also whenever i say no it just redirects me to another subdomain and asks again

Show thread

folks! spare me the takes on how the web is ruined and back in your day all you had was tables and you were perfectly happy

Show thread

it's clear to me that they don't care about stopping bots, they're just trying to get notifications permissions, probably so they can send some notifications later that look like facebook or gmail and trick people into giving up their passwords

Show thread

@FimbulFlower @codl
It gets worse; A quick searx shows this fucking dark pattern has been spreading for months, at least.

@codl u running ublock origin? you might be able to block the specific script that's doing this

(i often disable js for entire domains w/ umatrix but that unfortunately breaks a ton of sites nowadays, the won't even load)

@codl the next logical step: "to prove you're human please provide root access to your computer"

@codl (and we'll only get there because the W3C will never get the Web Blood Test standard in time)

@espectalll @codl could literally happen: use your digit reader to prove you're a human
those come bundled with many laptops (and microsoft requires it for some features of the partners program, like printing your certificates)

@efi @codl that already exists, it's called WebAuthn - except they don't get to see your fingerprint

@codl I remember times when sites actually competed for making it for readers *easier* to get to their content. Nowadays it's clear their purpose has changed.

@codl I think we should "allow" that it is (next level BS).

@codl Hmmmm, I know perfectly well how to get a robot to pass this test. Build a chromeless web browser!

Though just putting any required JS in the page would warrant such measures. And all that really matters is you trip up most (simpler) bots.

@alcinnz @codl I think whoever designed this doesn't give a shit about robots

@codl I really, really, really don't miss working on web browsers. SO MANY conversations about issues like this while developing features that require permission gating, and no real great answers.

@qdot @codl Does JS actually know if you gave it notification permission, or can someone just choose "always deny" and be rid of that garbage? I've taken to always choosing "yes" when a site has its own popup asking if they can send me notifications, then choosing "always deny" when the permission box pops up, so they'll set the cookie saying that I said yes and never ask me again.

@codl Wow, that's like the darkest of dark UI patterns...

@codl where tf have they done that and why aren't them in jail already

@codl No need to protect scum. Do tell who does stuff like that

@codl I saw one of these pretending to be recaptcha a few days ago. it was awful.

@codl the "redirect to a new subdomain" thing is wild, too

The first thing I do when setting up Firefox on a new machine is: Preferences -> Privacy and Security -> Permissions -> Block New Requests to access Location / Camera / Microphone / Notifications.

I can't imagine why anyone except advertising networks would want them set differently.

@codl This probably wont prevent bots on the internet I guess.

this isn't a "new dark pattern" and isn't an example of "the web is ruined" β€” this is a now-old malvertising tactic that keeps coming back, with new clipart every time

if you click allow they send you spam popups. it is not a bot check, they claim it is to convince people to click allow, thinking it's required.

@codl Hmm. Lest stuff like this become universal:

Could a browser extension be made to spoof the state of a browser's notification permissions? (Like, a real config file and a separate, web-facing config file?)

Could JS-generated notifications be easily permitted in-browser but blocked by the OS without losing locally-generated notifications (eg. "download complete" etc.)?

Could we just use the presence of, superfluous commas to detect malicious websites?

@efi a virus that redirects all your websites to that page and then asks for permission to send notifications?

@ben I thought it was a website asking for permission, not a redirection, let me read it again

@ben oh, it -can- be a virus or it can just be a webpage with an ad that loads the same page the virus redirects to

Sign in to participate in the conversation

Chitter is a social network fostering a friendly, inclusive, and incredibly soft community.