• muirrum
      link
      fedilink
      arrow-up
      4
      ·
      5 years ago

      I’ve seen stuff about “loss prevention” but I’m inclined to believe that that’s BS.

      • AgreeableLandscape
        link
        fedilink
        arrow-up
        4
        ·
        5 years ago

        Loss of what? I don’t see how port scanning the user’s devices factors into that.

        • muirrum
          link
          fedilink
          arrow-up
          4
          ·
          5 years ago

          That was my thought line too. There’s no real need that I can see for this sort of thing.

          • AgreeableLandscape
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            5 years ago

            IMO, system-level features like port scanning should at least require a browser-generated permissions prompt like sensible browsers have for camera and microphone access, if not non-existent from the APIs available to websites.

            • muirrum
              link
              fedilink
              arrow-up
              4
              ·
              5 years ago

              I can’t think of a use-case where a third-party website would ever need to see what ports I have open on my machine.

              • AgreeableLandscape
                link
                fedilink
                arrow-up
                4
                ·
                5 years ago

                Exactly. Same with what extensions I have installed and most other information listed in the fingerprinting section of Panopticlick.

                It’s for browser/device fingerprinting and basically nothing else.

    • Justfo
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      5 years ago

      It’s an unintended side-effect.

      And it should be fixed in the browsers; but it’s hard to do in a backwards-compatible way.

      Because some sites have legitimate reasons to connect to localhost, e.g. when they work through an additional demon installed there.

      Perhaps an explicit permission in browsers for localhost / local network addresses (per-site) would make more sense.

      • AgreeableLandscape
        link
        fedilink
        arrow-up
        2
        ·
        5 years ago

        but it’s hard to do in a backwards-compatible way.

        One idea I have is to have the browser ask for permission from the user, and just return null, undefined or some other way of representing the lack of data if the user doesn’t allow it.