• KairuByte@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    1 year ago

    Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.

    Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.

    • Blue_Morpho@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      If you’re using a third party app, guess what you’re using as a browser.

      Yes if you are inside Facebook and while inside Facebook click a link to go somewhere else you are still in Facebook and they will keylog everything.

      This is presented as if Facebook/Toktok can keylog everything.

    • Echo Dot@feddit.uk
      link
      fedilink
      arrow-up
      2
      arrow-down
      9
      ·
      1 year ago

      Somebody else is already pointed out that it’s already been debunked so no it wasn’t happening

      • FutileRecipe@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        And somebody else pointed out that that was debunked so yes it’s happening

        Edit: the point I’m hopefully making is that you’re just kinda saying stuff and not even bothering to post a source.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I was responding to your claim of “not happening, impossible” with proof of it being possible, and actually fairly easy to implement.