Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Who do I trust and why? Digital Ocean, Google Chrome and Motion Sensors
20 points by lemonberry on Aug 31, 2020 | hide | past | favorite | 12 comments
I just logged into Digital Ocean to update some DNS records. I notice a new icon in the address bar that looks like it represents radar or radio waves with a red square and a white x in it. When I click it I get "This site has been blocked from accessing your motion sensors".

Why would Digital Ocean be trying to access my motion sensors? According to this article it's to get more information about users.

https://gadgets.ndtv.com/internet/news/google-chrome-will-prevent-websites-from-using-your-devices-motion-sensors-to-track-you-2009386#:~:text=A%20new%20feature%20spotted%20in,gyroscopes%2C%20and%20ambient%20light%20sensors.

Of all the companies I deal with Digital Ocean never would have crossed my mind as one that I have to be concerned with regarding privacy issues. Veil lifted.



My first guess would be that they were doing that as part of protecting their sign-in page against bots / automation, which is the kind of thing you need to do to protect against credential stuffers.

Look, you've just signed in with a long-term stable identifier. There is no need for them to track you with any kind of fingerprinting.


Which does make the fingerprint a lot more valuable if used in other contexts. This is why Google is so scary; they have biometric fingerprint data on everyone, account(s) or not, just through mouse/scroll patterns and cadence.

Ideally we need to find the JavaScript making the motion API request and try determining what it might be used for.


This is as bad excuse as TikTok's excuse for accessing the clipboard every 3 seconds.


What page were you on, exactly? I can't seem to reproduce the issue that you're seeing.

Could there be an extension that is causing this?


It's on the main page as soon as I log in. I just disabled all of my Chrome extensions and I'm still seeing the warning. The warning says it's coming from https://cloud.digitalocean.com.


> Could there be an extension that is causing this?

That would be my guess as well. I couldn't repro using Chrome.


https://grantwinney.com/websites-requesting-access-to-motion...

Perhaps this link will help. It looks like websites can request if your browser has access to things like a Gyroscope or Magnetometer, and by default Chrome will block access without your consent.

It could be some sort of fingerprinting technique.


Maybe they just want hear what you have to say? https://www.usenix.org/system/files/conference/usenixsecurit...


On the warning popup there's a button to 'Manage'. I clicked that and selected do not allow sites to use motion sensors and the warning is now gone.


DO uses a third party for invasive "antifraud" that does this at login/register/pay/etc points.


CNN's website always tries to start up SteamVR for whatever reason.


CNN Lite: https://lite.cnn.com/en

You're welcome.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: