46 comments

[ 2.7 ms ] story [ 55.3 ms ] thread
Hmmm. Clever and a little spooky!
I enjoyed playing with this. Wild how much it knows.
thats pretty creepy. I find it unnerving that they know exactly where my cursor is.
Heads up: there's audio. It does add something.
I am not sure what I am looking at. It's telling me things which I expect any website to know via basic javascript. What am I missing?
I'm getting a PR_END_OF_FILE_ERROR when I try to open the page in Firefox on Linux.
This is a great POC about how you give up privacy just using the web. This data is bought and sold and more and used against you every day
Nice! It shouted "Bot" when I ran this in the console

for (let i = 0; i < 1000; i++) { document.querySelector(".button")?.click(); }

I've always added analytics scripts on websites I worked on. It was second nature for me. Then when I got my own start up, I didn't just add regular analytics but one that tracks mouse movements so you can watch sessions back like a video [0].

I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.

Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.

[0]: https://idiallo.com/blog/spying-on-your-user

I'm surprised browsers don't warn users about every website that has listeners attached to keyboard/mouse events. It's totally fine for something like a game or an experiment website, but might not be something you expect from a blog or a news site.
At some point we really need to split websites from web applications as a concept.
Ethical question: is there a huge difference between seeing the dev tools being opened in a re-created session replay AND simply storing an event with [dev_tools_opened at 1min 3s].

If you have only the event, you can basically re-create a playback of that action if you want.

Now, if you track all actions of interest, than that's basically almost the same as a full session recording.

This brings me back to the glory days of StumbleUpon. Highly recommend.
Very fun, I enjoyed seeing what it would react to.
I was disappointed that it didn't catch me editing the HTML when I tried changing the button's class to button2 or adding other classes. I wanted it to call me out when I clicked after that edit.
As a semi-savvy programmer, but with little experience in web-dev, I'm actually a bit ignorant of what a site can measure -- client side -- versus collect server side.

Presumably it's a simple matter to send something back to a server, but I've really never thought about the mechanisms involved.

(comment deleted)
(comment deleted)
(comment deleted)
Awesome. Looking for this as an iOS app, since I learned dismissing notifications phones home. (Useful feature for multidevice cloud services but can be creepy, companies learning the notifications we expand or leftswipe away… learning our sleep schedules and preferences and all that in ways we might not have specifically expected in this exact case)

Apps know when we’re on WiFi, when we force quit, have potential to have motion sensor access if opting in…

Not sure the presentation needed for acceptance into the App Store. As a security checkup tool or something…

I'm guessing this is supposed to illustrate how tracking is ubiquitous, given what I see in the source code.

In my case, though, after carefully enabling only scripts from the site and the Cloudflare CDN, but not enabling XHR/websockets back to the source page, or any cookies, the only thing that happens for me is:

1. I see a button and an exhortation to click the button.

2. I click the button.

3. The site goes "Subject has clicked the button."

4. The site goes "...".

...and then nothing else happens, no matter where I click or move my mouse. In the background I can see attempted websocket connections, but I'm blocking those so they can't happen.

If the aim of the game is to open people's eyes to the dangers of online tracking, it feels like there should be a reward mechanism if such tracking is blocked!

It was the spring of 1993. UPS dropped a huge package at my door. It was Visual C++ 1.0 in a 50-story-high white box that weighed a ton. I spent the whole day reading manuals and messing with it. When my wife came home that night, I couldn't wait to show her what I finally managed to pull off -- a maximized window that contained a single button that filled the entire space of that window. And the label said "Click Me." My wife clicked that button, and nothing happened.

"What's the point?" she asked.

I said, "You can click it."

"But what's the big deal?" she was baffled.

"You can click it,“ I said.

“That's the big deal."

[flagged]
Yes. It was 1993 -- there was no Internet to search for anything. The manual that came with Visual C++ could fill a small library, and the program itself came on two dozen floppy disks. And me being a not-so-bright junior programmer didn't help either.
That reminds me of this story, from developing for the Playstation:

>In the main engineering room, there was a whoop and cry of success.

>Our company financial controller and acting HR lady, Jen, came in to see what incredible things the engineers and artists had come up with. Everyone was staring at a television set hooked up to a development box for the Sony Playstation. There, on the screen, against a single-color background, was a black triangle.

>“It’s a black triangle,” she said in an amused but sarcastic voice. One of the engine programmers tried to explain, but she shook her head and went back to her office. I could almost hear her thoughts… “We’ve got ten months to deliver two games to Sony, and they are cheering over a black triangle? THAT took them nearly a month to develop?”

https://rampantgames.com/blog/?p=7745

That’s a cool story! Thx for sharing. Back then programming was rough, but the sense of accomplishment from completing even simple tasks was real and rewarding.
I show this in my interface programming class to introduce people to the concept of input events.

Thinking of input as a series of discrete events is an interesting cognitive model that many experienced programmers take for granted!