In a non-malicious way it can all be helpful to websites to know the capabilities of your device to allow it to change what the site delivers/how it renders. Knowing your GPU allows it to know if your device supports WebGL/DirectX/Vulkan etc., knowing light or dark mode allows for it to set the site the same as your system, if the tab is not active it can pause content, and if you have a low battery the site can try to be less power hungry by perhaps not asking to render a ton of active content. Knowing if your on a mobile device can allow the site to deliver a mobile optimized layout, or if you have touch capability to render buttons larger.

The fact that advertisers and data brokers use this to fingerprint you as a user is just a non-intended use of good intention features. In reality, if you do hide this information (which you often can using developer tools in many browsers) you’ll find the some sites will just not work or will act wonky and data brokers will still fingerprint you using things like tracking pixels, your IP, or user agent string info that you can’t really hide without fully breaking the web. You only need three or four individual pieces of information to pinpoint specific individuals in most cases so they don’t really need all of it, it’s just easier and more accurate the more information they have.

What fucking idiot/asshole decided to even have an api for your gpu

Well, most websites in 2026 don't use 3D stuff, but some do, and for some of those, there isn't really an alternative. Take Google Earth as an example.

I think that given its limited use, you could realistically make 3D an opt-in thing where each website has to have user authorization, the way location data is.

There's also some more-widely-used HTML5 Canvas stuff, which permits for rapidly-drawn 2D stuff. I think that, say, MarineTraffic uses it to draw its map. That provides a lot unique identity stuff to be leaked, but its hard to, for example, let Javascript rendering pixels run without knowing, say, the DPI of the screen.

Light/dark mode?

That isn't your systemwide mode, but provides a request from your browser as to whether to use the light or dark version of the website. Not all websites have handmade dark and light versions, but for those that do, it's generally preferable from a user standpoint to using something like Dark Reader to dynamically generate a dark mode.

Visibility (whether or not the tab is ‘active’, the fuck?!?

I'd guess that it probably permits a tab with Javascript running to deactivate itself in the background and to stop using CPU time.

My OS

That's been around for a long time, as IIRC it's in the User-Agent string. You can fake that if you want, and honestly, it's probably not a critical piece of information, but a lot of websites that let one download software use it to preselect the appropriate version for whoever is downloading stuff. May be some other uses; not sure.

As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?

A lot of it can be disabled or faked, but websites that rely on it may not work. Firefox has CanvasBlocker, which prevents a lot of HTML 5 Canvas queries in a way that still lets most things work, faking approximate information. It may break some websites for you, but that'll avoid leaking some of that information.

If you disable Javascript with something like NoScript, you can block a lot of that by only letting Javascript run on a per-website but...a very high proportion of websites in 2026, unfortunately, won't work without Javascript.

I'm surprised many of these aren't obvious to you.

tab is 'active', the fuck?!?
A website serving a video will need to know if you're actually watching so it can stop playback or if background playback is desired, they know they can lower the quality of the video being delivered to save bandwidth.

Light/dark mode?
Sites are often designed to align with the light/dark theme set in the browser or OS.

battery status?
Less demanding objects are often delivered to visitors with low battery.

gpu
Some objects being delivered benefit from knowing which drivers/GPU they need to be compatible with.

etc. etc.

The creators of a browser doesn't benefit from providing this information. It's all stuff that can sometimes result in a better browsing experience and since the browser doesn't know which sites would, it provides the information for every page load in the handshake.

If you don't like it, use a privacy-focused browser or an extension to randomize the data.

GPU

So that you can run interactive 3D applications like games in your browser.

battery

To adjust the performance of a web application to save more power.

Light/dark mode

To give you matching website.

active tab

Again to adjust performance or to pause an application.

OS

Is often used to give you a download link that matches your OS.

As a side question, why is the capability built in by a browser, but the user is never given a choice about whether or not any of this is shared?

You can disable or fake most of the stuff. But that usually makes you stand out even more in their statistics.

The logic is so that web devs can better tailor sites to your set up. Like don't run fancy graphics for a battery mode laptop, change the theme to match user's theme, etc.

But obviously this is (now) just used to fingerprint and track users for more ad revenue.

Your entire existence is a money making opportunity for someone else.

Lmfao, US Congress could ban all data selling and brokering in a single session, and you think browser makers are the asshole for providing basic APIs for web apps?