Click (2016) - https://news.ycombinator.com/item?id=35841679 - May 2023 (35 comments)
Click - https://news.ycombinator.com/item?id=26518290 - March 2021 (243 comments)
Click click click - A browser-based game on online profiling. - https://news.ycombinator.com/item?id=18636038 - Dec 2018 (1 comment)
A demonstration of browser events used to monitor online behaviour - https://news.ycombinator.com/item?id=12985644 - Nov 2016 (165 comments)
for (let i = 0; i < 1000; i++) { document.querySelector(".button")?.click(); }
ETA: It also took a few seconds to get around to telling me (from the bottom up):
Subject has clicked on the button a thousand times.
Subject has clicked on the button one hundred times.
Subject clicks less than most other subjects.
Subject has run script to click on the button ten times within one second.
Subject has clicked on the button nine times within one second.
Subject has clicked on the button eight times within one second.
Apps know when we’re on WiFi, when we force quit, have potential to have motion sensor access if opting in…
Not sure the presentation needed for acceptance into the App Store. As a security checkup tool or something…
(It might not work on touch screens.)
the capability is there, your local hardware determines how seamless it would be.
Mental framing of a tech is weird.
But seriously, the parent comment isn't saying the technical fact a browser can see your cursor's coordinate is unnerving. They're saying the experience of being reminded of this fact is unnerving.
Technically, every time you take a bus ride the driver can just decide to crash the vehicle and kill the passengers and himself. This fact itself isn't unnerving -- it's just how buses work. But if there were a poster on the bus reminding passengers of that, that'd be quite unnerving.
In my case, though, after carefully enabling only scripts from the site and the Cloudflare CDN, but not enabling XHR/websockets back to the source page, or any cookies, the only thing that happens for me is:
1. I see a button and an exhortation to click the button.
2. I click the button.
3. The site goes "Subject has clicked the button."
4. The site goes "...".
...and then nothing else happens, no matter where I click or move my mouse. In the background I can see attempted websocket connections, but I'm blocking those so they can't happen.
If the aim of the game is to open people's eyes to the dangers of online tracking, it feels like there should be a reward mechanism if such tracking is blocked!
Presumably it's a simple matter to send something back to a server, but I've really never thought about the mechanisms involved.
I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.
Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.
[0]: https://idiallo.com/blog/spying-on-your-user
the people doing the "analytics" (surveillance) like their privacy too, because they are doing creepy stuff and don't want people to know it. And even if they aren't doing creepy stuff, the data might be used that way in the future (profile building, psychological tricks, personalized pricing, sharing behavior with others, etc)
Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious. Which was a manageable problem when it was just a single dude being weird, society would eventually exclude and shun them. Trouble is today that we've mechanised malicious inappropriate behavior at scale and ensured we've set up our entire society and government such that the people responsible can never be held accountable in any way. So long as you're being maliciously creepy at scale (and you're wealthy) everything's fine and there's no consequences.
For the majority of people I don’t think it’s true that they don’t care, but rather that they don’t know, don’t understand the implications, or don’t have the luxury of being able to do anything about it.
In the instances where I was able to have a longer discussion with someone to really explain what’s going on, they did care. Even if they previously said they didn’t.
Please be honest with yourself. People don't read terms and conditions. There's a good chance you don't read terms and conditions. And even if you do, odds are better than even that you don't fully understand all the legal implications.
Terms and conditions pages nowadays are there mostly to provide legal protection under the guise of "the user told us that they read these by ticking a box on our signup page; it's hardly our fault if they didn't."
Everyone understands websites use analytics and tracking, but people dont want to be reminded of it. Which is why people hate those FB ads which exactly match what you searched for 24 hours ago.
And until AI got better, that was a very reasonable assumption.
That's why I built https://safebots.ai -- because I want predictability again with AI. Provable predictability, in the same sense that smart contracts or appliances have.