Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
NoahZuniga
4 months ago
|
parent
|
context
|
favorite
| on:
Covert web-to-app tracking via localhost on Androi...
This is not unique to WebRTC. The same result could be achieved by sending a http request to localhost. The only difference in this case is that using WebRTC doesn't log a http request
codedokode
4 months ago
[–]
The browser could refuse to connect to localhost. I think there are browsers that refuse (i.e. to prevent attacking a router config interface).
iforgotpassword
4 months ago
|
parent
[–]
I doubt anyone is running a browser on their router.
But still, you could do the same for stun, turn, sdp. Disallow local host.
jeroenhd
4 months ago
|
root
|
parent
[–]
That's literally what browsers have done (for STUN) and are working on (for TURN).
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
