Basically title. Recently I saw a new option in Chromium website permission settings called “allow access to local network” or something like that and I know some antiviruses on Windows that can list all devices connected to the same WiFi network. I’m usually using Firefox based browsers that obviously don’t have the option to disable or enable that access. So can some really invasive websites mine data about my local network, connected devices etc? And if so, what can I do to prevent it except for just disconnecting everything else when visiting such websites?
There is a Firefox extension that blocks port scanning from websites, and the prime example is eBay. If you block eBay with this extension, you cannot log in. eBay specifically requires a port scan of your machine or it won’t let you log in. So based on just that alone, I would say that yes, there is a risk.
Interesting, I didn’t know about that. Bleeping computer has a good write up on it (I’m assuming they broke the story) https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
According to Nullsweep, who first reported on the port scans, they do not occur when browsing the site with Linux.
HA!
This is something new. Thanks for the info. Man we are not safe.
Any extensions or mitigations you use can be detected and used to increase the fingerprint of your browser/device even more.
If I visit that page I get a “fingerprinting activity detected” warning from JShelter and then a mostly blank page with “FP ID: Computing…” at the top, and a bunch of javascript errors in the console.
Most sites are fine with the settings where I normally leave them, but it’s not much of a surprise for one that’s devoted entirely to browser fingerprinting to be broken by JShelter. Stopping or at least making more difficult most fingerprinting attempts is among the things it does. It can’t stop all of them of course, but it’s one component that helps to work against them.
WebWorker is disabled by default in JShelter which is required for creepjs to work. If you set just that function to Strict instead of just the default Remove, then creepjs still works fine.
But creepjs could be modified to work without webworker if you were thinking JShelter really does something useful to hide your fingerprint from someone who wants it bad enough. And you can still be fingerprinted many other ways even without JavaScript at all.
It is webRTC
Not in Firefox based browsers. Also that’s the tech they use for scanning
Wasn’t it Google drive, that once you install it onto a device on a network, that it would scan your entire network for other devices? I tried Googling for it but then laughed realizing Google wouldn’t let that information continue to linger. Or I could just be wrong.