←back to thread

Supercookie: Browser Fingerprinting via Favicon (2021)

(github.com)
357 points vxvrs | 5 comments | 16 Nov 25 19:39 UTC | HN request time: 0.411s | source
1. scrps ◴[16 Nov 25 22:46 UTC] No.45949158[source]
Nonpersistent vm-based browser, I use qemu + cage + firefox and some glue logic to fire up a copy of a base image which gets deleted on exit. Fires up slower than a native firefox instance but runs all the same.

Can containerize for the less paranoid and less work but browsers touching host kernel gives me the ick as does the idea of trying to write ebpf policies for firefox to mitigate. Browsers are pain.

replies(2): >>45949204 #>>45950005 #
2. captainkrtek ◴[16 Nov 25 22:54 UTC] No.45949204[source]
This sounds interesting, do you have this written up anywhere?
replies(1): >>45949939 #
3. scrps ◴[17 Nov 25 00:53 UTC] No.45949939[source]
I sadly do not atm beyond some notes but I can if there is interest.
4. ghxst ◴[17 Nov 25 01:07 UTC] No.45950005[source]
Tried a similar approach but found that putting the browser in a VM has a tendency to expose a few data points that stand out as less trust worthy which means you end up getting a lot of captchas on some websites (like using swiftshader for renderer, not having some fonts installed, among other things), lying about these can typically be detected as well (like injecting noise into a canvas, modifying the advertised renderer). If you've found any solutions to these please share.
replies(1): >>45950150 #
5. scrps ◴[17 Nov 25 01:42 UTC] No.45950150[source]
What approach did you end up going with instead?