> Of course, I know in practice most people don't understand what their browsers are doing, and there aren't a ton of practical choices for people around what their browser sends, and the internet is no longer an optional thing for a lot of our lives.

This is the root problem. Your browser is supposed to be your agent. It's the User Agent, after all! It should be working on the user's behalf, users should understand what their browsers are doing, and browsers shouldn't be doing anything without the user understanding and affirmatively consenting to it. I should be the ultimate authority over what my browser sends, and browsers should make it trivial to exercise that authority.

In reality, the browser is Somebody Else's Agent. It's working for the web developer, giving him all sorts of things that make his life easier. And it's working for the advertiser, providing tracking clues and fingerprinting. And it's working for the browser developer, collecting metrics and telemetry and god knows what else for them to do god knows what with. But, it's not really working for me or on my behalf anymore, I'm just a passenger in the car.

EDIT: Understood that IP address is not something under the browser's control, and it's unfortunately necessary to reveal in order to connect to a web site. It's a terrible mis-feature that IP addresses (by default without a VPN) can be reliably mapped to countries, state/provinces, and sometimes even cities. This is a huge design flaw in how we hand out IPs. In a better world, having an IP address shouldn't reveal anything about someone's geographic location.

> You appear to be in Denver, United States. Your internet provider is Netskope Inc. We know this because your IP address — 163.xxx.xxx.32 — was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice. We did not ask for your location. Your address arrived before you did.

"We know the rest of it. We chose not to display it. Most pages would not have made that choice" this is written to frighten children maybe? Also that's not my internet provider. Maybe it's my ISPs upstream provider?

Maybe it's because I'm idealistic in addition to being old, but I think a lot of this functionality was in fact added for explicit purposes.

A client sends the language header or the list of supported fonts not so that the server can "do whatever they want with this data." There is (or was) a real reason for it when we came up with these standards.

The fact that website providers, or more specifically ad-networks, have chosen to use these for other purposes is breaking that implicit agreement.

(edit) but you're probably right that i'm expecting too much.

The location it chose was laughably inaccurate (and since I'm the kind of person who posts here I know why). Censoring the IP address was a little cheesy, but down at the bottom it gets better.

It knew how much my phone was charged and it made correct inferences about my device. It accurately read my gyroscope, how I interacted with the touch screen, and it demonstrated (not new knowledge to me but probably interesting to the general public) how these things could be used to identify you and also to make inferences about you (if you are sitting, standing, lying down, etc).

It starts slow but it got interesting.

One thing is using information about my connection like my IP and a different one is my browser exposing the angle that I'm holding my phone.

I should be able to expect some privacy from my device. What if my browser starts sending a picture of my front camera with every request, is that okay?

I think a lot of us old tech folks want to still believe in those techno-libertarian ideals of the old web. However, in order to do that we largely need to ignore the capitalistic and authoritarian ideals of the modern web.

Us not owing each other anything worked great in a prior era when people were largely correct in assuming most people were good actors. But as soon as the money and power of the internet became real, things started to turn more adversarial. The assumption of trust and lack of responsibility makes it easy for one side to take advantage of the goodwill of the other. And the technical and power imbalances inherit to the server-client nature of the web means that abuse is more likely to flow in one direction than the other.

I remember late 90s - we made a website that greeted incoming readers with message “Hey, you come from {ip address}.”

Today, it seems that websites track and collect much data as they have partnerships with 1,000 partners (see cookies consent window).

I remember some users with phpBB signatures some 20 years ago that did the "I know where your IP address lives" trick. Yeah, a bit surprised this is still being done, only today not as some silly troll move in a forum but on some professionally designed website.

Missing the deforestation for the tree-trimmers? If it was only one or two websites blocking people it wouldn't be a problem.

Browser volunteering an angle at which I'm holding my phone is a bit surprising.

My students are essentially forced to use MS services. So... there is that.

So am I, come to think of it.

Someone sets up a server that accepts connections to it and then someone sends a connection request to it.

My disappointment is not with websites. It is with browsers. They have continuously prioritized dark pattern support. They have consistently removed user control.

I mean it's not the websites that default to recording every keystroke, default to tracker persistence, default to phoning home with daily telemetry, etc.

When I first started using HN, I ran four very different browser engines. Now there's no real choice.

[flagged]