this post was submitted on 27 Aug 2023
264 points (93.1% liked)

linuxmemes

21625 readers
158 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  • ย 

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 2 years ago
    MODERATORS
    you are viewing a single comment's thread
    view the rest of the comments
    [โ€“] [email protected] 16 points 1 year ago (1 children)

    Anything you do in the UI has some associated backend request (everything relevant at least). Search queries, loading albums, skipping, changing settings, anything is just a Web requ on their backend server which could still be collected. The custom ui does not save you from relevant data collection. Only thing potentially not getting tracked is empty navigation between tabs, but there is not a lot of info in tab switching

    [โ€“] [email protected] 4 points 1 year ago (1 children)

    That's what I meant by "extra data collection," it just gets data that has to do with what you do on the server, which is significant, but you're still protected from kinds of local collection (e.g.: device model, IMEI if possible, screen resolution, networks you connect to, etc.) other than not having analytics trackers and ads. It may sound a bit crazy, but it is possible to collect this kind of stuff to fingerprint you, just like browser fingerprinting.

    [โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

    This is true for the desktop/mobile app application I aggree with you there since its a CEF native on desktop and mobile apps have these kinds of APIs. I very much disagree with the Web client (which admittedly my original comment didn't mention at all, personally I mainly use the Web player)

    Since on Web it's just a Website, all previously mentioned serve side tracking applies; but getting any hardware information through the sandboxing would break the browser security model and is not possible since there is no such web API. Web fingerprinting is one of the reasons apple (at least they keep bringing it up as a concern) is not keen on implementing the Web API for the luminance sensor on safari. Interestingly webkit (chromium core) does have the functionality which is why it's behind a dev flag atm (https://developer.mozilla.org/en-US/docs/Web/API/AmbientLightSensor)

    Identifying hardware should not be possible according to the browsers security model.

    I should've phrased my question as 'what advantage does spotube provide over Spotify premium in the browser', after downloading it and trying it out I am guessing the biggest advantage is the download button and stuff like that? Though... I personally have no use for offline Musik nowadays.

    Edit: Sidenote: the Mozilla docs frequently mention that the user agent may be used to infer hardware/browser information, and therefore developers are encouraged so spoof it (and in general not to trust the information given)

    [โ€“] [email protected] 0 points 1 year ago (1 children)

    Most tracking and fingerprinting is driven by JavaScript running on the browser itself, not server-side tracking. Also WebKit and Chromium are not the same engine.

    [โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago)

    Here is a documentation link of chromiums conceptual application layer: https://www.chromium.org/developers/design-documents/displaying-a-web-page-in-chrome/ which clearly shows the core of chromium (especially rendering, and API infrastructure by w3) is done via WebKit through a Webkit Port and a glue layer for type compatability.

    I never said WebKit and Chromium are the same engine, mainly because chromium is not an engine at all. WebKit is a browser engine and is the core of chromium, chromium is a browser core, but not an engine.

    Where do you get the information from that most fingerprinting is done in JS ? Because, in the end, the data has to be sent to a server to be processed (even if the fingerprint is aggregated in a cookie). Which in turn would just be another way of saying its on the backend.

    If i do a JS request to the backend bc i want to see album X and its cover, i request the resource from the server. There is no way around this. If the actions I took are saved on a local cookie or the server directly logs the request makes 0 difference in the end as to process the logged action it would've to be sent to the server anyways; else there is no point in logging.

    Here is mozillas docs for fingerprinting: https://developer.mozilla.org/en-US/docs/Glossary/Fingerprinting As can be seen the tab itself only has access to the APIs of the hardware down under, which can in turn not really be trusted as any linux user can easily spoof these. Sure you can be identified, as in your browser. But nothing about your hardware. I just did that test and all the hardware info is miles off.

    I am not sure what point you are trying to make.