Conversation

Notices

1. Embed this notice
   mcc (mcc@mastodon.social)'s status on Friday, 30-Aug-2024 08:55:01 JST mcc

   i wish i had some kind of tool that I could paste a unicode character into and it tells me which OSes and which versions of which OSes it will display on correctly. there's stuff like emojipedia but (1) that doesn't include non-emoji graphical characters like 🡅, and (2) it's harder to use becuase it focuses on "what does it look like" but I don't care what it looks like as long as it hasn't literally been decomposed into multiple characters

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 30-Aug-2024 08:55:00 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @mcc I did some experiments with this at my previous job, except it was trying to detect os by supported emoji

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 30-Aug-2024 09:23:44 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @mcc https://fc15.ifca.ai/preproceedings/paper_83.pdf

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 30-Aug-2024 09:27:22 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @mcc There are flaws with this paper - small sample size, recruited from mechanical turk - but getting consent for that data is hard.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 30-Aug-2024 09:30:00 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @mcc Anyway. One could passively build up a data set without a huge amount of work.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 31-Aug-2024 00:02:28 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Dan Cassidy 🦌

     @whimsy @mcc Most of the claimed user fingerprinting stuff is only useful to distinguish devices in a household that share an IP address, and even that is questionable.

     The marginal entropy of most of that stuff is minimal.

     Now, for anti-fraud, when bad actors are spoofing stuff, then it is fantastic.

   • Embed this notice
     Dan Cassidy 🦌 (whimsy@chitter.xyz)'s status on Saturday, 31-Aug-2024 00:02:29 JST Dan Cassidy 🦌

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc @mcc oh god advertisers are using this to fingerprint users aren't they

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 31-Aug-2024 00:05:00 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Dan Cassidy 🦌

     @whimsy @mcc Like, if have a timestamped pcap of your connection to a server, I can narrow down your user agent string to like three values with 90% accuracy.