[wongarsu]

Websockets bring them past the router and any other hardware firewall or NAT. Also various software only listens to localhost, on the assumption that local traffic is trustworthy.

They could still portscan from afar and it would still be sketchy, but using Websockets makes it worse

[dndvr]

So does using websockets allow you to scan local IP ranges and find other devices on the LAN?

[hedora]

By the rule of all web technology sucks and is untrustworthy, they block 10.0.0.0 and 192.168.0.0, but inexplicably allow 172.16.0.0-172.31.255.255.

(Or at least, that was what someone else claimed last time this came up on HN)

[eganist]

Who's "they" in this context? It's unclear to me if this refers to eBay or browser vendors.

[disposekinetics]

My understanding is it allows them to check for things listening on loopback, given they appear to be checking for SSH tunnels.