.

I'm trying to guess why, and can only imagine that at some point the idea was to support multi-window webapps, like maybe you'd have separate windows for documents and different tool palettes, and they'd want to know each other's locations to try to prevent overlaps? I mean, back in the day, framesets were another idea that experienced some popularity before being totally eclipsed by <iframes> -- all of this back in the era when everything was based on the multiple-windows paradigm rather than the multiple-tabs paradigm. Window.screenLeft apparently originated in IE [1].

Just a guess though. Very curious if there's any legitimate reason for it to continue to exist, or whether W3 ought to deprecate it.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/scre...


On Wayland, a native window can't even get that information. At least not in a way that works across composiotors.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: