Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Simply resizing my browser window before pasting the second url seems to thwart this (But I don't have flash installed). Without flash, it falls firmly into the "kinda-works sometimes if everything goes perfect" camp.

So its another demonstration of flash being ridiculously insecure. These guys did it better, even defeating tor to reveal the origin IP. http://dl.packetstormsecurity.net/0610-advisories/Practical_...



Resizing my browser didn't go it but moving it to another screen it changed from "1ccf9e9301db4fb87b1d178d77edad5bfa598057" to "ab0e6beb449408b28473dd66a6f4501528087c0e". I don't think this method is prefect at all or should be used for anything reliable(like logins).


Reliability is not necessary. "Good enough" to sell ads- that's all they need.


Interesting, I had Chrome Flash Block enabled but it did not seem to thwart this.


Enabling click-to-play in Chrome (and not one of those extensions that hide or remove from the DOM the element once it's loaded) just makes the fingerprint to have less bits, since it can't get the list of the installed fonts on your computer.


I have a scriptblocker, an adblocker and ghostery installed. did not thwart this.


If someone's foolish enough to run javascript and flash on Tor, of course it's trivially easy to defeat it!


I expect most users of Tor fall into that category.


Works on the ipad though. No flash, and cant resize window. Must be working off timezone? Surely some more ipads in the UK?


iPads may be rotated. Rotating my smartphone made it unrecognized.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: