All browser prompts need a "Lie" function in addition to Allow and Block.

<Website> wants to:
* Know your location
* Use your camera
[ Allow ] [ Block ] [ Lie ]

· · SubwayTooter · 27 · 250 · 294

@polychrome "sure, you can have access to my camera that has a lens cap that's permanently on"

@ben now they get a user configurable looped fake video, courtesy of the web browser itself.

@polychrome browser gives you the android emulator mock sensor UI

@polychrome @ben Requesting webcam access should default to Rickrolling.

@polychrome @ben Would this actually be possible with an extension?

@be @polychrome @ben
Good idea. I think the question boils down to whether an extension is able to provide a virtual webcam. I would expect that the browser is requesting those directly from the OS, so my guess would be that it's not possible. Might be wrong though.

@floppy @polychrome @ben I think it would be possible to write a standalone application that presents a PipeWire video signal to spoof a webcam to a browser.

@be @polychrome @ben
I agree, I can see that happening too. Streaming should work with ffmpeg or possibly even with tools provided by PipeWire.

FYI, chromium has the following command line switches that help "faking" a webcam:


Details on command line parameters:

Details on the video file format:

@ben @polychrome I take it that still leaks noise patterns which might be used to reidentify the camera though …

@trisschen @ben this game of cat and mouse is endless but worth playing for the privacy benefits (or for the bad actors, the financial incentives)

yes -- either random noise or some generic fake video would be better.
@ben @polychrome So that the website can stop nagging you, but you still don't give access? YES please

@polychrome that's what i liked about the XPosed XPrivacy mod for Android back when i used it - you'd just provide garbage data to the app and it wouldn't know you were denying it anything so it wouldn't nag you or withhold any functionality

@polychrome Even more important for phone, there should be some random contacts, calendar, position, camera, mic etc. avaliable to give any app.

@polychrome OpenBSD kinda does this for camera and microphone inputs. It's controlled by a global *kernel* config. If they're disabled, userspace can access them but only get an endless 0x00 stream.

@polychrome Now if only the people making the browses weren’t the same people who want all our data.

@aral @polychrome well, let's just fork browsers to add that feature ourselves then 👀

@polychrome that would probably even be useful for testing your own website. Assuming a simple home delivery of pizza, you could (as a dev) easily verify that your website does indeed choose the closest pizzeria, or end-to-end testing of video-conference app like jitsi by sending pre-recorded media

faking location in chrome and firefox 

@a000d4f7a91939d0e71df1646d7a48 @polychrome i know that chrome has this feature for location

f12 -> console tab at the top -> "Show console drawer" in the ... menu at the top -> "Sensors" in the ... menu at the bottom

firefox buries it in about:config which can accept a data: URI e.g. data:application/json,{"location": {"lat": 40.7590, "lng": -73.9845}, "accuracy": 27000.0}

neither are that accessible to the average person and this only covers location, but the particular use case of testing your stuff for location is already covered

@polychrome @mhoye had this idea recently - when a mobile app asks for access to eg your contacts, give it bullshit data. add random noise to images to throw off ML face recog training. become ungovernable, etc

@jplebreton @polychrome I'd love a piece of software that presents itself as a camera but plays some random gif or video on repeat.

@polychrome @technomancy @mhoye I want a drop-down that lets me choose:
- lie this time
- lie every time
- lie [00-100]% of the time

- [ ] ...and re-prompt me in [duration picker] / on [timestamp picker] / after [count picker] visits

- timestamped note log about why I installed this policy: [rich text field]

@WizardOfDocs @polychrome @technomancy @mhoye now that is a really interesting question.

For example, in response to a location data query, would I care more about polluting the data set by returning incorrect but statistically plausible results? Or devaluing the data set with valid but truly randomized GPS coordinates? Or technically valid JSON but values that couldn't possibly be GPS? Or 500MB of `{` to try to get their parser to crash?


@WizardOfDocs @polychrome @technomancy @mhoye it kind of comes down to which departmental budgets I want to attack, doesn't it?

@polychrome Back to the old firewall concepts of allow, block and drop. Firewalls are defensive methods and it's sad that with every passing day, the modern web means the browser needs to be one as well.

@polychrome 10-20% of users protecting their privacy by opting out/blocking things won't break the surveillance business model.

But 10-20% of users poisoning all the analytics with bullshit might :)

Just imagine the gnashing of teeth about "business models" if that became a problem for capital. "People are lying on the internet! I suddenly care because they're messing up MY MONEY!!"

@polychrome One great reason for preferring my amateur browser engines to provide such information through webforms... Give you the option of selecting alternate values!

@polychrome i use a fake location app in background for that purpose but your button would be a much better solution.

@polychrome related:

Every popup needs a third option

"Yes", "No", "Eff off and die in a hole!"

@WizardOfDocs @polychrome I have some thoughts

But you're right, we would all be really well served by a more general policy engine for controlling the quality and veracity of the data we allow to be gathered from our various user agents.

*staring straight at the data-baleen advertisers while turning a giant knob labeled "SPOOFINESS"*

@polychrome sad that Lineage OS got rid of this a while ago :blobcatcry:

Can still use XPrivacyLua but it's a lot more complicated for the average user

@psiie @polychrome Same here! Although IMO the privacy guard used to be a big selling point of Lineage OS, I know it takes a lot of work to maintain these features but I'm sad they removed it

@polychrome Ive considered making a shim extension. One that lies to the website with fake data.

A lot of the API hooks are in-scope and can be overwritten. But im not 100% certain. Ide have to look

in cases where, if it were a real-lifenexchange, you would say "thanks but no", instead of either " fuck off!" or looking straight ahead and avoiding eye contact.
Those exist. There may be sites/services which you would allow to access you camera *some* of the time, like video conferencing.

Hmm... not sure. Wouldn't it be nice if the site operator didn't have to implement that stuff themselves but could simply use the existing implementation in the browser?

reminds me of the glorious day of the Browser Wars, when Opera would pretend to be a different browser on sites "optimized for Internet Exlorer" to circumvent the "compatibility mode" for unknown browsers (aka: small-vendor lock-out switch).

Which also reminds me I still have no clue if it's a good idea to use Vivaldi instead of Firefox, given that it's nicer to use, and does not seem to do more privacy invasion or push its own services than Firefox ...

Sign in to participate in the conversation

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!