One day my dad called me for me to see something, he showed me that he could see the entire customer’s screen, everything he was doing on the website, he could see if he took a screenshot what tabs he had opened, what applications he had on his task bar and so on. My dad could also see a recording of what a customer is doing on the company’s webpage with their phone. To sum it up, it’s as if there were someone recording all you do on a webpage on your browser.
I feel like everything i’ve done is pointless, and i haven’t see anyone talk about webpages that record all your screen.
This is usually achieved by special software. There are several options.
- AnyDesk, TeamViewer etc. - SW you have to install and give permission to other person use it (ID + PIN). It’s used for different purposes.
- Device Management - usually used by companies to allow manage tenths and hundereds of devices in the company network remotely and easily.
- Something like BeEF - that’s why is important to keep browser updated
- Sophisticated (maybe targeted) attack with malicious spyware - highly unlikely for a normal person
CSS @media wants to know your screen sizes.
I dunno who said this that JS is the only way people can track you. Maybe Stallman I don’t know for sure.
I don’t know if this statement will be considered blasphemy by Stallman but I will say this, there are plenty of ways to track you without using JS.
Websites can see a lot of things, but rest assured, browsers are not designed so poorly that they can actually see the tabs and applications you have open (at least, not without shenanigans).
With that said, I do vaguely remember that website tabs can see and track what elements of the page you are interacting with. And of course, they can fingerprint you and uniquely identify you relatively easily.
Whether or not that’s alarming depends on your threat model, as always. For example, if you’re always logged in on a website, then it doesn’t really matter that the site can tell that it’s always you via fingerprinting because it already knows that it’s you.
As the others have said, this is most definitely done through special software. I’ve seen a similar setup in the past.
I wouldn’t worry too much.
A lot of evils come from over use of analytics and gathering and sending too much data to those on the grounds that maybe it will be useful to the app creators or business in the future. Especially if that info is not scrubbed sufficiently of user identifying information. Even more so if it goes to some anlytics providing company like Google that is known to hoover up information for its own purpose quite aside from the why you interacted with some webapps and sites.