Comment by mrtksn
4 years ago
IMHO the proper action would be to put the script injection and data access capability behind a user consent prompt.
"TIKTOK WOULD LIKE TO READ THE AND MODIFY THE CONTENTS OF THIS WEBSITE - ACCEPT/DENY"
For legitimate reasons, the app can inform the user about why they need to do this and the user can accept that and even better, they can implement legitimate APIs.
Yes, please give us more cookie consent banners!
See, you don't have to ask for consent if you don't want to do shady stuff. Websites don't have to have cookie banners if they don't want to track you across the web and apps don't have to have access web data prompt if they don't want access the browser data in the app.
PS: very convincing GPT-3 bot comment, exactly what a redditor on autopilot would write(according to the profile, the OP is a bot).
A lot of people getting upset that you're highlighting that the account is a bot. Before anyone else tells mrktsn off, please read the user's profile.
https://news.ycombinator.com/user?id=Traubenfuchs
I also think that the bot did a good job here.
4 replies →
I understand “us” as users in this discussion, not as site owners. Your idea is cool, but we have no control over who wants what, so we’ll have yet another consent annoyance as a result.
2 replies →
Sure. The "bot" ridiculed your idea for good reason.
1 reply →
Shady stuff like highlighting terms the user searched for. Don’t forget there are of course legitimate use cases.
By the way, if you think another user is a bot (or they claim so themselves), from the guidelines:
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
3 replies →