Why? Fingerprinting. Rather than these APIs being used for what they are meant for, they end up being used for gross ad tech. As in, “hey, we don’t know exactly who you are, but wait, through a script we can tell your phone stopped being idle from 8:00 am to 8:13 am and were near the Bluetooth device JBL BATHROOM, so it’s probably dad taking his morning poop! Let’s show him some ads for nicer speakers and flannel shirts ASAP.”… Read article “Apple declined to implement 16 Web APIs in Safari due to privacy concerns”
I’ve been guilty of publicly bemoaning the complexity of HTTPS. In the past, I’ve purchased SSL certificates from third-party vendors and had trouble installing them. I’ve had certificates expire and had to scramble to fix them. I’ve had to poke and prod hosting companies to help me ensure things were going to renew correctly, and left unsatisfied.
Most of the time you don’t really care about whether a user is actively engaged or temporarily inactive on your application. Inactive, meaning, perhaps they got up to get a drink of water, or more likely, changed tabs to do something else for a bit. There are situations, though, when tracking the user activity and detecting inactive-ness might be handy.
Let’s think about few examples when you just might need that functionality:
- tracking article reading time
- auto saving form or
In this week’s roundup: DuckDuckGo gets smarter encryption, a fight over the sale of dot org domains, and a new browser engine is in the works.
Don’t read that headline and get worried. I don’t think CSS is a particularly dangerous security concern and, for the most part, I don’t think you need to worry about it.
But every once in a while, articles tend to circulate and get some attention as to the possibilities of what CSS can do that might surprise or worry you.
Here’s a little roundup.… Read article “CSS Security Vulnerabilities”
It’s sorta sad by funny that that big Zoom vulnerability thing was ultimately related to web technology and not really the app itself.
There is this idea of custom protocols or “URL schemes.” So, like
dropbox:// or whatever. A native app can register them, then URLs that hit them get passed to the native app. iOS has “universal links” which are coming to the web apparently. (Atishay Jain has an excellent write-up on them.) But … Read article “Zoom, CORS, and the Web”