by throwaway202302 on 3/23/23, 4:37 PM with 2 comments
regarding the recent fingerprint discussions, I had look on fingerprint.com client-side javascript and found something I didn't know. Maybe you can comment. I did not find this in their public repo on github.
Its javascript seems to store a list of common forenames. Based on location "en-us", "en-gb", or russian, it picks a list of common forenames:
us: ["james", "mary", "john", "patricia", "robert", "jennifer", "michael", "linda", "william", "elizabeth", "david", "barbara", "richard", "susan", "joseph", "jessica", "thomas", "sarah", "charles", "karen", "christopher", "nancy", "daniel", "lisa", "matthew", "margaret", "anthony", "betty", "donald", "sandra"],
gb: ["oliver", "george", "noah", "arthur", "harry", "leo", "muhammad", "jack", "charlie", "oscar", "jacob", "henry", "thomas", "joshua", "william", "olivia", "amelia", "isla", "ava", "mia", "isabella", "sophia", "grace", "lily", "freya", "emily", "ivy", "ella", "rosie", "charlotte"],
ru: ["aleksandr", "sergej", "vladimir", "elena", "tatana", "andrej", "aleksej", "olga", "nikolaj", "natala", "anna", "ivan", "dmitrij", "irina", "maria", "mihail", "svetlana", "ekaterina", "evgenij", "viktor", "anastasia", "urij", "ulia", "valentin", "roman", "igor", "anatolij", "oleg", "pavel", "maksim"]
sdp: "v=0\r\no=mozilla...THIS_IS_SDPARTA-99.0 5217214617606885133 0 IN IP4 0.0.0.0\r\ns=-\r\nt=0 0\r\na=fingerprint:sha-256 79:15:54:8B:C7:71:71:D7:C4:D7:4C:A9:34:82:E2:EF:B4:58:9F:AE:BC:AC:91:2D:9A:B0:37:FC:23:AC:34:21\r\na=group:BUNDLE 0\r\na=ice-options:trickle\r\na=msid-semantic:WMS *\r\nm=application 9 UDP/DTLS/SCTP webrtc-datachannel\r\nc=IN IP4 0.0.0.0\r\nb=AS:30\r\na=candidate:0 1 udp 2113937151 iphone.local 50003 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 iphone-2.local 50004 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 jamess-iphone.local 50005 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 marys-iphone.local 50006 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 johns-iphone.local 50007 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 patricias-iphone.local 50008 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 roberts-iphone.local 50009 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 jennifers-iphone.local 50010 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 michaels-iphone.local 50011 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 lindas-iphone.local 50012 typ host gene....
Researching some more it seems these .local domains are registered by apple devices on your local router. Depending on the phones name, it will register such a domain. You can ping it using the ping command, e.g. ping iphone.local
Is it now, that fingerprint.com is probing for these domains, and is in case of success, finding your device name and possibly your forname?
Sounds nasty to me. Any WEBRTC expert could comment?
by Sean-Der on 3/24/23, 2:20 AM
I reported it here https://github.com/rtcweb-wg/mdns-ice-candidates/issues/121
I am not able to use my reproduce on Chrome/FireFox/Safari anymore. Not sure how they are doing it. If you create a host `lindas-iphone` does it work on fingerprint.com ?
If so they found a new way, I can try to figure that out and fix it.
by gravitate on 3/23/23, 7:19 PM
Disabling JS and as a double measure, disabling WebRTC is a good hardening strategy for your browser. Not everyone is going to do that, but it's worth mentioning that you can do this.