Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wonder if these fingerprint checks look for the more stealthy and sinister approaches, like localhost port scanning [1] and specific CSS selector behavior...?

[1] https://twitter.com/davywtf/status/1132026581038190592



There's so much fingerprinting that can't really be disabled. Think about it:

Performance

- Single-threaded CPU performance

- Multi-threaded CPU performance

- WebGL performance

- Video performance

- Network performance (how long does it take to transfer data to various locations, what's the lag, is the lag consistent, etc.)

- (Maybe) Time it takes to execute certain JavaScript functions

User behavior

- How does the user use their mouse when navigating web pages?

- Not at all?

- Jerky movements?

- Smooth movements?

- If the user uses the keyboard, do they appear to be advanced keyboard users, do they have an IME, etc.

- Does the user press X buttons on tiny annoying popups that wouldn't interfere with the page's browsing experience?

- Does the user appear to block access to certain resources? (ad blocker)

- Does the user's workplace/country/etc. appear to block anything?


True, in the current situation, we can only "limit" fingerprinting. This is the result of the characteristics of the sandbox we use for the Web. Remove Javascript, and most of these problems go away.

This is why I stay attached to making simple HTTP apps that don't require JS, but this is clearly not the direction the web is going at this time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: