technology

24384 readers

139 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net

JustSo@hexbear.net

Websites have a new way to spy on visitors: Analyzing their SSD activity (arstechnica.com)

submitted 3 days ago by git@hexbear.net to c/technology@hexbear.net

10 comments fedilink hide all child comments

top 10 comments

sorted by: hot top controversial new old

[–] blobjim@hexbear.net 1 points 2 days ago

Of course it uses some new complex API added 3 years ago. Web browsers are just too complicated and fast-moving to be private or secure. Thanks to Google and others for not simplifying any of this over time.

[–] deforestgump@hexbear.net 21 points 3 days ago

"This fucking guy has every Blink-182 album!"

[–] invalidusernamelol@hexbear.net 12 points 3 days ago (1 children)

This seems a bit of a pain to actually use for tracking. A 1GB file allocation and neural network processing of all the transaction data to maybe find out that someone has Google Docs open?

[–] sovietknuckles@hexbear.net 19 points 3 days ago (1 children)

The whole thing is client-side JavaScript. The attacker won't care about resources used, in this case, because the victim foots the bill

[–] invalidusernamelol@hexbear.net 11 points 3 days ago (1 children)

Does mean it'll be pretty easy to detect at least.

[–] EveningCicada@hexbear.net 10 points 3 days ago (1 children)

Though if I were using something like google maps I wouldn't notice an extra 1GB.

[–] invalidusernamelol@hexbear.net 13 points 3 days ago* (last edited 3 days ago) (1 children)

I just read the paper and it isn't 1GB, it's system ram. So it has to create a file in your OPFS that's closer to 32GB.

It can also only fingerprint the top 100 sites right now.

It will also noticably slow things down since it's clearing your page cache 1000 times/sec which means you're running almost entirely in swap/disk space.

Firefox is also the only one that limits OPFS size (10GB) so they need to create multiple files if you have more than 10GB or ram.

[–] EveningCicada@hexbear.net 7 points 3 days ago (1 children)

So it's basically a non-issue unless it becomes far more efficient?

[–] invalidusernamelol@hexbear.net 9 points 3 days ago

Unless I'm reading it wrong? Seems like it's more of a "we can get your hardware to behave a certain way, even when sandboxed" thing than a "this is a very serious security vulnerability" thing?

I don't see how it could become more efficient since the attack vector is basically just filling your ram and forcing your OS to clear the page cache.

[–] peeonyou@hexbear.net 1 points 3 days ago

yeah but considering how many people have like 5000 tabs open at any given time, good luck tracking what any of that means