Mastodawn

RE: https://mstdn.social/@osnews/116352453766199250

"OK we want our website to know which software you have installed"
"You can't do that"
"Sure, but we want to do it anyway. Maybe we have the software listen on a port and then we can try loading stuff from that port?"
"No. Zoom did that so it got banned"
"OK what about we edit their computer's local config?"

sigh. the shitty arms race continues.

Show thread

James Henstridge

@sil I remember back when any website could enumerate all the Philips Hue bridges on your local network.

The bridges would ping their cloud servers, and then they offered a REST API that would provide the self-reported local IP address of every bridge that appeared to share your public IP address. That API used CORS headers to make it usable from any website.