| ▲ | lyu07282 3 hours ago | |
Do you seriously not see the contradiction? I consider all methods that enable fingerprinting, as vulnerabilities that browsers should fix, if we did that it would destroy their business. On top of that a company like that shouldn't be allowed to exist in the first place as a legal entity and it very likely is already operating in a legal grey area in a lot of places. It's the difference between a security company that provides IDS signatures as a service that does responsible disclosure vs. a malware company that offers 0click exploits. Would you praise the NSO group if they did responsible disclosure? Fucking HN sheep | ||
| ▲ | flufluflufluffy 2 hours ago | parent | next [-] | |
If you take their claim that they don’t use vulnerabilities in their products as true, then I don’t see a contradiction. If it isn’t true, then obviously there is a contradiction. But your considering of all methods that enable fingerprinting as vulnerabilities is your own opinion. There are definitely measurable signals that are based on a user’s behavior, rather than data exposed by the browser itself. | ||
| ▲ | kube-system an hour ago | parent | prev [-] | |
It's a little bit disingenuous to call intentional wont-fix features "vulnerabilities". | ||