← Back to context

Comment by awesome_dude

2 months ago

Oh, it's (re)randomised upon each restart, whew, thanks for the heads up

edit: er, I think that that also suggests that I need to restart firefox more often...

31 comments

awesome_dude

Reply
tech234a  2 months ago

The webpage would have to scan the entire UUID space to create this fingerprint, which seems unlikely.

  • throwaway808081  2 months ago

    Just have a database of UUIDs. Seems pretty trivial to generate and sort as it's only 16 bytes each.

    • pshirshov  2 months ago

      That's actually a bright idea! Have you ever thought about applying for VC funds?

      Once you deliver that, you can also think about a database of natural numbers!

      2 replies →

    • stirfish  2 months ago

      lol

      Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware.

        function* uuidIterator() {
   const bytes = new Uint8Array(16); 
   while (true) {
     yield formatUUID(bytes);

     let carry = 1;
     for (let i = 15; i >= 0 && carry; i--) {
       const sum = bytes[i] + carry;
       bytes[i] = sum & 0xff;
       carry = sum > 0xff ? 1 : 0;
     }
 
     if (carry) return;
   }
 }
 
 function formatUUID(b) {
   const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
   return (
     hex.slice(0, 4).join("") + "-" +
     hex.slice(4, 6).join("") + "-" +
     hex.slice(6, 8).join("") + "-" +
     hex.slice(8, 10).join("") + "-" +
     hex.slice(10, 16).join("")
   );
 }

      This is free. Feel free to use it in production.

      3 replies →

    • Mikhail_Edoshin  2 months ago

      16 bytes is a lot. 4 bytes are within reach, we can scan all of them quickly, but even 8 bytes are already too much.

      Kolmogorov said that computers do not help with naturally hard tasks; they raise a limit compared to what we can fo manually, but above that limit the task stays as hard is it was.

Ghoelian  2 months ago

I don't think that's the case. I have the Earth View extension installed which shows a random google earth image.

I have this set as my homepage in Firefox as moz-extension://<extension-id>/index.html, and this has not changed since installing the extension. The page still works.

jorvi  2 months ago

Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.

Enjoy the fingerprinting.

  • tristan957  2 months ago

    I restart my browser basically every day.

    • cyanydeez  2 months ago

      yeah I close out everything as a mental block against anything I'm working on.

      I think there's a subset of people that offload memory to their browsers and that's kinda scary given how these fingerprint things work.

  • Thiez  2 months ago

    There isn't enough energy in the solar system to count to 2^128. Now a uuid v4 number "only" has 2^122 bits of entropy. Regardless, you cannot realistically scan the uuid domain. It's not even a matter of Moore's law, it is a limitation of physics that will stand until computers are no longer made of matter.

  • recury  2 months ago

    You just need to open so many instances and tabs in each instance that it crashes every couple days

  • eek2121  2 months ago

    Umm, I restart my PC about once a week for security and driver updates.

    If you don't, you have a lot more to worry about beyond fingerprinting...

    Oh and I'm on LINUX (CachyOS) mind you.