this post was submitted on 15 Nov 2023
-10 points (25.0% liked)

Firefox

17899 readers
65 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
-10
Shouldn't browsers protect what users write from being seen by the website (like customer support chats) before hitting send? Would it be difficult to implement? (lemmy.world)
submitted 1 year ago by TheTwelveYearOld@lemmy.world to c/firefox@lemmy.ml
6 comments fedilink hide all child comments
 

I'm sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don't you think that's a breach of privacy?! I imagine it isn't too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).

The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.

top 6 comments
sorted by: hot top controversial new old
[–] lemons@lemmony.click 18 points 1 year ago

That’s generally not how this works. Firefox doesn’t send what you’re typing to the website. Whoever developed the website made JavaScript that monitors the input for changes, and then sends a request to the host with the changes. To Firefox, this is simply two, non suspicious events. The JavaScript wants to see what is typed - that’s reasonable, could be to do some processing or update some text on the website. The website wants to make a http request - also totally fine, could be an API query for a search. There would be no reliable way to stop a website from sending what you type back to the host.

[–] DirigibleProtein@aussie.zone 11 points 1 year ago

Open notepad or similar locally, write your message, think about it, delete, go back and edit, when you’re ready, copy and paste into the chat window. You can save your side of the chat so that you have a record of what you said.

[–] 0xtero@kbin.social 7 points 1 year ago

Disable Javascript

[–] Transform2942@lemmy.ml 6 points 1 year ago

It's pretty standard to send keypresses to the backend before the user hits submit (otherwise search boxes couldn't do auto completion for example)

You could maybe write an extension that tries to detect the difference between this and a 'full submit' (and block those network requests) but I bet it would be very unreliable

[–] glowie@infosec.pub 6 points 1 year ago

Username checks out

[–] MangoPenguin@lemmy.blahaj.zone 2 points 1 year ago

You would need to write in notepad and paste it into the chat box after or something like that.

When you type into a website running JS for a chatbox, there's no way for firefox to prevent that text being sent right away.