I’m sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don’t you think that’s a breach of privacy?! I imagine it isn’t too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).

The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.

  • henfredemars
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    I’m not sure how this could be implemented.

    JavaScript can access user input fields to do many things such as updated display or provide rich editing features, and it can communicate with the server.

    I think either scripts running on the page can react to input into the page or not. Perhaps some scripts should not have internet access? How is this enforceable? I’m not sure how we could build a wall around input fields without breaking many useful features because there are many legitimate reasons that a script would want to react to user input.

    • stepanzak@iusearchlinux.fyi
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      I can imagine a small window optionally appearing when you click on the text field. You could write the text into this mini window, but the page wouldn’t have access to it. It would copy the text into the actual text field on enter and close the mini window. It would be like writing the message to some txt file and copying it to the text input when you’re happy with it. I’m pretty sure this could be done with an extension if someone wanted to create it.

  • owenfromcanada@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    It’s a gray area–on one hand, most people might not expect any info to be sent until they hit enter, but it’s a debatable point (ICQ users were accustomed to seeing the text come through letter-by-letter, for example).

    And for this use case, I can’t imagine a huge danger of typing in something that you weren’t intending to type–maybe a copy/paste error, but it’s hard to justify it as a serious threat to privacy.

    I’m with you on preferring that it were implemented the other way, but between the moral gray area and difficulty in implementing safeguards, I don’t think there’s much to be done other than practicing caution.