>>xmrcat+(OP)
> Their logic: You have to be friends with the user to receive this packet. Therefore, a "trust relationship" exists.
That logic is acceptable. You could also DM an offline friend a tracking pixel to reconstruct their activity, a lot of this endpoint security is entirely up to the user.
>>bigyab+61
True, but a tracking pixel is an active attack that leaves a visible trail. This leak is passive surveillance; I can silently graph the sleep cycles of 200 friends without ever interacting with them. Trust shouldn't imply consent for invisible, automated logging.
>>xmrcat+E1
Do you really need an LLM to talk on HN? Genuinely, this research seems cool but its hard to trust your findings when there's clearly AI being used heavily in writing the article and in your comments here.