• zweieuro@lemmy.world
    link
    fedilink
    arrow-up
    16
    arrow-down
    1
    ·
    1 year ago

    Anything you do in the UI has some associated backend request (everything relevant at least). Search queries, loading albums, skipping, changing settings, anything is just a Web requ on their backend server which could still be collected. The custom ui does not save you from relevant data collection. Only thing potentially not getting tracked is empty navigation between tabs, but there is not a lot of info in tab switching

    • Gianmarco Gargiulo@feddit.it
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      That’s what I meant by “extra data collection,” it just gets data that has to do with what you do on the server, which is significant, but you’re still protected from kinds of local collection (e.g.: device model, IMEI if possible, screen resolution, networks you connect to, etc.) other than not having analytics trackers and ads. It may sound a bit crazy, but it is possible to collect this kind of stuff to fingerprint you, just like browser fingerprinting.

      • zweieuro@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        This is true for the desktop/mobile app application I aggree with you there since its a CEF native on desktop and mobile apps have these kinds of APIs. I very much disagree with the Web client (which admittedly my original comment didn’t mention at all, personally I mainly use the Web player)

        Since on Web it’s just a Website, all previously mentioned serve side tracking applies; but getting any hardware information through the sandboxing would break the browser security model and is not possible since there is no such web API. Web fingerprinting is one of the reasons apple (at least they keep bringing it up as a concern) is not keen on implementing the Web API for the luminance sensor on safari. Interestingly webkit (chromium core) does have the functionality which is why it’s behind a dev flag atm (https://developer.mozilla.org/en-US/docs/Web/API/AmbientLightSensor)

        Identifying hardware should not be possible according to the browsers security model.

        I should’ve phrased my question as ‘what advantage does spotube provide over Spotify premium in the browser’, after downloading it and trying it out I am guessing the biggest advantage is the download button and stuff like that? Though… I personally have no use for offline Musik nowadays.

        Edit: Sidenote: the Mozilla docs frequently mention that the user agent may be used to infer hardware/browser information, and therefore developers are encouraged so spoof it (and in general not to trust the information given)

        • Gianmarco Gargiulo@feddit.it
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Most tracking and fingerprinting is driven by JavaScript running on the browser itself, not server-side tracking. Also WebKit and Chromium are not the same engine.

          • zweieuro@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Here is a documentation link of chromiums conceptual application layer: https://www.chromium.org/developers/design-documents/displaying-a-web-page-in-chrome/ which clearly shows the core of chromium (especially rendering, and API infrastructure by w3) is done via WebKit through a Webkit Port and a glue layer for type compatability.

            I never said WebKit and Chromium are the same engine, mainly because chromium is not an engine at all. WebKit is a browser engine and is the core of chromium, chromium is a browser core, but not an engine.

            Where do you get the information from that most fingerprinting is done in JS ? Because, in the end, the data has to be sent to a server to be processed (even if the fingerprint is aggregated in a cookie). Which in turn would just be another way of saying its on the backend.

            If i do a JS request to the backend bc i want to see album X and its cover, i request the resource from the server. There is no way around this. If the actions I took are saved on a local cookie or the server directly logs the request makes 0 difference in the end as to process the logged action it would’ve to be sent to the server anyways; else there is no point in logging.

            Here is mozillas docs for fingerprinting: https://developer.mozilla.org/en-US/docs/Glossary/Fingerprinting As can be seen the tab itself only has access to the APIs of the hardware down under, which can in turn not really be trusted as any linux user can easily spoof these. Sure you can be identified, as in your browser. But nothing about your hardware. I just did that test and all the hardware info is miles off.

            I am not sure what point you are trying to make.