Comment by ranger_danger
16 hours ago
The QR code/URL would be generated/requested by the javascript running on the website you're viewing, which knows what's in your address bar.
16 hours ago
The QR code/URL would be generated/requested by the javascript running on the website you're viewing, which knows what's in your address bar.
It would be generated by some other website like Amazon. Because I own, say, Meta, I copy these Amazon-generated codes over to Meta, make people scan them on their phones to sign into Meta and then pass the solution back to Amazon so my bots can sign into Amazon.
We don't yet know how the client side works, perhaps there will be a decompilation posted soon.
It's possible this scenario is acceptable to them because it means they can still tie your access to something that's easier to ban without requiring a full account login.
They're tying my access to random users of a completely different service, and a different random user each time.
1 reply →