Sorry to TL;DR but 50 page PDFs can be opaque for discussion. The presentation t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

bigethan on Nov 3, 2015 | parent | context | favorite | on: New Tricks for Browser Fingerprinting [pdf]

Sorry to TL;DR but 50 page PDFs can be opaque for discussion.

The presentation takes a while to get around to it, but it's a way to see your browser history using cert pinning/redirection. Specifically (ab)using features in the browser that even the paranoid don't disable. And then using that information to fingerprint you.

Demo: http://zyan.scripts.mit.edu/sniffly Code: https://github.com/diracdeltas/sniffly

It's a good find, even if it's not perfect the way the CSS link visited computed style checks was.

kardos on Nov 3, 2015 | [–]

The HSTS timing trickery is basically just an information leak bug that needs to be widely fixed; TorBrowser has fixed it [1].

[1] https://trac.torproject.org/projects/tor/ticket/1517

wlesieutre on Nov 3, 2015 | [–]

Demo in Firefox 42 didn't identify a single site as "probably visited," so I'm not sure what to make of that. Did it work for anyone else?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact