alt Hacker NewsI guess what I'm advocating for is that it should not be all-or-nothing, and it should not default-on:
Most web sites have no business knowing my time zone. Why are browsers offering it up? That should be gated on the user's permission.
Most web sites should not be able to determine what my screen resolution is, or what my operating system is. Browsers should also hold that back and only disclose it with the user's permission.
Most web sites should not by default have access to all the shit JS gives them access to. Battery Status, Web Audio, WebGL, Sensors, WebRTC, Geolocation, media devices (camera and mic), clipboard, local storage... All of these have uses, but should be behind individual, easy to access per-website preferences, and by default the site shouldn't even be able to query for their existence (which is enough to fingerprint), let alone call them. I shouldn't have to blanket turn off JavaScript to kill these things.
All a website needs to know about me, my browser, or my computing environment is I want to "GET /".
Replies
> Most web sites have no business knowing my time zone.
That would work if websites only displayed dates in UTC. Which is not what most people expect. Browsers need to know your timezone so timestamps can displayed with the right setting for you.
There are browsers that offer that level of control, but most people don't want to use them because they are confusing and don't offer the things most people actually care about.