How long until a canvas is used to render the full chrome of a web browser (e.g. including the TLS padlock), showing a fake benign URL in the (fake) address bar while having the user interact with a malicious page?

That's why we have "youtube.com is now full screen" message.

Yes, but this "emergency" UI of the OS could be improved I think. (Also that functionality could have been build easily with normal DOM and JS, cancel and override all events, etc)

Already done, it's called a "browser-in-browser" attack.

> we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work

Since you did collect the metrics, you had direct knowledge of how many users opened the T&C and scrolled down to the place where you mention you're recording their session.

Would be interesting if you can share an aggregate statistic of that.

They may have scrolled down to it but that doesn't mean they read it. And even if they read it, they may not have understood it.

And the same goes for other would be conclusions people think they get from their invasive telemetry.

All the questions about sneeze are either about open air, or Newton's third law. Did really no one ask what happens if you sneeze while wearing a spacesuit helmet? Does the visor have a windshield wiper on the inside?

I'm glad we don't have exclusion zones like that one in France either.

Punitive pricing is a great thing.

The less energy you spend to deliver value, the better for everyone.

I can think of many many examples of using electricity as a greater value to society than not using it.

You misread my comment.

If someone can deliver the same greater value to society using less electricity than you, they should be rewarded.

As addressed in the article ("Choosing the right target"):

> Pick the *highest-level* entry point that contains the bug

That's not prevention. That's remediation.

In my case, the site reports "The technique is called browser fingerprinting. It is legal everywhere."

It is definitely not legal in Europe, when used to track individual users. The consent pop-ups are not only about cookies.

I'll ask the obvious: wouldn't the aircraft just take to the skies directly, without bothering with the formality of setting their transponder, if they were knowingly escaping an apocalypse scenario?

There’s no formality. For planes with ADS-B out, it’s on when the plane is on (barring it being explicitly disabled by yanking the fuse).

Plus transponders are really convenient when you’re trying not to crash into other air traffic. Particularly in a scenario where you might be expecting ATC to be unavailable or abandoning their posts.

AFAIK the transponder kind of turns itself on when powering on the plane, you'd have to explicitly disable it but then you'd have weird discussions with the airport tower guiding you to a free timeslot on the runway which would just delay your takeoff, since ignoring the airport tower is a good way to not get off the ground at all because you'll accidentally be hit by some other plane.

99.99% of airports do not have "timeslots on the runway." Most airports in the US have no tower whatsoever.

But I bet if you filter for airports that business jets park at, the percentage of airports without towers is much lower than the overall average.

And the percentage of airports with "timeslots on the runway" is still going to be 0.

In a theoretical scenario of the billionaire class of the world having some kind of "advance warning" of the apocalypse, they'd be taking to the air in the hours or several days prior to a total disaster happening. Meaning this would be done while the local governments were ostensibly still functioning, in which case you can't just have your private jet depart without active ADS-B and in-the-clear voice traffic for ground, and air traffic control coordination.

If governments and airspace control have already collapsed, post tense, then of course anything goes.

Colliding with other planes is going to impede your escape plan, so it would still be a good idea to turn the thing on. No further action needs to be taken for the ADS-B output to be correct, it works once it's powered on.

Don't want to get shot down?

You won’t get shot down for merely taking off without a transponder.

Worst case scenario a fighter jet will be scrambled to investigate.

But in apocalypse scenario, chances are the fighter jets will be busy with tasks other than enforcing FAA rules.

> But in apocalypse scenario, chances are the fighter jets will be busy with tasks other than enforcing FAA rules.

Depending on the type of event, they very well could be scrambling to shoot down unidentified aircraft.

Fog of war sucks, and friendly fire still happens often.

They wouldn't have to set anything. The transponder on almost any modern plane defaults to automatically on, either immediately or at takeoff. With Mode C (reporting altitude) or S (& reporting more) and squawking 1200 (VFR).

Law #0: don't reflowb or otherwise move around the UI element I'm going to click on.

HATE Google Search for that, this dumb "people also ask" and the Gemini answer that takes ages to generate and pushes the whole content down.

This drives me up a wall. Short of UX and front end devs taking this seriously, ive always wondered if theres a way for an OS level / browser level UX library to keep track of the "clickable state" 20ms ago (configurable to the user's reaction time liking) so the thing I click on is what my brain thought it was clicking on.

The better solution is developers and designers taking a sense of pride and craftmanship in this sort of thing. So many of my least favorite interfaces are presumably designed and implemented in an environment with a gigabit connection to their apps backend so they never catch it.

This one has somehow found its way into the iOS photos app of all places. Something is deeply amiss in the industry if the corporate avatar of design misses that one.

I sometimes use a trackball — without a "scroll wheel".

So in Google Maps on the web, I'd have to click the + and - buttons on the screen repeatedly to zoom in and out.

But those buttons don't always stay put. There is a status bar underneath it, that sometimes contains text so long that it wraps: and then that pushes the buttons up.

So sometimes, I click + + + - . Very annoying.

This. I'm not a fan of expanding links, like when a user hovers over a small button with an icon, and it expands to reveal the full button name, but the content around it (like other buttons) shift because of the size change.

also: don't distract with unnecessary and unrelated graphics

It's a bit ironic the laws of UX is presented this way with gaudy graphics that are cumbersome to scroll through. They take up a lot of screen real estate and would disrupt what the typical user is used to.

I would recommend reading another headline on this forum in regards to idiomatic design: [[https://essays.johnloeber.com/p/4-bring-back-idiomatic-desig...][#4: Bring Back Idiomatic Design - by John Loeber]]

That site itself violates at least "similarity", "proximity" and "common region" as everything is sorted in one alphabetical list.

but if we don't move around the skip ad link as we first detect your mouse moving towards it we will never make any money!