• @zweieuro
    link
    1
    edit-2
    1 year ago

    This is true for the desktop/mobile app application I aggree with you there since its a CEF native on desktop and mobile apps have these kinds of APIs. I very much disagree with the Web client (which admittedly my original comment didn’t mention at all, personally I mainly use the Web player)

    Since on Web it’s just a Website, all previously mentioned serve side tracking applies; but getting any hardware information through the sandboxing would break the browser security model and is not possible since there is no such web API. Web fingerprinting is one of the reasons apple (at least they keep bringing it up as a concern) is not keen on implementing the Web API for the luminance sensor on safari. Interestingly webkit (chromium core) does have the functionality which is why it’s behind a dev flag atm (https://developer.mozilla.org/en-US/docs/Web/API/AmbientLightSensor)

    Identifying hardware should not be possible according to the browsers security model.

    I should’ve phrased my question as ‘what advantage does spotube provide over Spotify premium in the browser’, after downloading it and trying it out I am guessing the biggest advantage is the download button and stuff like that? Though… I personally have no use for offline Musik nowadays.

    Edit: Sidenote: the Mozilla docs frequently mention that the user agent may be used to infer hardware/browser information, and therefore developers are encouraged so spoof it (and in general not to trust the information given)

    • Gianmarco Gargiulo
      link
      fedilink
      01 year ago

      Most tracking and fingerprinting is driven by JavaScript running on the browser itself, not server-side tracking. Also WebKit and Chromium are not the same engine.

      • @zweieuro
        link
        1
        edit-2
        1 year ago

        Here is a documentation link of chromiums conceptual application layer: https://www.chromium.org/developers/design-documents/displaying-a-web-page-in-chrome/ which clearly shows the core of chromium (especially rendering, and API infrastructure by w3) is done via WebKit through a Webkit Port and a glue layer for type compatability.

        I never said WebKit and Chromium are the same engine, mainly because chromium is not an engine at all. WebKit is a browser engine and is the core of chromium, chromium is a browser core, but not an engine.

        Where do you get the information from that most fingerprinting is done in JS ? Because, in the end, the data has to be sent to a server to be processed (even if the fingerprint is aggregated in a cookie). Which in turn would just be another way of saying its on the backend.

        If i do a JS request to the backend bc i want to see album X and its cover, i request the resource from the server. There is no way around this. If the actions I took are saved on a local cookie or the server directly logs the request makes 0 difference in the end as to process the logged action it would’ve to be sent to the server anyways; else there is no point in logging.

        Here is mozillas docs for fingerprinting: https://developer.mozilla.org/en-US/docs/Glossary/Fingerprinting As can be seen the tab itself only has access to the APIs of the hardware down under, which can in turn not really be trusted as any linux user can easily spoof these. Sure you can be identified, as in your browser. But nothing about your hardware. I just did that test and all the hardware info is miles off.

        I am not sure what point you are trying to make.