zlacker

[parent] [thread] 4 comments
1. LunaSe+(OP)[view] [source] 2020-11-28 23:20:16
So are DNS and HTTP caches.
replies(1): >>gruez+61
2. gruez+61[view] [source] 2020-11-28 23:31:59
>>LunaSe+(OP)
>DNS

most people don't run their own resolvers, so at best you're fingerprinting DNS server of the ISP.

>http caches

can be easily cleared, or mitigated entirely by extensions or browser (eg. multi account containers).

replies(1): >>eyelid+Sd
◧◩
3. eyelid+Sd[view] [source] [discussion] 2020-11-29 01:51:51
>>gruez+61
> most people don't run their own resolvers, so at best you're fingerprinting DNS server of the ISP.

That’s not how it’s tracked commonly. Similar to HTTP caches, you can fingerprint visitors by how quickly a domain request resolves for them. Sure, all of this can be mitigated. But you have to even know what to mitigate. And given the most fanatical privacy folks aren’t aware of basic timing fingerprints is a good indicator that no one is mitigating it nearly as well as they might think.

replies(1): >>smiche+tZ
◧◩◪
4. smiche+tZ[view] [source] [discussion] 2020-11-29 14:21:06
>>eyelid+Sd
If js were removed from the web tomorrow, the people currently working on tracking protection against js could instead focus on these other mechanisms. Because privacy is an arms race, reducing attack surface is not pointless even if the same tracking can be achieved by other means.
replies(1): >>eyelid+dz1
◧◩◪◨
5. eyelid+dz1[view] [source] [discussion] 2020-11-29 19:41:42
>>smiche+tZ
I don’t think JS (or some other runtime) could plausibly be removed from the web on any time scale. People have a (reasonable) expectation that they can do app-like things on a network, and that surface area will find its way to manifest one way or another. At least having it on the web has somewhat of a limiting effect on the entrenchment of the biggest (and worst) privacy offenders, because the barrier to entry is lower than building a wide array of native apps.
[go to top]