On my university’s website, there is a post login security check from Duo Security that just loads an iFrame once you enter your password, does whatever the hell it does, and apparently verifies that your login is legit (somehow).

But it only works when I’m on the current tab. If I log in and then switch to a different tab, it does nothing. If you switch back after a little bit, it will continue doing its thing as soon as you do, but wait too long and the session expires and you have to enter your credentials again.

Is it using some JS API to know whether I’m on its tab or not, or is it doing something even weirder? Is it possible to make Firefox report to every open page that I’m always on its tab, even when I’m not?

  • splatt9990
    link
    fedilink
    arrow-up
    14
    ·
    3 years ago

    Yes, and they have for a while: https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API

    It’s meant as a way to optimize the page when not in use but a sufficiently motivated entity could easily use it to measure your attentiveness to the content. I don’t personally know of any extensions that disable this but it does require JS, so noscript would stop it (but likely also break most of the web for you)

    • Sr Estegosaurio
      link
      fedilink
      arrow-up
      3
      ·
      3 years ago

      But with uBlock Origin you coul fine tune whichs parts of JS do you want to block on a site basis. It’s pretty easy and imho one of the best extensions out there.

    • blank_sl8
      link
      fedilink
      arrow-up
      3
      ·
      3 years ago

      It’s been possible for much longer, using window.onblur

      This new API may be somewhat smarter (for example, onblur is triggered even if you change to a new window with the original webpage open behind it)

    • AgreeableLandscapeOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      Yeah, the security plugin doesn’t run without JavaScript.

      Neither does the rest of my university’s student dashboard. Fantastic.