What did it say?

In Australia we call them “seppos”. Short for “septics”, which comes via rhyming slang from “yank” -> “tank” -> “septic tank”.

Reread the comment you replied to. Not one word of it was in there accidentally.

Oh yes, that’s a very good point, actually. That actually seems such a fundamental use case that you could almost justify it being available without a permission.

What, like this?

Oireland (pronounced that way)

Is that meant to be making fun of Trump’s accent? Cos I gotta be honest, it comes across to me more like a representation of how Irish people pronounce Ireland. At least, the way I pronounce “oireland” when I see it sounds to my ear much closer to how Irish people say Ireland than to how I say it.

They already have radio and a fairly sophisticated local network. They could definitely do that if they wanted.

Maybe, but I’d like to see a concrete example of how they are “designed to talk to each other” that couldn’t be achieved by the extension just reading the DOM.

I agree with you about dropdown menus being something that could/should be natively available to HTML, but I’m less convinced about form submission. Sure, if we assume everything is happy path it’s a great idea, but a system needs to be robust enough to handle a variety of cases. Maybe you want to redirect a user to a log-on page if they get back a 401, or present an explanation if they get a 403. A 5XX should usually display some sort of error message to the user. A 201 probably needs to add an element into the page, while a 200 might do nothing, or might alter something on the page.

With the huge range of possible paths and desired effects, it pretty quickly becomes apparent that designing an HTML & CSS–only spec that can meet the needs is infeasible. There’s definitely a case to be made that JavaScript has become too powerful and can do too many potentially dangerous or privacy-invading things. And maybe a new range of permissions could be considered to limit a lot of that at a more fundamental level. But what we’re talking about here with the form submission stuff is the real bare-bones basic stuff JavaScript was designed to make easier—alter the contents of web pages on the fly in response to user actions. And it’s really, really good at that.

• Your operating system
• Your CPU architecture

Agree. No reason they should have this.

• Your JS interpreter’s version and build ID

I can see a reasonable argument for this being allowed. Feature detection should make this unnecessary, but it doesn’t seem to be fully supported yet.

• Plugins & Extensions

This is clearly a break of the browser sandbox and should require explicit permission at the very least (if not be blocked outright…I’m curious what the legitimate uses for these would be).

• Accelerometer and gyroscope & magnetic field sensor

Should probably be tied to location permission, for the sake of a simple UX.

• Proximity sensor

Definitely potential legitimate reasons for this, but it shouldn’t be by default.

• Keyboard layout

As someone who uses a non-QWERTY (and non-QWERTY-based) layout, this is one I have quite a stake in. The bottom line is that even without directly being able to obtain this, a site can very easily indirectly obtain it anyway, thanks to the difference between event.code and event.key. And that difference is important, because there are some cases where it’s better to use one or the other. A browser-based game, for example, probably wants to use event.code so the user can move around based on where WASD would be on a QWERTY keyboard, even though as a Dvorak user, for me that would be <AOE. But keyboard shortcuts like J and K for “next”/“previous” item should usually use event.key.

There could/should be a browser setting somewhere, or an extension, that can hide this from sites. But it is far too useful, relative to its fingerprinting value, to restrict for ordinary users.

how sensors are used to fingerprint you, I think it has to do with manufacturing imperfections that skew their readings in unique ways

It’s also simple presence detection. “You have a proximity sensor” is a result not every browser will have, so it helps narrow down a specific browser.

Wait, you can donate plasma two times in one week where you are? That feels kinda insane.

In Australia it’s 12 weeks for whole blood and 2 weeks for plasma. Or 4 weeks for switching from whole blood to plasma.

I’m always surprised when I’m reminded that that show was Disney. It feels so similar tonally to BTAS, I’d have sworn it had to be from the same studio. Especially with how off brand it is for typical Disney cartoons.

Apparently a live action reboot is in the works. Can’t say I’m holding my breath on that one.

They’re pretty much your bog standard right-wing media. They don’t endorse ridiculous conspiracy theories or the overthrow of democracy like Fox News does in America or Sky News does in Australia, and they basically try to stick to relatively factual reporting. But they also, as you say, bias towards the right in story selection. And they’re relatively low-brow, going for sensationalism rather than good journalism, more often than not.

Another brief period of not bad?

The 50s and 60s were the peak of Robert Moses and similar figures in American urban planning. Explicitly racist, destroying the liveability of cities in ways that are still ongoing to this day, with only some of the very most progressive cities even starting to try to turn things around.

It was also the peak of the red scare, during which the “freedom of speech” Americans are so proud of took a back seat to witch hunts over political ideology. Along with that you get the height of US intervention in foreign governments, with the US involvements in Pinochet’s regime in Chile probably being the most striking example, but far, far from the only.

So nah, it might have been a period of time when the US was perhaps less bad than today, but it’s still not great.

The problem comes when it’s not an app you’re using for the app’s sake, but because it’s the app of some company you have a real-world relationship with. Your bank’s app being the most important one that comes to my mind, considering I’ve already heard about some banks trying to restrict users to only Google’s flavour of Android before this.

I’ll admit I’ve not looked into it. My computer won’t even upgrade to Windows 11 if I wanted it to, thanks to MS’s artificial restriction on compatibility. Maybe it is all on-device. But if so, whence all the privacy complaints? And does it not allow syncing between devices?

But with no karma system, and not even any popular extensions for keeping track of users, how do you keep track of “trust built up over a long time”? That’s literally what karma was for, and the Lemmy devs removed that extremely valuable feature.

Nothing they mentioned in the article seems too egregious in truth

Doesn’t it? To be honest, if the article is telling the truth and not exaggerated, I find this pretty egregious. How you installed an app should be irrelevant, so the idea of an API to say “did this come from the Play Store” is fucking shit. And the ability to block installation of apps that call certain APIs entirely is even worse.

One could argue that it’s a feature that could be done on-client without sending to a server. Or with its server component doing nothing more than syncing with E2E encryption.

Yikes this really doesn’t look good. Is there any reporting on it from independent journalists (or anyone else who isn’t also advertising their own competing operating system)?