The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?

That’s hardly the Turing Test I’d expected.

  • Melatonin@lemmy.dbzer0.comOP
    link
    fedilink
    arrow-up
    9
    arrow-down
    4
    ·
    3 months ago

    Interesting that my mouse movement is available to anyone who wants it.

    It seems like a small step from that to accessing my keyboard.

    • sbv
      link
      fedilink
      English
      arrow-up
      47
      ·
      3 months ago

      Your mouse movement and keyboard events are available to webpages that you’ve loaded, when the browser window is focused.

      This isn’t nefarious - it allows websites to build nice UIs that most people enjoy using, most of the time.

      There’s lots of shady stuff going on in browsers, this isn’t really one of them.

        • Takumidesh@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          3 months ago

          I mean, how do you think websites work? Of course your mouse and keyboard events are available, otherwise you wouldn’t be able to interact with a website at all.

          • Melatonin@lemmy.dbzer0.comOP
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            3 months ago

            This was the slap on the head I needed. I now get what you mean by interact with my keyboard. In other words = can tell what I’m typing. Like perfectly normal function of websites.

            I didn’t understand the “focus” part and how it helped. I think I said earlier, I’m not particularly smart.

          • Melatonin@lemmy.dbzer0.comOP
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            3 months ago

            Like those sites that ask me to sign in using Google (or other options) and then Google asks me for the password?

            Pretty easy to grab passwords I think.

            • howrar@lemmy.ca
              link
              fedilink
              arrow-up
              13
              ·
              3 months ago

              Those websites send you directly to Google, so they no longer have control of the web page when you’re entering your password.

            • Aatube@kbin.melroy.org
              link
              fedilink
              arrow-up
              10
              ·
              3 months ago

              This is why Google sign-in can’t be embedded and uses the password input type for the password type. Most SSOs do this as well.

            • naticus@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 months ago

              To clarify, websites can’t capture keyboard events that were typed into a different website like you’re thinking. Think of going to a web game that let’s you use WASD for controlling your character. It’s able to capture those events on that page because its in focus. When a site goes out of focus (such as switching tabs or switching to another window that’s not the browser), it loses that ability. Overall, it’s very secure.

              I was more wondering how you thought capturing the mouse movements would lead to security issues.

    • MoonManKipper@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      3 months ago

      If you’re using a webpage JavaScript can see your mouse cursor and anything you type. But only if the browser has focus. So if you’re typing in another window it can’t

    • Shadow@lemmy.ca
      link
      fedilink
      arrow-up
      15
      ·
      3 months ago

      Your mouse movement on that page is. Just like if you typed into the page.

      It’s not tracking you in other windows and apps.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      3 months ago

      They can only access it while you’re focused on their webpage. CORS is all about that.

      If you click off to another web page and enter information or type of password into a secondary app they can’t gather that. As soon as they lose focus they lose the ability to capture your data.

      • Septimaeus@infosec.pub
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        Nbd, but it sounds like you’re talking about encapsulation of event capture (viewport stops receiving events after losing focus).

        CORS is a protocol for client-side enforcement of a server-side security policy. It ensures that a resource request (e.g. “my-totally-safe-resource.wasm”) only loads from a location your server permits (e.g. “my-valid-origin.biz”, “friends-valid-origin.org”, etc).

    • whoareu@lemmy.ca
      link
      fedilink
      arrow-up
      5
      ·
      3 months ago

      There is a lot of other data available to sites you visit unless you are using some kind of fingerprint protection

    • boatswain@infosec.pub
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      If loaded with pages didn’t have access to keyboard events, you wouldn’t be able to write comments on Lemmy posts. I’m not a front-end guy, but that should be limited to just white the browser is focused.