Comment by o11c

Comment by o11c 15 hours ago

3 replies

View on Hacker News

It says "screenshots of themselves". The application is responsible for rendering the screen in the first place so it fundamentally doesn't need a permission.

Now, what could reasonably be a permission is "access the internet", but our overlords don't approve of that thought.

(Contrast this to web pages, which do not render themselves and thus can sensibly be blocked from screenshotting)

gretch 14 hours ago

I mean yeah technically the website can’t screenshot, but it can do many functionally equivalent things.

For example, it can capture the entire DOM and send it off, including the contents of input fields that have not been submitted.

That DOM capture can be replayed on a browser to show what the user sees. So what’s the difference?

Reply View 2 replies
  • Thorrez 12 hours ago

    Well, blocking javascript would stop that. Noscript is a thing that some people use.

    Reply View 1 reply
    • danaris 6 hours ago

      For an increasing plurality (possibly even majority at this point) of sites where the purpose is not purely to read text, this is effectively equivalent to saying "you can just not use the site."

      Reply View 0 replies