this post was submitted on 23 May 2026
9 points (76.5% liked)

No Stupid Questions

4101 readers
36 users here now

There is no such thing as a Stupid Question!

Don't be embarrassed of your curiosity; everyone has questions that they may feel uncomfortable asking certain people, so this place gives you a nice area not to be judged about asking it. Everyone here is willing to help.

Reminder that the rules for lemmy.ca still apply!

Thanks for reading all of this, even if you didn't read all of this, and your eye started somewhere else, have a watermelon slice 🍉.

founded 4 years ago
MODERATORS
admin@lemmy.ca
9
What is the point of all the information given out by your browser? (literature.cafe)
submitted 18 hours ago by NannerBanner@literature.cafe to c/nostupidquestions@lemmy.ca
16 comments fedilink hide all child comments
 

So the other day someone linked to a website that highlighted how much information is just gifted to any place you visit on the web.

I'm aware of some of it being intrinsic to the manner of connection. A website knowing your IP (even if that is the IP of the vpn or tor exit node you're using) is basically essential to the function of the internet. Why everything else though? What fucking idiot/asshole decided to even have an api for your gpu? Why the fuck is my browser reporting on the battery status? Light/dark mode? Visibility (whether or not the tab is 'active', the fuck?!? My OS?!!???!?!!!?!?!?

As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?

top 16 comments
sorted by: hot top controversial new old
[–] Wxfisch@lemmy.world 4 points 17 hours ago

In a non-malicious way it can all be helpful to websites to know the capabilities of your device to allow it to change what the site delivers/how it renders. Knowing your GPU allows it to know if your device supports WebGL/DirectX/Vulkan etc., knowing light or dark mode allows for it to set the site the same as your system, if the tab is not active it can pause content, and if you have a low battery the site can try to be less power hungry by perhaps not asking to render a ton of active content. Knowing if your on a mobile device can allow the site to deliver a mobile optimized layout, or if you have touch capability to render buttons larger.

The fact that advertisers and data brokers use this to fingerprint you as a user is just a non-intended use of good intention features. In reality, if you do hide this information (which you often can using developer tools in many browsers) you’ll find the some sites will just not work or will act wonky and data brokers will still fingerprint you using things like tracking pixels, your IP, or user agent string info that you can’t really hide without fully breaking the web. You only need three or four individual pieces of information to pinpoint specific individuals in most cases so they don’t really need all of it, it’s just easier and more accurate the more information they have.

[–] tal@lemmy.today 2 points 17 hours ago* (last edited 17 hours ago)

What fucking idiot/asshole decided to even have an api for your gpu

Well, most websites in 2026 don't use 3D stuff, but some do, and for some of those, there isn't really an alternative. Take Google Earth as an example.

I think that given its limited use, you could realistically make 3D an opt-in thing where each website has to have user authorization, the way location data is.

There's also some more-widely-used HTML5 Canvas stuff, which permits for rapidly-drawn 2D stuff. I think that, say, MarineTraffic uses it to draw its map. That provides a lot unique identity stuff to be leaked, but its hard to, for example, let Javascript rendering pixels run without knowing, say, the DPI of the screen.

Light/dark mode?

That isn't your systemwide mode, but provides a request from your browser as to whether to use the light or dark version of the website. Not all websites have handmade dark and light versions, but for those that do, it's generally preferable from a user standpoint to using something like Dark Reader to dynamically generate a dark mode.

Visibility (whether or not the tab is ‘active’, the fuck?!?

I'd guess that it probably permits a tab with Javascript running to deactivate itself in the background and to stop using CPU time.

My OS

That's been around for a long time, as IIRC it's in the User-Agent string. You can fake that if you want, and honestly, it's probably not a critical piece of information, but a lot of websites that let one download software use it to preselect the appropriate version for whoever is downloading stuff. May be some other uses; not sure.

As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?

A lot of it can be disabled or faked, but websites that rely on it may not work. Firefox has CanvasBlocker, which prevents a lot of HTML 5 Canvas queries in a way that still lets most things work, faking approximate information. It may break some websites for you, but that'll avoid leaking some of that information.

If you disable Javascript with something like NoScript, you can block a lot of that by only letting Javascript run on a per-website but...a very high proportion of websites in 2026, unfortunately, won't work without Javascript.

[–] schwim@piefed.zip 2 points 18 hours ago (1 children)

I'm surprised many of these aren't obvious to you.

tab is 'active', the fuck?!?
A website serving a video will need to know if you're actually watching so it can stop playback or if background playback is desired, they know they can lower the quality of the video being delivered to save bandwidth.

Light/dark mode?
Sites are often designed to align with the light/dark theme set in the browser or OS.

battery status?
Less demanding objects are often delivered to visitors with low battery.

gpu
Some objects being delivered benefit from knowing which drivers/GPU they need to be compatible with.

etc. etc.

The creators of a browser doesn't benefit from providing this information. It's all stuff that can sometimes result in a better browsing experience and since the browser doesn't know which sites would, it provides the information for every page load in the handshake.

If you don't like it, use a privacy-focused browser or an extension to randomize the data.

[–] redlemace@lemmy.world 2 points 17 hours ago (2 children)

Less demanding objects are often delivered to visitors with low battery

This one still pisses me off! Just because my batt is charged, does not mean they are to waste it!

[–] dangling_cat@piefed.blahaj.zone 2 points 16 hours ago

As a web dev I’ve never seen a single website do that.

[–] masterspace@lemmy.ca 1 points 16 hours ago (1 children)

It's not wasting it, the low power mode is probably a worse / degraded experience. Think like serving up a lower resolution video or song rather than a high quality one.

[–] redlemace@lemmy.world 2 points 16 hours ago (1 children)

I've been on websites .... i'd rather have my battery charged than their 'improved' experience. For 99.9% it's all about form over function.

[–] masterspace@lemmy.ca 1 points 14 hours ago* (last edited 14 hours ago)

You can probably find a config setting or browser extension or dev tools way of forcing the browser to always report low battery... Thought probably not in iOS given their mandate for safari.

[–] bjoern_tantau@swg-empire.de 1 points 17 hours ago (1 children)

GPU

So that you can run interactive 3D applications like games in your browser.

battery

To adjust the performance of a web application to save more power.

Light/dark mode

To give you matching website.

active tab

Again to adjust performance or to pause an application.

OS

Is often used to give you a download link that matches your OS.

As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?

You can disable or fake most of the stuff. But that usually makes you stand out even more in their statistics.

[–] greencoil@lemmy.frozeninferno.xyz 3 points 15 hours ago

So that you can run interactive 3D applications like games in your browser.

Hardware info does not need to be sent server side to accomplish this. OpenGL and Vulkan APIs can both say what the current hardware supports without hardware identifiers. A malicious website could probably still fingerprint based off those listed features, but that's just a justification for "don't accept requests for GPU hardware acceleration without user permission". Currently modern web browsers broadcast it no matter what the page is requesting.

To adjust the performance of a web application to save more power.

Name me one web "page" that does this. A web "application" doesn't count. My native browser should should never broadcast this, ever.

To give you matching website.

Can/should be ran client side.

Again to adjust performance or to pause an application.

Can/should be ran client side. Its none of the websites/applications business whether I have frozen its process or not.

Is often used to give you a download link that matches your OS.

A small quality of life, isn't worth it. Thankfully its the easiest thing to fake/lie about on this list. Most of these "features" on this list are not user facing and cannot be turned off with basic configurations.

[–] justdaveisfine@piefed.social 1 points 18 hours ago (1 children)

The logic is so that web devs can better tailor sites to your set up. Like don't run fancy graphics for a battery mode laptop, change the theme to match user's theme, etc.

But obviously this is (now) just used to fingerprint and track users for more ad revenue.

[–] masterspace@lemmy.ca 2 points 16 hours ago

I feel like most people are missing that the issue is with data selling and brokering.

Ban that and 99% of these concerns go away.

[–] masterspace@lemmy.ca 0 points 17 hours ago (1 children)

Lmfao, US Congress could ban all data selling and brokering in a single session, and you think browser makers are the asshole for providing basic APIs for web apps?

[–] greencoil@lemmy.frozeninferno.xyz 2 points 15 hours ago (1 children)

I can hate them both. 90% of this info has no legitimate reason to leave the clients machine. In a world where open source development is still legal and available, I don't see why its so hard to have a web browser that doesn't broadcast every single hardware detail about your machine.

I hate how this situation is spoken about as a lost cause. People in the comments section here are acting like this information is required for the web to work at all. Probably weren't alive at a time where websites could be stored offline because they didn't expect constant client validation. Multiple comments acting like light/dark mode requires a server request, and couldn't just be handled offline by the clients browser choosing how to render stuff after its been downloaded. Bet they think the web server needs to know the time zone too.

[–] masterspace@lemmy.ca 0 points 14 hours ago* (last edited 14 hours ago)

90% of this info has no legitimate reason to leave the clients machine.

Theres no way to control that.

People in the comments section here are acting like this information is required for the web to work at all. Probably weren't alive at a time where websites could be stored offline because they didn't expect constant client validation.

Some of us are professional software developers old enough to have started programming in Windows 95. Rather than being dismissive, maybe you should question whether you have a full understanding of how everything works.

Multiple comments acting like light/dark mode requires a server request, and couldn't just be handled offline by the clients browser choosing how to render stuff after its been downloaded. Bet they think the web server needs to know the time zone too.

Light / dark mode doesn't require a server request. It's a client side API. The client side JavaScript or CSS can request to know what mode the system is wants and can adjust itself accordingly.

The problem is that there's no way of preventing the client from knowing what mode it ends up in and sending that information back. The client need to be able to query what's rendered for a variety of reasons, not least of which is maintaining backwards compatibility with all of the 90s and 00s era web APIs that use these to update what's displayed.

You can disable JavaScript if you want, and that will prevent much of this information being sent back, but you'll also break most websites because most websites need client side JavaScript to provide a modern UX that people expect, because at a fundamental level, dynamic software that responds to what the user is doing and adjusts itself accordingly is more powerful then static software that just consists of a preset information laid out. You can build basic websites that consist of just static documents and forms and work without JavaScript but you're limited to basic document sites without interactivity like blogs.

[–] NegativeLookAhead@lemmy.ml -1 points 18 hours ago

Your entire existence is a money making opportunity for someone else.