1. 62

  2. 16

    When I worked in the adtech industry, I thought of something like this and promptly dismissed it on grounds for how blatantly malicious it would look and sound explained to anyone. I can’t believe that someone actually went ahead and implemented it for “security”. That’s a sure fire way to have your site banned from every corporate network and other security focused place. And this boneheaded deployment can easily mask a malicious ad doing the same thing and hiding in plain sight! This doesn’t make users safer, it makes them less safer. Just. Wow.

    1. 4

      I wonder if there is a Firefox extension to detect such behaviour and let me know about that.

      This has probably happened and I haven’t noticed…

      1. 3

        Not exactly what you’re looking for, but extensions like uMatrix should mostly block this type of attack. The defaults are to block loading media, scripts and XHR/websockets from 3rd party domains, so it breaks most websites and isn’t super user friendly

      2. 3

        it is clearly malicious behavior and may fall on the wrong side of the law.

        Malicious, yes

        It is really illegal though?

        1. 4

          People have gone to court over port scanning in the USA IIRC, but I don’t know if it’s illegal per se

          1. 4

            Purely based on hearsay/reading stuff on the internet:

            Of course it depends on where you are, but based on intent port scanning can be considered “preparation for a crime”. I think for this reason the action taken by eBay might not constitute a crime. There the fingerprinting and maybe how it is justified might actually be more relevant.

            Even in law the analogy of knocking at people’s doors to check whether someone is home seems to hold. This can also be considered a preparation for a crime, if your intention is to rob them.

            1. 2

              If it is done for fingerprinting/tracking reasons, I’m pretty sure it’s illegal in the EU (the GDPR requires you to ask the user to opt-in to tracking).