[mike_d]

The websites opening an audio context without using it to play anything are probably doing bot detection.

Different browser engines and operating systems implement audio processing differently, so if you play a completely inaudible sound and then record it back (from the API not the microphone) you end up with a signature.

You can use that signature to see if the browser is lying about its user agent, running in headless mode, or all sort of other interesting edge cases that are not a real user buying widgets.

https://github.com/fingerprintjs/fingerprintjs/blob/3201a7d6...

[zie]

Grrr. Browser/Web standard people went crazy with API's and never stopped to think how the world will abuse them to do crap like this.

[IshKebab]

They definitely thought about it, but fingerprinting is already so easy, and really difficult to stop even if you started the web platform from scratch. Nobody is going to accept "websites can't play any audio because it would make fingerprinting sliiiiiightly easier".

[account42]

Maybe I'm an extreme outlier, but I don't want 99.99% of websites to be able to make any noise at all. And for the remaining ones I could live without audio too.

[account42]

Considering which companies are largely responsible for adding these APIs, maybe they did think about how they can abuse them.

[x0054]

There are even already plugins for bots running in the wild that simulate Audio Context to trick the boot detection. Crazy!

[czk]

can't wait for cloudflare to implement this to further disrupt my browsing freedoms and waste cpu cycles

[jsheard]

I'd be surprised if their bot-check interstitials aren't already doing something along those lines. Web Audio has been around for a long time.