Btw it also works in the private "Tor" mode of Bravepic.twitter.com/nrZcPoTtt5
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Added detection of some common development software like MongoDB, ElasticSearch, Redis, and MySQL.pic.twitter.com/MXYDvCcciB
And detecting when a media player is opened by the visitor by inspecting the DAAP port used by iTunes/Rhythmbox/Amarokpic.twitter.com/tIL2Xrkp61
To be clear: this isn't a bug in Brave. It works in Firefox and Chrome too. It is, in fact, the expected behavior of web browsers to allow TCP requests on localhost from any website you visit. Just used for obnoxious/evil purposes in this case.
Cool, you can also detect that your visitors have Dropbox installed...pic.twitter.com/xL6U1IosMy
Someone should do one where the page's JS pulls data from MongoDB, says it analyzed it, and links them to some Amazon product (using a tracking commission link, of course).
Luckily the requests are in "opaque" mode so the page shouldn't be able to actually read the response body. But they can ping localhost servers and send data to them.
If you visit that site with @dollarvpnclub all of the trackers are replaced with GIFs of dogs skateboarding! Thanks DollarVPNClub!
Very clever, any recommendations for protecting against this sort of thing?
I hear the uMatrix plugin can block localhost access, maybe some other content blockers. But, yeah, unless browser vendors stop seeing this as a feature and start seeing it as an issue that's probably the only way.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.