• KairuByte@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    11 months ago

    Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.

    Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.

    • Blue_Morpho@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      11 months ago

      If you’re using a third party app, guess what you’re using as a browser.

      Yes if you are inside Facebook and while inside Facebook click a link to go somewhere else you are still in Facebook and they will keylog everything.

      This is presented as if Facebook/Toktok can keylog everything.

    • Echo Dot@feddit.uk
      link
      fedilink
      arrow-up
      2
      arrow-down
      9
      ·
      11 months ago

      Somebody else is already pointed out that it’s already been debunked so no it wasn’t happening

      • FutileRecipe@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        11 months ago

        And somebody else pointed out that that was debunked so yes it’s happening

        Edit: the point I’m hopefully making is that you’re just kinda saying stuff and not even bothering to post a source.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        I was responding to your claim of “not happening, impossible” with proof of it being possible, and actually fairly easy to implement.