Hacker News new | ask | show | jobs
by Domenic_S 2604 days ago
You're profiling the what now?
1 comments
wybiral 2604 days ago
<link> tags to include CSS and JavaScript on a page can have an integrity property, which is a SHA hash of the resource they link to.

It's intended to ensure that a CDN doesn't change the content they're serving to your users.

But it turns out you can approximate the speed a visiting browser computes those hashes to fingerprint browsers just by including some CSS on a page.

link
lucb1e 2604 days ago
But that hash is a regular, fast hash that takes like 1µs to compute right? Doesn't that get lost in network jitter? Wouldn't averaging the time it takes to run for(i=0;i<Math.pow(2,18);i++); over 10 runs be much more accurate? Or is this meant to spite the 0.01% of visitors that really try not to be tracked and have turned off javascript?
link
wybiral 2604 days ago
> But that hash is a regular, fast hash that takes like 1µs to compute right?

They use SHA512 which is fast, but noticeable for large enough files.

> Or is this meant to spite the 0.01% of visitors that really try not to be tracked and have turned off javascript?

Yes, the point is that it works with blockers.

link