upvote

points

by awesome_dude3 hours ago |
comments
upvoteby triceratops3 hours ago|
next
[-]
It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213
reply
upvoteby awesome_dude3 hours ago|
parent|
[-]
Oh, it's (re)randomised upon each restart, whew, thanks for the heads up

edit: er, I think that that also suggests that I need to restart firefox more often...

reply
upvoteby tech234a2 hours ago|
parent|
next
[-]
The webpage would have to scan the entire UUID space to create this fingerprint, which seems unlikely.
reply
upvoteby 2 hours ago|
parent|
next
[-]
deleted
reply
upvoteby throwaway8080812 hours ago|
parent|
prev|
[-]
Just have a database of UUIDs. Seems pretty trivial to generate and sort as it's only 16 bytes each.
reply
upvoteby Dylan1680719 minutes ago|
parent|
next
[-]
"Just" have a database, and then what? I can set up a database of all UUIDs very easily, but I don't think it's helpful.
reply
upvoteby stirfish1 hours ago|
parent|
prev|
[-]
lol

Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware.

  function* uuidIterator() {
   const bytes = new Uint8Array(16); 
   while (true) {
     yield formatUUID(bytes);

     let carry = 1;
     for (let i = 15; i >= 0 && carry; i--) {
       const sum = bytes[i] + carry;
       bytes[i] = sum & 0xff;
       carry = sum > 0xff ? 1 : 0;
     }
 
     if (carry) return;
   }
 }
 
 function formatUUID(b) {
   const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
   return (
     hex.slice(0, 4).join("") + "-" +
     hex.slice(4, 6).join("") + "-" +
     hex.slice(6, 8).join("") + "-" +
     hex.slice(8, 10).join("") + "-" +
     hex.slice(10, 16).join("")
   );
 }
This is free. Feel free to use it in production.
reply
upvoteby b00ty4breakfast1 hours ago|
parent|
[-]
Free space heater
reply
upvoteby jorvi1 hours ago|
parent|
prev|
[-]
Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.

Enjoy the fingerprinting.

reply
upvoteby tristan9571 hours ago|
parent|
next
[-]
I restart my browser basically every day.
reply
upvoteby cyanydeez52 minutes ago|
parent|
[-]
yeah I close out everything as a mental block against anything I'm working on.

I think there's a subset of people that offload memory to their browsers and that's kinda scary given how these fingerprint things work.

reply
upvoteby eek21211 hours ago|
parent|
prev|
[-]
Umm, I restart my PC about once a week for security and driver updates.

If you don't, you have a lot more to worry about beyond fingerprinting...

Oh and I'm on LINUX (CachyOS) mind you.

reply
upvoteby b1123 hours ago|
prev|
next
[-]
Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches?

I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't.

reply
upvoteby maples373 hours ago|
parent|
next
[-]
The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.
reply
upvoteby b1122 hours ago|
parent|
[-]
ChatGPT told me it can be done though.

It won't disclose how, as it says it has had several users report it. And that it expects 50% of the bounty, and will use it for GPU upgrades.

reply
upvoteby 3 hours ago|
parent|
prev|
next
[-]
deleted
reply
upvoteby 2 hours ago|
parent|
prev|
[-]
deleted
reply
upvoteby 3 hours ago|
prev|
[-]
deleted
reply