Hacker News new | ask | show | jobs
by 7to2 1174 days ago
> But closer inspection showed that its use was to get user's IP address for better fingerprinting.

Maybe that's why it fell to the wayside: scripts are no longer allowed to get the local IP address (taking with it the most useful aspect of WebRTC, true serverless p2p without internet[1]).

[1] I'm not saying that I disagree with the decision, but still sad that we can't have nice things :(
3 comments
codedokode 1174 days ago
Yes instead of IP address the API now provides Apple DNS hostname. But a proper solution would be to put this unnecessary API behind a permission.
link
illiarian 1174 days ago
There are too many APIs that need to put behind permissions for permissions to be useful.

No idea how to solve this though.

link
notatoad 1174 days ago
i want the chrome apps model to come back - put your permission requests in a manifest, and when the user clicks and install button the app gets its permissions. so "web apps" that the user cares enough about to install get useful features, but pages that you just visit briefly don't.
link
illiarian 1174 days ago
> i want the chrome apps model to come back - put your permission requests in a manifest, and when the user clicks and install button the app gets its permissions.

So you will get the Android case where flashlight apps where asking for everything, including location data and contact access, and people were giving it to them

link
notatoad 1173 days ago
you can't protect everybody from themselves all the time.

some people are just gonna agree to everything, and you can't stop it. don't ruin apps for everybody just because some guy who couldn't care less shared some data with an app you think they shouldn't have.

link
illiarian 1173 days ago
> you can't protect everybody from themselves all the time.

It's not an either-or thing. There are multiple levels to security, and just shoving everything into one big prompt, and letting users deal with it ain't it.

link
littlestymaar 1174 days ago
> taking with it the most useful aspect of WebRTC, true serverless p2p without internet[1].

Would you mind elaborating? In any case WebRTC always needed some kind of third party server to connect the peers together (sure, such a server can be on your local network), and then they replaced the local IP in ICE candidate with mDNS addresses which serve the same purpose and allow for direct P2P communication between the two peers without going through the internet.

link
azangru 1174 days ago
Dang, this is so sad.
link