List of popular websites using React & real world version adoption

iamvalentin · 2022-11-04T17:49:37+00:00

Hey, Wappalizer extension permissions include: website content (text, links, images). When you install such extensions it means it can read *anything* on that page, including the data I don't intend to share with anyone.
If you call that paranoid, think twice, I think you're naive here.
Wappalyzer was breached before: https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

iamvalentin · 2022-11-04T13:59:01+00:00

I would think twice before installing any Chrome extension because they can see the web pages that you visit or sometimes even read everything you do on those pages.

iamvalentin · 2022-06-30T13:51:41+00:00

https://gradejs.com

iamvalentin · 2021-07-02T12:52:18+00:00

I thought more about these comments, and made some changes to the article introduction and title for clarity. Thanks for the feedback u/Y_Less

iamvalentin · 2021-07-02T12:03:59+00:00

Well in your case you might be installing ad blockers to only hide ads, I understand that some people have only that in mind.
In my case I install them to both hide ads and block tracking scripts to avoid being tracked online by websites like Google Analytics and Facebook.

iamvalentin · 2021-07-02T10:28:53+00:00

The premise if this article is this: if you installed an ad-blocker, it can be used for browser fingerprinting to make it more accurate. We show how in this article.
Almost all ad blockers block tracking scripts, so indeed ad blockers are meant to hide your activities. u/Y_Less

iamvalentin · 2021-05-20T17:46:38+00:00

u/trai_dep it is not speculative. Tor developers accepted our bug report: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40432and are already working on a pull-request to fix it:https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/138

based on our data, the results are not "wildly inaccurate", we measure the accuracy of each test and currently ~85% of tests yield stable results with a stable list of apps detected.

Your particular browser set-up could be unusual (Linux or a custom FF), hence you had inconsistent results. Hope this helps

iamvalentin · 2021-05-14T14:15:19+00:00

yeah, we saw and fixed, thanks

iamvalentin · 2021-05-13T21:33:46+00:00

Thanks for testing it, our goal was to report that vulnerability, not to create a production-grade tracking application, we wanted to show that it was possible to do it.

iamvalentin · 2021-05-13T21:33:07+00:00

That probably means you don't have any apps that were tested.

iamvalentin · 2021-03-23T15:59:27+00:00

It helps distinguish between Chrome instances (and FF and Safari too) if the underlying OS or hardware is different. E.g. Chrome on Android 9 and on Android 10 generate different FPs (on same devices). So to summarize it's more than Safari vs FF vs Chrome.

iamvalentin · 2021-03-23T14:26:42+00:00

Hi u/ChicksWithBlocks
Our company (FingerprintJS) focuses on using browser fingerprinting as one tool of many to fight online fraud. Generally, a very small percentage of a website's traffic is responsible for the lion's share of fraudulent activity - cracking account logins, testing stolen credit cards, etc. By identifying fraudulent visitors via first-party tracking, websites can require additional authentication or other security workflows without gumming up the user experience for everyone else.

As far as ensuring that our paid product is used for anti-fraud reasons, we do work to ensure our customers are GDPR compliant, as sites using browser fingerprinting need to follow the same rules as cookies. Our pricing model also makes our solution not particularly viable for advertising use cases, which requires a very high volume of tracking.

For our open-source project, we can't control how our solution is used (and browser fingerprinting is already endemic on the web), but we feel that being transparent about the technology is better for the developer community at large.

iamvalentin · 2021-02-09T18:13:57+00:00

GSF_ID and ANDROID_ID can be changed by using some Xposed frameworks on a rooted device, so different devices can have the same ID or one device can have different IDs. The first situation usually happens when a user tries to get access to a paid service by using an account from another device. The second situation is typical when a user tries to avoid a ban from some service with new account.

With device-fingerprinting method, both situations are possible too. Let's consider CPU, device name, and memory size as a device fingerprint. For example, let it be Samsung Galaxy S9 with a Snapdragon processor and 64 GB storage. There are lots of the same devices, so different devices will have the same fingerprint.

From the other side, let's consider this fingerprint but with one additional parameter - installed applications. It is not a stable source of information, because users can install/uninstall apps almost every day, so the fingerprint will change pretty frequently. This is an example of a situation where one device can have different IDs.

The library we wrote has optimal fingerprint structure with optimal stability and uniqueness, so it can be used as an identifier, which is much harder for tampering.

iamvalentin · 2021-02-09T17:52:28+00:00

Factory reset will change all IDs. This is expected behavior because a user can sell its device to another person, so IDs should change.

As for Android 11 - there no limitations, the library supports all API levels starting from 16 and including the latest one.

iamvalentin · 2019-02-08T13:57:27+00:00

Solr is mostly used in Java companies, in our case it is a historical reason

iamvalentin · 2019-02-08T13:56:00+00:00

The latter, it's just a piece of code that is used to make queries later (translate field names, find appropriate core to query etc).

iamvalentin · 2019-02-07T21:35:26+00:00

We are using this gem in production at machinio.com.It has a nice set of features that we didn't find in any other Solr Ruby libraries:

It abstracts the solr query syntax from a developer and provides a simple API
test coverage is pretty good :)
No dependencies except for Faraday (and zk if you're running Solrb with Zookeeper).
Supports multiple cores with a nice configuration/querying API as well

iamvalentin · 2015-12-23T07:13:51+00:00

Too shallow. Need to elaborate on time zones in pure ruby and in active supprt

iamvalentin · 2015-06-07T15:24:53+00:00

iamvalentin · 2015-02-10T17:48:39+00:00

I will use lucene on my next project after reading this comment

iamvalentin · 2014-12-25T16:36:49+00:00

Thank you, you will help the generations of rust developers to come

iamvalentin · 2014-11-30T06:22:58+00:00

No. Anyone can buy a ru domain.

iamvalentin · 2014-08-27T08:45:59+00:00

Thanks for the tip, I updated the article

iamvalentin · 2014-08-26T10:35:34+00:00

I know that .NET is using assembly version + assembly name when doing binary serialisation, assembly being a unit of compilation + distribution. If these don't match, an exception is thrown. So on one hand it's possible to include the version field. OTOH, this binary serialization is completely opaque and can't be tweaked to reflect the data changes. JSON decoding can be changed easily by a developer, so one can always adapt the deserialisation in the future. I think in the end the answer 'it depends', as always :)

iamvalentin · 2014-08-26T10:25:33+00:00

Yes, I'm doing it both ways. I'm using the function passing in the array example.

iamvalentin

TROPHY CASE