I've always added analytics scripts on websites I worked on. It was second nature for me. Then when I got my own start up, I didn't just add regular analytics but one that tracks mouse movements so you can watch sessions back like a video [0].
I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.
Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.
I think there's a very interesting duality forming around privacy. It seems like most people don't really care if they're being filmed, or if their data is being slurped up six ways from Sunday, as long as it's aggregated and going through automated systems. But as soon as it feels like an actual person is looking at individual behavior, it's creepy (which is, of course, always a possibility, but plausible deniability is a powerful thing).
singpolyma3 2 hours ago [-]
Yes. This is it. People are used to "private conversation in public restaurant". It's not private because no one can hear, but because no one is listening.
vitally3643 2 hours ago [-]
Right, the very nature of human society for the last several thousand years has been privacy in public. You walk around outside where everyone can see you, but the societal expectation is that you don't watch others. You have conversations in public because that's where life happens, but they're still private conversations.
Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious. Which was a manageable problem when it was just a single dude being weird, society would eventually exclude and shun them. Trouble is today that we've mechanised malicious inappropriate behavior at scale and ensured we've set up our entire society and government such that the people responsible can never be held accountable in any way. So long as you're being maliciously creepy at scale (and you're wealthy) everything's fine and there's no consequences.
fwipsy 52 seconds ago [-]
How do you know what life was like 2000 years ago? I don't think you can truly know when this convention appeared. I suspect it's tied to urbanism at least. If you're living alone in the woods, miles from anywhere, and someone walks past your house, you're probably not going to politely ignore them.
dools 1 hours ago [-]
I think creepiness manifests when the observation is one way. Without technology that’s kind of hard. With tech it becomes increasingly easy for everyday people to one-way spy on each other
m463 3 hours ago [-]
it's not a duality at all. the people don't know.
the people doing the "analytics" (surveillance) like their privacy too, because they are doing creepy stuff and don't want people to know it. And even if they aren't doing creepy stuff, the data might be used that way in the future (profile building, psychological tricks, personalized pricing, sharing behavior with others, etc)
latexr 2 hours ago [-]
> It seems like most people don't really care if they're being filmed, or if their data is being slurped up six ways from Sunday
For the majority of people I don’t think it’s true that they don’t care, but rather that they don’t know, don’t understand the implications, or don’t have the luxury of being able to do anything about it.
In the instances where I was able to have a longer discussion with someone to really explain what’s going on, they did care. Even if they previously said they didn’t.
ryukoposting 2 hours ago [-]
Or, they do know and they do care, but they're so exhausted by the hostile patterns of our industry that they've given up.
31 minutes ago [-]
wrRS 36 minutes ago [-]
Are there any good browser extensions that can block this and protect user privacy?
hactually 35 minutes ago [-]
yes - a fair few
Sophira 2 hours ago [-]
> Yeah, we include it in our terms and condition and privacy page
Please be honest with yourself. People don't read terms and conditions. There's a good chance you don't read terms and conditions. And even if you do, odds are better than even that you don't fully understand all the legal implications.
Terms and conditions pages nowadays are there mostly to provide legal protection under the guise of "the user told us that they read these by ticking a box on our signup page; it's hardly our fault if they didn't."
dheera 2 hours ago [-]
I'm also of the opinion that at lot of T&C are basically signing under duress and I consider them invalid. Like if I have to sign a T&C with Google Play and a T&C with your city's sanctioned parking app in order to park on the street, I consider both of those T&C's invalid. As a legal resident of the country with a legally owned car and legal driving license, I should be able to park and pay, I shouldn't have to agree to anything else.
somewhatgoated 44 minutes ago [-]
By reading this website, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
komali2 1 hours ago [-]
Your city doesn't have a way to pay for parking with cash on public roads? It's not a private lot? That should simply be illegal.
htx80nerd 3 hours ago [-]
Everyone knows stores have security cameras. But if you called them up and said 'I saw you pick up the chips' they wouldnt have a good feeling.
Everyone understands websites use analytics and tracking, but people dont want to be reminded of it. Which is why people hate those FB ads which exactly match what you searched for 24 hours ago.
Nice! It shouted "Bot" when I ran this in the console
for (let i = 0; i < 1000; i++) {
document.querySelector(".button")?.click();
}
jagged-chisel 2 hours ago [-]
Used this and it replied (in the console): "Such a smart subject."
ETA: It also took a few seconds to get around to telling me (from the bottom up):
Subject has clicked on the button a thousand times.
Subject has clicked on the button one hundred times.
Subject clicks less than most other subjects.
Subject has run script to click on the button ten times within one second.
Subject has clicked on the button nine times within one second.
Subject has clicked on the button eight times within one second.
I wonder if it can distinguish between human clicks and scripted clicks if it's saying "...clicks less than most..." or if everyone is scripting a million clicks.
zhxiaoliang 9 minutes ago [-]
It was the spring of 1993. UPS dropped a huge package at my door. It was Visual C++ 1.0 in a 50-story-high white box that weighed a ton. I spent the whole day reading manuals and messing with it. When my wife came home that night, I couldn't wait to show her what I finally managed to pull off -- a maximized window that contained a single button that filled the entire space of that window. And the label said "Click Me." My wife clicked that button, and nothing happened.
"What's the point?" she asked.
I said, "You can click it."
"But what's the big deal?" she was baffled.
"You can click it,“ I said.
“That's the big deal."
Barbing 2 hours ago [-]
Awesome. Looking for this as an iOS app, since I learned dismissing notifications phones home. (Useful feature for multidevice cloud services but can be creepy, companies learning the notifications we expand or leftswipe away… learning our sleep schedules and preferences and all that in ways we might not have specifically expected in this exact case)
Apps know when we’re on WiFi, when we force quit, have potential to have motion sensor access if opting in…
Not sure the presentation needed for acceptance into the App Store. As a security checkup tool or something…
CSMastermind 3 hours ago [-]
This brings me back to the glory days of StumbleUpon. Highly recommend.
ge96 28 minutes ago [-]
I was thinking of the paper clip universe simulator game
Where you're just sitting there clicking over and over
mrkn1 3 hours ago [-]
I made something very similar 2 weeks ago, re the upcoming OpenAI phone.
would be creepiest if your cursor moved somewhere related to what you were saying outloud.
the capability is there, your local hardware determines how seamless it would be.
nomel 59 minutes ago [-]
I made something related to this with whisper. It would just constantly listen and periodically do a search to find a picture/video/gif from the web, relevant to what you're talking about, and show it.
ProAm 3 hours ago [-]
So does every advertiser and data broker in the world
_carbyau_ 2 hours ago [-]
And yet, so many people think Cursor-camp[0] is great.
HN comments really can't beat the spectrum stereotypes...
But seriously, the parent comment isn't saying the technical fact a browser can see your cursor's coordinate is unnerving. They're saying the experience of being reminded of this fact is unnerving.
Technically, every time you take a bus ride the driver can just decide to crash the vehicle and kill the passengers and himself. This fact itself isn't unnerving -- it's just how buses work. But if there were a poster on the bus reminding passengers of that, that'd be quite unnerving.
sneak 3 hours ago [-]
This demonstrates a surprising lack of empathy.
It’s unnerving because people don’t like being watched.
slopinthebag 3 hours ago [-]
People aren't being watched...
preinheimer 3 hours ago [-]
Heads up: there's audio. It does add something.
Sophira 2 hours ago [-]
I'm guessing this is supposed to illustrate how tracking is ubiquitous, given what I see in the source code.
In my case, though, after carefully enabling only scripts from the site and the Cloudflare CDN, but not enabling XHR/websockets back to the source page, or any cookies, the only thing that happens for me is:
1. I see a button and an exhortation to click the button.
2. I click the button.
3. The site goes "Subject has clicked the button."
4. The site goes "...".
...and then nothing else happens, no matter where I click or move my mouse. In the background I can see attempted websocket connections, but I'm blocking those so they can't happen.
If the aim of the game is to open people's eyes to the dangers of online tracking, it feels like there should be a reward mechanism if such tracking is blocked!
jagged-chisel 2 hours ago [-]
I unlocked at least one "achievement" by blocking camera access.
10000truths 3 hours ago [-]
I'm getting a PR_END_OF_FILE_ERROR when I try to open the page in Firefox on Linux.
briandw 3 hours ago [-]
Very fun, I enjoyed seeing what it would react to.
grumpymuppet 3 hours ago [-]
As a semi-savvy programmer, but with little experience in web-dev, I'm actually a bit ignorant of what a site can measure -- client side -- versus collect server side.
Presumably it's a simple matter to send something back to a server, but I've really never thought about the mechanisms involved.
jamiek88 3 hours ago [-]
Hmmm. Clever and a little spooky!
ProAm 3 hours ago [-]
This is a great POC about how you give up privacy just using the web. This data is bought and sold and more and used against you every day
busymom0 3 hours ago [-]
I am not sure what I am looking at. It's telling me things which I expect any website to know via basic javascript. What am I missing?
I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.
Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.
[0]: https://idiallo.com/blog/spying-on-your-user
Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious. Which was a manageable problem when it was just a single dude being weird, society would eventually exclude and shun them. Trouble is today that we've mechanised malicious inappropriate behavior at scale and ensured we've set up our entire society and government such that the people responsible can never be held accountable in any way. So long as you're being maliciously creepy at scale (and you're wealthy) everything's fine and there's no consequences.
the people doing the "analytics" (surveillance) like their privacy too, because they are doing creepy stuff and don't want people to know it. And even if they aren't doing creepy stuff, the data might be used that way in the future (profile building, psychological tricks, personalized pricing, sharing behavior with others, etc)
For the majority of people I don’t think it’s true that they don’t care, but rather that they don’t know, don’t understand the implications, or don’t have the luxury of being able to do anything about it.
In the instances where I was able to have a longer discussion with someone to really explain what’s going on, they did care. Even if they previously said they didn’t.
Please be honest with yourself. People don't read terms and conditions. There's a good chance you don't read terms and conditions. And even if you do, odds are better than even that you don't fully understand all the legal implications.
Terms and conditions pages nowadays are there mostly to provide legal protection under the guise of "the user told us that they read these by ticking a box on our signup page; it's hardly our fault if they didn't."
Everyone understands websites use analytics and tracking, but people dont want to be reminded of it. Which is why people hate those FB ads which exactly match what you searched for 24 hours ago.
Click (2016) - https://news.ycombinator.com/item?id=35841679 - May 2023 (35 comments)
Click - https://news.ycombinator.com/item?id=26518290 - March 2021 (243 comments)
Click click click - A browser-based game on online profiling. - https://news.ycombinator.com/item?id=18636038 - Dec 2018 (1 comment)
A demonstration of browser events used to monitor online behaviour - https://news.ycombinator.com/item?id=12985644 - Nov 2016 (165 comments)
for (let i = 0; i < 1000; i++) { document.querySelector(".button")?.click(); }
ETA: It also took a few seconds to get around to telling me (from the bottom up):
I wonder if it can distinguish between human clicks and scripted clicks if it's saying "...clicks less than most..." or if everyone is scripting a million clicks."What's the point?" she asked.
I said, "You can click it."
"But what's the big deal?" she was baffled.
"You can click it,“ I said.
“That's the big deal."
Apps know when we’re on WiFi, when we force quit, have potential to have motion sensor access if opting in…
Not sure the presentation needed for acceptance into the App Store. As a security checkup tool or something…
Where you're just sitting there clicking over and over
https://news.ycombinator.com/item?id=48040327
(It might not work on touch screens.)
the capability is there, your local hardware determines how seamless it would be.
Mental framing of a tech is weird.
[0]https://neal.fun/cursor-camp/
But seriously, the parent comment isn't saying the technical fact a browser can see your cursor's coordinate is unnerving. They're saying the experience of being reminded of this fact is unnerving.
Technically, every time you take a bus ride the driver can just decide to crash the vehicle and kill the passengers and himself. This fact itself isn't unnerving -- it's just how buses work. But if there were a poster on the bus reminding passengers of that, that'd be quite unnerving.
It’s unnerving because people don’t like being watched.
In my case, though, after carefully enabling only scripts from the site and the Cloudflare CDN, but not enabling XHR/websockets back to the source page, or any cookies, the only thing that happens for me is:
1. I see a button and an exhortation to click the button.
2. I click the button.
3. The site goes "Subject has clicked the button."
4. The site goes "...".
...and then nothing else happens, no matter where I click or move my mouse. In the background I can see attempted websocket connections, but I'm blocking those so they can't happen.
If the aim of the game is to open people's eyes to the dangers of online tracking, it feels like there should be a reward mechanism if such tracking is blocked!
Presumably it's a simple matter to send something back to a server, but I've really never thought about the mechanisms involved.
https://sinceyouarrived.world/taken