Technology

70302 readers

2747 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information. (arstechnica.com)

submitted 2 years ago by PopBobert@lemmy.world to c/technology@lemmy.world

29 comments fedilink hide all child comments

top 13 comments

sorted by: hot top controversial new old

[–] WhoRoger@lemmy.world 9 points 2 years ago (1 children)

So I have two questions, first how does a browser stop websites from scanning open ports and second WHY THE FUCK DO WEB SITES SCAN OPEN PORTS

[–] demonsword@lemmy.world 8 points 2 years ago* (last edited 2 years ago) (4 children)

if you use firefox you can use this addon
fingerprinting (i.e. tracking you), even if you delete cookies etc

[–] bionicjoey@lemmy.ca 2 points 2 years ago

Incompatible with Firefox on Android 😔

[–] perviouslyiner@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

In the case of ebay at least, the normal ublock origin seems to prevent this (maybe just incidental that it blocked the loading of the port scanning script?)

Open "web developer tools", "network" tab and browse to ebay - if uBlock Origin is turned off, after a few seconds you start to see lots of websocket connections as is shown in the article here. With uBlock Origin enabled, I'm not seeing those.

EDIT: Raymond confirms this ^[reddit^ ^link]^ and asks for some ideas on how to specifically block malicious connections to localhost

[–] WhoRoger@lemmy.world 1 points 2 years ago (3 children)

But re 1) I'm so confused, how does the browser have access to such information, never mind an addon?

I get that browsers can do way more than tcp port 80 these days, but I didn't know it can do so much, man.

Or is that sniffing so closely related to the web site itself, i.e. is the actual web server doing it? I would expect that if someone would want to snoop on my network, they'd be using something else than a web server.

Guess I need an eli10 for modern browsers.

[–] perviouslyiner@lemmy.world 4 points 2 years ago (1 children)

The screenshot in the article shows Websocket connections from the browser, which I think is the only non-HTTP connection that web pages can make?

Websockets always seemed a confusing technology, as they just kinda ignore the same origin policy that has been a fundamental part of JavaScript security since JavaScript's creation!

[–] WhoRoger@lemmy.world 1 points 2 years ago

Yea I've always been weirded out by it. Thx

[–] jimmyjazx@kbin.social 3 points 2 years ago

https://blog.nem.ec/2020/05/24/ebay-port-scanning/ this explains it pretty well, but not eli10

[–] demonsword@lemmy.world 1 points 2 years ago (1 children)

There are legitimate reasons to scan/connect to ports at localhost, the article even lists some (e.g AVs)

[–] WhoRoger@lemmy.world 0 points 2 years ago

Hm, but browser addons?

I guess I'm mainly confused because the abilities of browser extensions have been so heavily eroded over time. Can't make an extension to manage bookmarks anymore and lots of other things. So I'm surprised it could do such things.

[–] realz@lemmy.world 2 points 2 years ago

What's the legality of this?

load more comments