← Back to context

Comment by tifkap

5 days ago

This is most likely an attempt to connect to a webserver on your own device to collect data and/or do tracking.

Remember back in June when Facebook/meta got caught tracking users trough a webserver on Android phone thought Messenger and Instagram? Same thing.

See: https://news.ycombinator.com/item?id=44175940

3 comments

tifkap

Reply
dannyw  4 days ago

Why do you say that’s most likely?

This is a common pattern for connecting to smart cards / hardware security devices. Probably a service or hardware that’s run on official CBP machines that should be disabled for prod, but forgot.

  • 77pt77  4 days ago

    This is by far the most likely reason.

    I personally use pages that authenticate via a smartcard using this exact scheme.

    There is a Java "plugin" that is nothing but a mini webserver that listens on a specific port and performs authentication.