Attention: Blog.Tox.Chat is tracking you using HTML5 Canvas.

[ghost]

https://i.imgur.com/Ywr94AA.jpg

Using canvas for tracking unique visitors? "How does Tox protect my privacy?"

[ghost]

<script type="text/javascript">
......
!function(a,b,c){function d(a){var c,d=b.createElement("canvas"),
e=d.getContext&&d.getContext("2d"),f=String.fromCharCode;
return e&&e.fillText?(e.textBaseline="top",e.font="600 32px Arial","flag"===a?(e.fillText(f(55356,56806,55356,56826),0,0),d.toDataURL().length>3e3):
"diversity"===a?(e.fillText(f(55356,57221),0,0),c=e.getImageData(16,16,1,1).data.toString(),e.fillText(f(55356,57221,55356,57343),0,0),
......

Found it inside the source. This is not external js's fault - it's written on purpose...

I mean no harm, but methink putting this, "sneaky HTML5 canvas" which used for identify individual silently, is very BAD thing and must be stopped.

I want to know "1. Why did you put such thing?" and "2. How I can trust your product(Tox)?". I'm surprised no one report this issue like me. If you're using latest browser, you'll receive the warning - do you just ignore it? Really?

[SkyzohKey]

For instance here's the unminified code:

window._wpemojiSettings = {
    baseUrl: "https://s.w.org/images/core/emoji/72x72/",
    ext: ".png",
    source: {
        concatemoji: "https://blog.tox.chat/wp-includes/js/wp-emoji-release.min.js?ver=4.4.2"
    }
};

!function(a, b, c) {
    function d(a) {
        var c, d = b.createElement("canvas"), e = d.getContext && d.getContext("2d"), f = String.fromCharCode;
        return e && e.fillText ? (e.textBaseline = "top", e.font = "600 32px Arial", "flag" === a ? (e.fillText(f(55356, 56806, 55356, 56826), 0, 0), 
        d.toDataURL().length > 3e3) : "diversity" === a ? (e.fillText(f(55356, 57221), 0, 0), 
        c = e.getImageData(16, 16, 1, 1).data.toString(), e.fillText(f(55356, 57221, 55356, 57343), 0, 0), 
        c !== e.getImageData(16, 16, 1, 1).data.toString()) : ("simple" === a ? e.fillText(f(55357, 56835), 0, 0) : e.fillText(f(55356, 57135), 0, 0), 
        0 !== e.getImageData(16, 16, 1, 1).data[0])) : !1;
    }
    function e(a) {
        var c = b.createElement("script");
        c.src = a, c.type = "text/javascript", b.getElementsByTagName("head")[0].appendChild(c);
    }
    var f, g;
    c.supports = {
        simple: d("simple"),
        flag: d("flag"),
        unicode8: d("unicode8"),
        diversity: d("diversity")
    }, c.DOMReady = !1, c.readyCallback = function() {
        c.DOMReady = !0;
    }, c.supports.simple && c.supports.flag && c.supports.unicode8 && c.supports.diversity || (g = function() {
        c.readyCallback();
    }, b.addEventListener ? (b.addEventListener("DOMContentLoaded", g, !1), a.addEventListener("load", g, !1)) : (a.attachEvent("onload", g), 
    b.attachEvent("onreadystatechange", function() {
        "complete" === b.readyState && c.readyCallback();
    })), f = c.source || {}, f.concatemoji ? e(f.concatemoji) : f.wpemoji && f.twemoji && (e(f.twemoji), 
    e(f.wpemoji)));
}(window, document, window._wpemojiSettings);

[SkyzohKey]

@installgen2 can you please close this joke ? The script is only used to render and cache emojis, nothing more.

[nurupo]

Found it inside the source. This is not external js's fault - it's written on purpose...

@verycrypt it was added by WordPress update 4.2 https://codex.wordpress.org/Version_4.2#Emoji

[nurupo]

Removed all the shitposting, as the issue seems to have attracted a lot of unnecessary attention.