So the other day someone linked to a website that highlighted how much information is just gifted to any place you visit on the web.
I’m aware of some of it being intrinsic to the manner of connection. A website knowing your IP (even if that is the IP of the vpn or tor exit node you’re using) is basically essential to the function of the internet. Why everything else though? What fucking idiot/asshole decided to even have an api for your gpu? Why the fuck is my browser reporting on the battery status? Light/dark mode? Visibility (whether or not the tab is ‘active’, the fuck?!? My OS?!!???!?!!!?!?!?
As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?
Well, most websites in 2026 don’t use 3D stuff, but some do, and for some of those, there isn’t really an alternative. Take Google Earth as an example.
I think that given its limited use, you could realistically make 3D an opt-in thing where each website has to have user authorization, the way location data is.
There’s also some more-widely-used HTML5 Canvas stuff, which permits for rapidly-drawn 2D stuff. I think that, say, MarineTraffic uses it to draw its map. That provides a lot unique identity stuff to be leaked, but its hard to, for example, let Javascript rendering pixels run without knowing, say, the DPI of the screen.
That isn’t your systemwide mode, but provides a request from your browser as to whether to use the light or dark version of the website. Not all websites have handmade dark and light versions, but for those that do, it’s generally preferable from a user standpoint to using something like Dark Reader to dynamically generate a dark mode.
I’d guess that it probably permits a tab with Javascript running to deactivate itself in the background and to stop using CPU time.
That’s been around for a long time, as IIRC it’s in the User-Agent string. You can fake that if you want, and honestly, it’s probably not a critical piece of information, but a lot of websites that let one download software use it to preselect the appropriate version for whoever is downloading stuff. May be some other uses; not sure.
A lot of it can be disabled or faked, but websites that rely on it may not work. Firefox has CanvasBlocker, which prevents a lot of HTML 5 Canvas queries in a way that still lets most things work, faking approximate information. It may break some websites for you, but that’ll avoid leaking some of that information.
If you disable Javascript with something like NoScript, you can block a lot of that by only letting Javascript run on a per-website but…a very high proportion of websites in 2026, unfortunately, won’t work without Javascript.