Your Browser is Lying
HTML-код
- Опубликовано: 14 май 2023
- Subscribe to not miss out on next releases!
Your browser is a liar. It lies about colors and styles of links.
Go with me through the journey starting on the lie itself, through its history, up to the solution, and back to reintroducing it together with me.
Sources:
seclists.org/bugtraq/2002/Feb...
blog.jeremiahgrossman.com/200...
blog.mozilla.org/security/201...
www.theregister.com/2008/07/2...
www.technologyreview.com/2010...
developer.mozilla.org/en-US/d...
• Browser history re:vis...
thedarkside.frantzmiccoli.com... - Наука
That last part captcha'd my imagination
I liked how you started by telling the story of the problem, then talked about how you found another way to achieve the same thing, and ended by showing an incorrigible way to leak the same information. Wonderful stuff. 🙂
Thank you! Couldn't do it any other way. There are vulnerabilities which are considered "small" just because people lack context. And with proper context it starts showing that there is more on the line than meets the eye. Cheers!
Cool video! One suggestion is to lower the volume of the background music or increase your voice's volume. It was hard to understand what you were saying at some points. The captions helped.
Thank you for feedback. Will surely do that on the next one. Cheers!
@@mattsionkowski There's a technique called "ducking" in audio engineering. You can use a compressor with "side chain" to automatically lower the volume of an audio track if there's a signal from another audio source. E.g. automatically lower the background music when voice comes in. It's automatic and gives you nice dynamics.
@@ko0x my phone does that when I'm listening to music and it gets a notification or starts reading a text in the car. Good feature. I know it's not exactly what you're talking about but same effect pretty much.
I agree 100% , I would not mind cutting the music all together. You content is great and doesn't need any tricks or fluff.
Thank you for sharing.
Amazing stuff! Nice lego car btw :)
Cannot start a mission without a good ride. It's special agent's 101 :)
Great presentation !
I wonder if it's possible to build some funnel logic into the captcha characters, so that they could display the color white/black for different functions than directly "did you visit this unique address", but rather "did you visit 1 of those, or this group?" , so that depending on the characters appearing, they could know + about us than just 1 link history...
Concerning anyway, & suggests me there is indeed some reason to empty our history, & focus on either randomization of leaks (seems best), hiding 'em when possible & not counterproductive (fingerprint, which ironically can happen from hiding x ) or deleting the data (not always possible nor ideal).
Thx
Whoah great content Matt ! I lovw such things !
Thank you! Will keep going 😀
Very high quality content nice bro ❤🎉🎉🎉🎉
Thank you! Means a lot ❤
Nice one man, very informative.
Thank you, mate. This is still a fresh channel so i very much appreciate the feedback. It helps with maintaining or adjusting direction. Cheers!
This is the second video of yours I've watched, you've earned my sub. Such professional videos from such a small channel keep it up
I'm glad you stayed around! Cheers
Man, please keep up the excellent work. All your videos are enjoyable and rewatchable. Nice!
Thank you! You made my day🙂
@@mattsionkowski I watched 2 of your videos and agree: quallity content.
The only 2 things i dont like are the backgound music and the inserted video snippets. That makes me fell like somebody is trying to sell me something.
Enjoyed and informed. Doing a great service here.
Great video sir.
And again i must say: the problem is that we execute programs (JS) on our machines just because we wanted to read text like the news or so.
The capthcha thing can't really be used for rapid mass scanning of visited links though, yeah it links info but it's nowhere near as bad.
Cool video thanks for putting this together, I enjoyed it.
Does using a VPN help with these issues?
Very informative video, tells a lot more than just the story initially covered !
I don't know why I clicked this or watched it but it was very well done... good job man :)
Also to echo what someone else said, I would decrease the music volume a bit.
Wathehack couldn't browsers just disable the ":visited" css pseudo-class? (for websites, even if the browser uses it itself) How is this unpatchable?
The problem is - users expect this functionality to work as it is as old as browsers.
And if you disable the pseudo class, the browser internally might turn links purple, but it will not allow the webmaster to use a custom color.
... tradeoffs ...
But also keep in mind that my last use case required users action. Making a leak far smaller in size and in potential risk. The "lying" solution is really quite good. It prevents the massive leaks (automatic ones)
Great video!
very good video just try to sit in a different place which doesnt have a slanting side right on the right side of the video regarding bg music just lower it by 5 db and it should be better
They can patch to make text not be able to be the same color as the surrounding background. I can't think of any legit use, only malicious uses. Who would need to hide text? And if they do want a uniquely generated finger print they can just throw it to the bottom of the page where it won't disrupt the sites experience.
Favorite host :) Best wishes and looking forward for new stuff!
Work in progress :D
Thank you, and will keep going.
Glad i stuck around for the end
Learned a lot.. Scary shit. I'm less worried about a single hacker on a dark site, than big scumcorp spying on me. Thx.
The history leak took 8 years for a patch - but still, it got resolved at some point. Yet this is not the last privacy threat. I'm in the making of a video about browser fingerprinting, which is an issue very much alive. Stay tuned!
Nice video sir! Keep it sir ❤. Love from India 🇮🇳 ❤
nice explain, love from iraq 🇮🇶
You content is good , please don't add stupid memes like that doing why action in between.
I haven't seen other videos yet, so i don't know whether this was one off or not
Great video subscribed! But please get rid of the music
Thank you. Yep, received a lot of feedback of music being too loud. Will get it better next time!
😀
Again wishing Mozilla was the backbone of Brave browser (instead of Chrome). Someone get on that please ... 😞
Saw this on reddit BTW. Good info. TY. :peace:
Chromium is a well managed project too. Yet we cannot undermine the continous positive impact Mozilla had on the shaping of browsers as whole. Now we see Mozilla being pushed aside. I'm not saying everyone should use firefox, but as it's loosing users - we're all loosing a very good player on the browsers scene. Some day other browsers will not have that competition. And such monopoly is never a good thing.
@@mattsionkowski well said 👏
Nobody should be using a single browser for everything anyway. The fact that so many people do is concerning in itself.