The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information.

PopBobert@lemmy.world · 1 year ago

The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information.

WhoRoger@lemmy.world · 1 year ago

So I have two questions, first how does a browser stop websites from scanning open ports and second WHY THE FUCK DO WEB SITES SCAN OPEN PORTS

demonsword@lemmy.world · edit-2 1 year ago

if you use firefox you can use this addon
fingerprinting (i.e. tracking you), even if you delete cookies etc

bionicjoey@lemmy.ca · 1 year ago

Incompatible with Firefox on Android 😔

perviouslyiner@lemmy.world · edit-2 1 year ago

In the case of ebay at least, the normal ublock origin seems to prevent this (maybe just incidental that it blocked the loading of the port scanning script?)

Open “web developer tools”, “network” tab and browse to ebay - if uBlock Origin is turned off, after a few seconds you start to see lots of websocket connections as is shown in the article here. With uBlock Origin enabled, I’m not seeing those.

EDIT: Raymond confirms this ^[reddit ^link] and asks for some ideas on how to specifically block malicious connections to localhost

Gresham Law/TheyThem@lemmygrad.ml · edit-2 1 year ago

Removed by mod

WhoRoger@lemmy.world · 1 year ago

But re 1) I’m so confused, how does the browser have access to such information, never mind an addon?

I get that browsers can do way more than tcp port 80 these days, but I didn’t know it can do so much, man.

Or is that sniffing so closely related to the web site itself, i.e. is the actual web server doing it? I would expect that if someone would want to snoop on my network, they’d be using something else than a web server.

Guess I need an eli10 for modern browsers.

perviouslyiner@lemmy.world · 1 year ago

The screenshot in the article shows Websocket connections from the browser, which I think is the only non-HTTP connection that web pages can make?

Websockets always seemed a confusing technology, as they just kinda ignore the same origin policy that has been a fundamental part of JavaScript security since JavaScript’s creation!

WhoRoger@lemmy.world · 1 year ago

Yea I’ve always been weirded out by it. Thx

jimmyjazx@kbin.social · 1 year ago

https://blog.nem.ec/2020/05/24/ebay-port-scanning/ this explains it pretty well, but not eli10

demonsword@lemmy.world · 1 year ago

There are legitimate reasons to scan/connect to ports at localhost, the article even lists some (e.g AVs)

WhoRoger@lemmy.world · 1 year ago

Hm, but browser addons?

I guess I’m mainly confused because the abilities of browser extensions have been so heavily eroded over time. Can’t make an extension to manage bookmarks anymore and lots of other things. So I’m surprised it could do such things.

Gresham Law/TheyThem@lemmygrad.ml · edit-2 1 year ago

Removed by mod

realz@lemmy.world · 1 year ago

What’s the legality of this?

The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information.

The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information.

Brave aims to curb practice of websites that port scan visitors