ewilligers
commented
4 years ago -
A web app can't silently attempt a connection - the user will see a dialog requesting consent. If the user declines consent, or if the user agent denies permission for other reasons, the web app simply observes a promise rejection.
-
PR https://github.com/WICG/raw-sockets/pull/8 allows use in private browser mode.
If the API is denied in private browsing modes, then you can easily detect if a user is in a private browser mode by simply attempting a connection, if its denied then you know the user is in some private mode,
this could be used as a way to track users using private modes, or potentially as a way of 'browser fingerprinting'