not only that, but I remember Firefox (maybe chrome too) announcing a few years ago they have made scripted timers less accurate. I think that was a mitigation against websites attempting a spectre/meltdown attack. how is it that this new attack is not affected by the inaccurate timers?
IDK either. Just guessing here. I’m seeing claims that FF timer precision limiter only happens if you have privacy.resistFingerprinting enabled. Which I try to. But it breaks a shitton of anti-bot access gates and makes them them think I’m a bot, since I’m harder to fingerprint. So I guess many ppl leave resistFingerprinting disabled. Which might let this technique work in full force.
But it sounds like it has to allocate a very large amt of storage. Like 1GB. And then constantly read from that, to make the fingerprint. That’s something many ppl would notice. The authors do say there are no known examples of this in the wild. So there’s that.
not only that, but I remember Firefox (maybe chrome too) announcing a few years ago they have made scripted timers less accurate. I think that was a mitigation against websites attempting a spectre/meltdown attack. how is it that this new attack is not affected by the inaccurate timers?
IDK either. Just guessing here. I’m seeing claims that FF timer precision limiter only happens if you have privacy.resistFingerprinting enabled. Which I try to. But it breaks a shitton of anti-bot access gates and makes them them think I’m a bot, since I’m harder to fingerprint. So I guess many ppl leave resistFingerprinting disabled. Which might let this technique work in full force.
But it sounds like it has to allocate a very large amt of storage. Like 1GB. And then constantly read from that, to make the fingerprint. That’s something many ppl would notice. The authors do say there are no known examples of this in the wild. So there’s that.