If you have followed kitboga or other internet personalities who bust internet scams in funny way by using virtual machines and counterfeit websites, you must be aware of the most used scam which includes modifying DOM tree using browsers developer tools. Usually this involves some sort of banking application where scammers make (too big) fake transactions and in return request the victim to pay them back the extra cash they “sent” with gift cards. Anyone with technology background could easily detect the scam and would not fall into it but not everyone is computer expert.
From web developers perspective there is not much to do as changing the DOM tree with the browser is not visible to the applications. You could come up with some sort of check for changes (for example with MutationObserver) but it could get complicated, performance hungry and could be easily bypassed. This is why the responsibility should move to the browser developers instead, and with this I mean you Google, Mozilla, Microsoft and Apple. Implementing a feature that shows some sort of warning sign to the user if DOM is modified would be the first step. This kind of feature would not hurt developers using the developer tools but it could help normal people a lot not to fall for the scam.
Going further it would be beneficial to be able to disable developer tools completely in production environments. This though would require some sort of consensus and probably a change in the HTML specification (see initial suggestion https://github.com/whatwg/html/issues/6732). Not an easy thing to do but could make sense to fortify internet security overall and leave the controls to the application developers.
What are your thoughts of internet scams and counteractions to prevent them?
I am Heikki Hellgren, Lead Developer and technology enthusiast working at OP Financial Group. My interests are in software construction, tools, automatic testing and all the new and cool stuff like AI and autonomous driving. You can follow me on Medium and Twitter and check out my website for more information.