No cookies, no permission prompts, just a blank page. STUN candidates hand over your real LAN and public IP. Canvas and WebGL renders are unique enough to track across sessions. AudioContext hash barely changes between reboots.
Font enumeration was the one that got me. Measuring text widths in a canvas element leaks your installed font set, and most people have a weirdly unique combination.
Built an 8 module scanner to dump all of it at once. Half the "privacy" tweaks I was running were theater.
[link] [comments]
from hacking: security in practice https://ift.tt/5rTxqyj
Comments
Post a Comment