| ▲ | strbean 4 hours ago | |
There's a pretty big difference between: 1) wanting functionality that isn't provided and working around that and 2) restoring such functionality in the face of countermeasures The absence of functionality isn't a clear signal of intent, while countermeasures against said functionality is. And then there is the distinction between the intent of the software publisher and the intent of the user. There is a big ethical difference between "Mozilla doesn't want advertisers tracking their users" and "those users don't want to be tracked". If these guys want to draw the line at "if there is a signal from the user that they want privacy, we won't track them", I think that's reasonable. | ||
| ▲ | maltelau 3 hours ago | parent | next [-] | |
The presence of the "Do Not Track" header was a pretty clear indicator of the intent of the user. Fingerprinting persisted exactly in the face of such countermeasures. | ||
| ▲ | fc417fc802 an hour ago | parent | prev [-] | |
Even if the intent is clear I don't think the act of reading an available field qualifies as exploiting a vulnerability. IMO you need to actually work around a technical measure intended to stop you for it to qualify as an exploit. | ||