It occurred to me that you can remotely monitor the cursor location without JS by using some CSS :hover selectors to change hidden background images (causing a GET request). This should work on Tor as well and could be an interesting approach to tracking visitors.
-
-
The server code I hacked together to test this:https://gist.github.com/wybiral/c8f46fdf1fc558d631b55de3a0267771 …
Prikaži ovu nit -
The browser won't reload the background image so this version only tracks the movement on the first :hover ... but ... Since the request is chunked the server can send more CSS to add new :hover selectors each time one triggers.
Prikaži ovu nit -
Aside from making me question everything I know about browser tracking capabilities, this also makes me think that you could build some highly interactive content without using any JS at all.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Proposal: we should disable all GET requests (image changes) in CSS pseudo-class selectors. Will the web miss out on things like :hover image changes, sure but they can do that in JS for people who don't care about privacy. For the rest of us these features will be exploited.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Would be cool to utilize this for randomness seeding with no js enabled.
-
Unfortunately it can also be used as yet-another data point to fingerprint visitors even if they're actively trying to prevent it. Especially with the rise of machine learning to deal with all of this data... Privacy is becoming nearly impossible.
- Još 4 druga odgovora
Novi razgovor -
-
-
Any whitepapers or presentations in the future?
-
I feel like this thread and the source code cover it. It's been known that CSS can make GET requests in real-time as a result of conditions (selectors). So selectors like :hover and :focus can be used to monitor user behavior without JavaScript.
- Još 1 odgovor
Novi razgovor -
-
-
Neat find
-
Have you by any chance opened a ticket on http://trac.torproject.org ? We should try to block this on Tor Browser.
- Još 3 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.