Hacker News new | past | comments | ask | show | jobs | submit login

You'd really need to block fetch(), websockets, WebRTC, all external images/stylesheets/scripts added to the DOM later, and service workers (to prevent the upload from just being deferred). It's not easy to make sure a web page can't phone home.



Well, and writing cookies which would upload at a later visit. And probably a dozen other paths.


Throttling inside of Devtools should do all of those.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: