My comment was pretty orthogonal to all the Backblaze stuff, which I realize now was confusing.

Greatest pride was catching a tumbling beer at a party, and getting called spider-man.

I wanted to do some stuff with this data so need a raw format.

(process was so easy since its included on a single page load, so I assume you don't mind! thanks for making this )

I can beat it, but only be changing my IP. Since I'm not using a shared IP like a university/company might, my IP is giving them a lot of bits about me since I'm the only entity using it... No matter the browser switch, if I hit it from the same IP, it correctly assumes that my IP is still me. But the moment I switch to a different browser and change IPs I get a new fingerprint. Haven't dug deep on it though, like would an incognito window in Chrome on a new IP, have the same fingerprint as a non-incognito Chrome window on another IP? Not sure

I would love to play around with that fingerprint demo while on a large shared IP, where they the IP itself provides less signal and is less unique.

Your advice would apply if they're using a local TV tuner or IPTV setup to share live TV on the local network or something, but that seems unlikely. But for content coming from mainstream Internet streaming services, it's good bet they're not using multicast.

I do exactly this! I keep Tailscale running my family's shared iMac, making it easy for me to remotely connect to it and screen share if necessary to help. I went a more complicated route[0] and installed Tailscale as a system background daemon that runs as root and starts up before the first user login. Which also means no GUI interface, so more protected from user error.

[0] https://github.com/tailscale/tailscale/wiki/Tailscaled-on-ma... (the standalone variant is also entirely opensource, unlike their macOS GUI app)

For over 15 years reCAPTCHA has relied on browser fingerprinting to help distinguish humans from bots. And fingerprintjs.com has been around for well more than a couple years.

That said, sniffing the browser extensions someone is using is NOT a common fingerprinting method used by my examples, but just saying fingerprinting itself without explicit disclosure has been around for quite a long time. It happens on literally every CAPTCHA service. I hate it of course, but the ship sailed a long time ago.

--

I like this demo for testing my browser's resilence against fingerprinting: https://fingerprint.com/demo/

I know this means I'm wasting potential pixels, and wasting all the engineer effort that went into the nearly bezel-free design, but worth it IMHO.

> Tesla offers a “Root access program” on their bug bounty program. Researchers who find at least one valid “rooting” vulnerability will receive a permanent SSH certificate for their own car, allowing them to log in as root and continue their research further.

Pretty interesting. Sounds like Apple's Security Research Device Program[0], where you're loaned a rooted iPhone, but with a clear qualification criteria.

It strikes a nice balance, because to qualify you have to 1) show you have the skills to get root access anyway and 2) show you're willing to participate in the bug bounty program and get things patched.

I would of course love root on everything I own, but I can understand Tesla's motivation here since root for everyone would make vulnerability discovery easier for malicious actors. And if everyone had root on their Tesla, it'd be much easier to make naughty modifications that might catch the ire of regulators. (like disabling driver attentiveness checks in self-driving mode).

[0] https://security.apple.com/research-device/