You are an accomplice of IT companies violating User Privacy
LasmGratel opened this issue ยท 17 comments
If you can track and identify user for good by using this approach, you are depriving our right to privacy.
You said that this is only for educational usage but once it is carried out, there is no way to revert.
You are helping big companies like Google by identifying users. And you are violating First Amendment to the United States Constitution.
So I suggest you remove this repo or develop an approach to against it
Demonstration purposes to force the major browser vendors to take action against this vulnerability. Very far from collaborating with the dark side!
@LasmGratel why is it @jonasstrehle responsibility to develop an approach to fix this? He demonstrated this vulnerability as his research project, it's Google's and Apple's job to fix that!
You know he is kind of right. I have been thinking about building a tracking system (private kind) and this seems perfect. And i think those popup ad companies already implement this system. And companies like Google doesn't really need to because they own the platforms, global internet traffic and literally have tracking scripts embedded inside every page on the internet.
#Brave
@LasmGratel So assume you get your wish and this repo is removed. That would fix the situation... how, exactly? Are you suggesting that @jonasstrehle is the only person in the world capable of writing the software, and removing the repo will magically solve the problem once and forever? Are you even serious?
Regarding First Amendment: It may come as a surprise to you, but different countries have different Constitutions. @jonasstrehle is from Germany. Why do you think he has to care what our constitution says, when you don't even know what his Constitution does?
Update your browsers or change to brave browser, thats the easy fix at the moment.
All right, I see none of you are shameful violating user privacy. Such a pity for a developer living in a country that has introduced GDPR.
And I would like to assume that the day by which nobody could retain their privacies would come to us eventually, and remove this repo won't magically solve this problem, but I'm sure that as long as this repository exists, the process till that day will be "magically" accelerated. One of you said "Those big companies have their own way of tracking users and steal their privacies", it is not even comparable, at least their methods are not public yet, a normal person can hardly use their ways, but this repo brings a substantial reduction of costs, and also provides a way or some sort of inspirations for those individuals and companies with no ability to develop their own "BIG BROTHER", your repo won't be the direct reason of that day, but you will definitely become an accomplice of this sin. If you're really passionate about "force those big browsers to take action against this vulnerability", then you should not choose this way, absolutely
Also I see you have no action to urge browsers up to release a hotfix. So "force those big browsers to take action" is just a excuse.
@LasmGratel what have you done to improve user privacy? It looks like you're adamant about it, I'm sure you have a track record of pro-privacy actions?
@dylech30th it looks like some people prefer to hide their head in the sand and ignore issues, rather than discuss them in the open. I prefer for vulnerabilities to be published and get fixed by big companies (remember HSTS super cookie?) than silently ignoring them.
Also this vulnerability was discovered way before here: https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf
Did you email this researcher to fix that?
Did you @LasmGratel ?
Please consider the difficulty of turn a paper into real and just use an existing repo directly, while papers can bring significant complexities to prevent most people from reading and take action according to it, think of the 2000 stargazers of this repo, how many of them are actually want to use it for "education purpose", your target can be easily achieved by just providing a demonstration site, instead of giving out the full reproduce steps and source codes. I support publishing these vulnerabilities to notice those big companies, but I'd also prefer to keep the lowest reproducibility
2,000 stars is exactly what we need to have Apple/Google notice and take action. Out of those 2000 stars there will be devs from Google and Apple.
@dylech30th ๅฒๅฒๅฒ
I'll keep my point: force those companies to be noticed and take action by publishing those vulnerabilities is good, however, it is better to minimize the reproducibility, because it is hard to know how many new ideas will be inspired by this repo, and it is also hard to know how many of those ideas will be actually used to make a contribution of privacy safety, and how many of them will just be used on some dirty deeds
Some context (Chinese): OP was trying to call for same ideas with them on V2EX, one of the most common community for developers.
However, Chinese developers are way more familiar with this kind of bureaucracy, which is usually represented as:
Whenever there was a problem/question, don't deal with the problem/question; deal with who had raised it.
Eventually OP called for a bunch of mockery on themself. I think it very valid to leave OP alone and ๐คฃ
People against this repo probably implemented such tracking system, and don't want others to notice this problem.
Publishing a vulnerability may hurt you suddenly , but it's absolutely better than burning your butt silently. ๐คฃ
Technology is not evil but someone using it could be evil, you opened this issue because you think some companies could use it to collect your privacy. Actually, removing this repo does NOTHING but hides your head in the sands.
And, THERE ARE ALREADY LAWS for protecting privacy, as the author @jonasstrehle wrote: IT IS FOR EDUCATIONAL AND RESEARCH PURPOSE, why didn't you just SUE those bad companies who dare to violate the laws?
@LasmGratel ask fingerprintjs to take down their repository. I guess they operate in the US.