Oooo you sneaky bastards!!!
Just developing a new scanner to #audit #websites after noticing that EDPS - European Data Protection Supervisor #wec scanner is not killing its processes leading to massive memory leak.
In the process of testing my code on a real web site (I won't disclose who it is) I discovered a cheeky new trick being used by #adtech to avoid detection of #canvas #fingerprinting by other scanners.
They are loading up data elements of pngs in base64...
[#]privacy
=> More informations about this toot | More toots from thatprivacyguy@eupolicy.social
Here is an example of a decoded one I found - it renders the image with GPU and all GPUs will render the image slightly differently (due to artefacts created by slight differences in the quality of the silicon used in each GPU) making the rendered image unique to a specific device (perfect for device fingerprinting).
[#]privacy
=> More informations about this toot | More toots from thatprivacyguy@eupolicy.social
This technique is not new, it has been in wild for about 15 years now from a fingerprinting perspective - but I have never noticed it done this way before - it is a deliberate circumvention measure to avoid detection.
I had to run the base64 code through a decoder to get the image.
I think it is long beyond time that such activities should be considered a #criminal offence, it is a clear attempt to #circumvent the #law.
=> More informations about this toot | More toots from thatprivacyguy@eupolicy.social
text/geminiThis content has been proxied by September (ba2dc).