The problem is that so many browsers leverage hardware acceleration and offer access to the GPUs. So yes, the browsers could fix the issue, but the underlying cause is the way GPUs handle data that the attack is leveraging. Fixing it would likely involve not using hardware acceleration.
As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel. The data-dependent compression output directly translates to data-dependent DRAM traffic and data-dependent cache occupancy. Consequently, we show that, even under the most passive threat model—where an attacker can only observe coarse-grained redundancy information of a pattern using a coarse-grained timer in the browser and lacks the ability to adaptively select input—individual pixels can be leaked. Our proof-of-concept attack succeeds on a range of devices (including computers, phones) from a variety of hardware vendors with distinct GPU architectures (Intel, AMD, Apple, Nvidia). Surprisingly, our attack also succeeds on discrete GPUs, and we have preliminary results indicating the presence of software-transparent compression on those architectures as well.
It sounds distantly similar to some of the canvas issues where the acceleration creates different artifacts which makes it possible to identify GPUs and fingerprint the browsers.
Or leave the house 😢
This only sorta works for today and if your friends never share images or videos online. The ever-increasing amount of people taking pictures and filming and posting them online means the day is quickly approaching where you could be identified and tracked through other people’s content, security & surveillance cameras, etc.
If stores start adopting the tracking used at Walmart and the Amazon biometric data, social media will be the last of your worries.
Who says there’s no innovation in tech companies today? lol
Avatar checks out
Yes, it’s a press release, but I think this is maybe a an interesting use for some of the AI to augment that of volunteers who help describe and annotate for people who have vision challenges.
Welcome to the future [of shit]!
Ahh, Google’s tried and true method of throwing a million half-baked features to people before promptly cancelling them all. This will definitely work for them.
That’s a decent start, but you need a browser that’s resistant to fingerprinting through some plugins and something like ublock origin that will block all embedded content. At some point, it may require you to use a phone number, and at that point you may have a problem. If you avoid that, one of the biggest threats are the facebook and related meta content placed on other pages around the internet. The pixel is one aspect, but almost any facebook content can still track you across sites. These are easily blocked with a decent adblocker and probably privacybadger too.
I know lots of folks will disagree, but I’d care less about Facebook tracking you as they mostly only care about serving you ads and making content suggestions to keep you on the platform to view more ads. Facebook has never served me a relevant ad, and even with a lot of use still can’t recommend things I’m interested in. Data leaks and sharing is a concern, but that’s a concern with every site. I think when it comes to privacy, there’s far bigger concerns.
Yes-- same with bluetooth or ordering groceries for delivery and giving your home address. There’s always ways to leak data and make it no longer anonymous. However, from my knowledge of how some of these datasets work, they aren’t putting in a lot of effort into truly trying to make sure the joins are 100% accurate because it rarely matters. They generally don’t give a shit about you as an individual. The most common uses of the data are for advertising and mistargeting doesn’t cost enough to justify the time to verify the data.
Paying in cash though can make it anonymous, or by using virtual cards that mask your card id.
Sure, but you can usually register with fake info though. I’ve never seen one really verify much of any information.
Just use one of those email forwarding services that generates unique addresses.
everyone can sign up as “JP Morgan” at “555 Fuckoff Lane”. I’m guessing it might be better if we all standardize to make it harder to connect the sold datasets. If they have address checking we should find some tiny town with 200 people from google maps.
Protip: Many grocery stores allow you to just grab cards without signing up (in the US at least). You can tell them you’ll send it in later.
Then, you can use whatever the fuck info you want and still get the “rewards” so it’s not attached to you. If you use the apps on your phone, make sure they don’t have bluetooth access.
You should care, but it’s maybe more of a question about how much and about what specific things. There are some easy-to-do things, and then there’s others that get exhausting
Some of this depends on why you care about privacy and where you live. It’s a lot of work, and in some places, like the US, there’s a lot of data being sold anyway (credit/debit cards, tvs, streaming services, and stores can almost all sell some of your data and it can be difficult to stop them). Keeping Bluetooth on also enables you to be tracked going in and out of stores and other various locations.
It can be a lot of work, but some things are more worthwhile than others. There are likely some things you’re just going to have to live with.
who tf subscribes to this?
I’d bet mastodon saw an increase, but i haven’t seen the numbers.
It’s also hard to get a good count since it’s not centralized. So whatever numbers we do see, could be wildly underreported.
The named email says Abbott’s teams are working to “verify and confirm compatibility”, so it’s unclear if this is an actual issue or just a precaution over what they think could be an issue.
This. Works for many, but there are some services that recognize it’s a VoIP service and won’t allow it (I think discord was one that won’t work)
Another option is a burner phone, which are relatively cheap. You have to use them periodically or they’ll disable and recycle the number, but you can typically find them for around 25$.
Chrome lost its way years ago. I value not seeing ads or getting personalized content more than I value 99% of the chrome features.
Since Firefox finally fixed that weird memory fragmentation issue, it’s been pretty smooth sailing for me. Inspector & Debugger could use a few performance patches though.
YOU WON’T BELIEVE WHAT HAPPENS NEXT
Many sites have had to enable reveal passwords for people with complicated passwords not using password managers.
It’s low risk, but their numbers are also coming from fairly dated hardware and is just proof of concept. It can almost certainly be speed up significantly.