| ▲ | awesome_dude 3 hours ago |
| This is probably a naive question, but... Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable? I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions" |
|
| ▲ | triceratops 3 hours ago | parent | next [-] |
| It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213 |
| |
| ▲ | awesome_dude 3 hours ago | parent [-] | | Oh, it's (re)randomised upon each restart, whew, thanks for the heads up edit: er, I think that that also suggests that I need to restart firefox more often... | | |
| ▲ | tech234a 2 hours ago | parent | next [-] | | The webpage would have to scan the entire UUID space to create this fingerprint, which seems unlikely. | | |
| ▲ | 2 hours ago | parent | next [-] | | [deleted] | |
| ▲ | throwaway808081 2 hours ago | parent | prev [-] | | Just have a database of UUIDs. Seems pretty trivial to generate and sort as it's only 16 bytes each. | | |
| ▲ | dullcrisp an hour ago | parent | next [-] | | https://libraryofbabel.info/ | |
| ▲ | stirfish an hour ago | parent | prev [-] | | lol Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware. function* uuidIterator() {
const bytes = new Uint8Array(16);
while (true) {
yield formatUUID(bytes);
let carry = 1;
for (let i = 15; i >= 0 && carry; i--) {
const sum = bytes[i] + carry;
bytes[i] = sum & 0xff;
carry = sum > 0xff ? 1 : 0;
}
if (carry) return;
}
}
function formatUUID(b) {
const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
return (
hex.slice(0, 4).join("") + "-" +
hex.slice(4, 6).join("") + "-" +
hex.slice(6, 8).join("") + "-" +
hex.slice(8, 10).join("") + "-" +
hex.slice(10, 16).join("")
);
}
This is free. Feel free to use it in production. | | |
|
| |
| ▲ | jorvi an hour ago | parent | prev [-] | | Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up. Enjoy the fingerprinting. | | |
| ▲ | tristan957 an hour ago | parent | next [-] | | I restart my browser basically every day. | | |
| ▲ | cyanydeez 31 minutes ago | parent [-] | | yeah I close out everything as a mental block against anything I'm working on. I think there's a subset of people that offload memory to their browsers and that's kinda scary given how these fingerprint things work. |
| |
| ▲ | eek2121 an hour ago | parent | prev [-] | | Umm, I restart my PC about once a week for security and driver updates. If you don't, you have a lot more to worry about beyond fingerprinting... Oh and I'm on LINUX (CachyOS) mind you. |
|
|
|
|
| ▲ | b112 3 hours ago | parent | prev | next [-] |
| Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches? I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't. |
| |
| ▲ | maples37 3 hours ago | parent | next [-] | | The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range. | | |
| ▲ | b112 3 hours ago | parent [-] | | ChatGPT told me it can be done though. It won't disclose how, as it says it has had several users report it.
And that it expects 50% of the bounty, and will use it for GPU upgrades. |
| |
| ▲ | 2 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | 3 hours ago | parent | prev [-] |
| [deleted] |
