It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
Tangent note: I think browser fingerprinting is only a source of concern if you use VPN. Otherwise, your IP is already a good enough identifier, and quite likely doesn’t rotate often enough. Please someone correct me if I’m wrong.
I appreciate the list. I’m not saying there aren’t valid concerns, just that in my day to day life it’s one of those items where the steps needed to avoid browser fingerprinting is usually more work than the value I personally get from my perspective.
I’ve looked into this, and I’m not clueless. I’ve developed websites, I’ve done a lot of stuff with Selenium / Puppeteer, and have toyed with Firefox browser extensions.
I understand the tools they use and it’s just very tricky to fully eliminate this type of thing. For example they can even use the browser window size. Are you going to randomly change window size to some novel dimension when you open up a tab?
What about the JS engine you use. For example using Firefox already narrows down your anonymity by like 95% or something because only a small amount of users use the browser. Etc etc
It’s hard to do this correctly, and I feel like VPN + private window usually takes care of the price fixing thing on the list, for example. When I’m searching for flights I usually do this.
I also use JS blockers in order to try and mess up the scripts that Facebook & Google have hidden over the internet to track you. But ironically, doing that again reduces your anonymity. They know that if their scripts don’t work on you, you get narrowed down again to a very small % of users.
It only takes a few of those pieces of data to be reasonably sure that it’s you. Browser fingerprinting is tricky to really avoid. It’s not impossible, of course. Just saying to really do it right it might be more effort than it’s worth.
The depth of fingerprinting really bothers me and I have accepted that the best at it will succeed.
It is tempting to find the world’s most popular default configuration and use that :) But that’s prob be something gross like Windows 10 & Chrome! In fact, that’d be second after Android & Chrome. Wonder how detectable VMing/emulating those configurations would be.
Agree with you and appreciate the detailed response!
It’s sort of legally gray but generally speaking in the US downloading is a civil offense but not a criminal one. You can get sued by the copyright holder for example but you won’t end up in jail over it.
People usually never get sued for it because it’s not worth it for Comcast to pay for lawyers to try and extract any money out of regular people. Not only will they almost certainly be unable to even recoup the lawyer fees, they risk getting a lot of bad PR for no gain.
What’s usually considered an arrestable offense is uploading aka distribution. Once you start hosting seedboxes then you enter the area where you’re liable to go to prison.
Tangent note: I think browser fingerprinting is only a source of concern if you use VPN. Otherwise, your IP is already a good enough identifier, and quite likely doesn’t rotate often enough. Please someone correct me if I’m wrong.
Yeah I’d only worry about it if I were trying to buy drugs on the dark net or something. I guess if torrenting became illegal I would also worry.
I worry about price discrimination
I appreciate the list. I’m not saying there aren’t valid concerns, just that in my day to day life it’s one of those items where the steps needed to avoid browser fingerprinting is usually more work than the value I personally get from my perspective.
I’ve looked into this, and I’m not clueless. I’ve developed websites, I’ve done a lot of stuff with Selenium / Puppeteer, and have toyed with Firefox browser extensions.
I understand the tools they use and it’s just very tricky to fully eliminate this type of thing. For example they can even use the browser window size. Are you going to randomly change window size to some novel dimension when you open up a tab?
What about the JS engine you use. For example using Firefox already narrows down your anonymity by like 95% or something because only a small amount of users use the browser. Etc etc
It’s hard to do this correctly, and I feel like VPN + private window usually takes care of the price fixing thing on the list, for example. When I’m searching for flights I usually do this.
I also use JS blockers in order to try and mess up the scripts that Facebook & Google have hidden over the internet to track you. But ironically, doing that again reduces your anonymity. They know that if their scripts don’t work on you, you get narrowed down again to a very small % of users.
It only takes a few of those pieces of data to be reasonably sure that it’s you. Browser fingerprinting is tricky to really avoid. It’s not impossible, of course. Just saying to really do it right it might be more effort than it’s worth.
The depth of fingerprinting really bothers me and I have accepted that the best at it will succeed.
It is tempting to find the world’s most popular default configuration and use that :) But that’s prob be something gross like Windows 10 & Chrome! In fact, that’d be second after Android & Chrome. Wonder how detectable VMing/emulating those configurations would be.
Agree with you and appreciate the detailed response!
Became? 🤔
Torrenting itself is not illegal. The distribution of copyrighted material that you don’t own is the illegal part.
It’s sort of legally gray but generally speaking in the US downloading is a civil offense but not a criminal one. You can get sued by the copyright holder for example but you won’t end up in jail over it.
People usually never get sued for it because it’s not worth it for Comcast to pay for lawyers to try and extract any money out of regular people. Not only will they almost certainly be unable to even recoup the lawyer fees, they risk getting a lot of bad PR for no gain.
What’s usually considered an arrestable offense is uploading aka distribution. Once you start hosting seedboxes then you enter the area where you’re liable to go to prison.
No. If you don’t want to be tracked and you are using a VPN, fingerprinting is a problem as well. Privacy is not concern just for drug dealers.
deleted by creator