Stuart Langridge

RE: https://mstdn.social/@osnews/116352453766199250

"OK we want our website to know which software you have installed"
"You can't do that"
"Sure, but we want to do it anyway. Maybe we have the software listen on a port and then we can try loading stuff from that port?"
"No. Zoom did that so it got banned"
"OK what about we edit their computer's local config?"

sigh. the shitty arms race continues.

Apr 6 at 9:00amPhanpy
Show threadJames Henstridge1d ago

@sil I remember back when any website could enumerate all the Philips Hue bridges on your local network.

The bridges would ping their cloud servers, and then they offered a REST API that would provide the self-reported local IP address of every bridge that appeared to share your public IP address. That API used CORS headers to make it usable from any website.

Show threadkirch1d ago
@sil oh dang, Adobe is still doing that? I remember, maybe 10 years ago, that Adobe was killing my dual-boot by corrupting the hosts file somehow
Show threadChristian Berger DECT 276312h ago

@kirch @sil AFAIK they were actually modifying the bootloader.

I mean it's Adobe, they don't care about their users.

Show threadJohn Colagioia20h ago
@sil And they're finding this at the same time as people notice that LinkedIn is quietly scraping who uses which Chrome plugins, no less. Two MIGHT be a coincidence, but I imagine that we'll find plenty more big companies building these catalogs.