undefined | Better HN

0 pointsPhilipRoman2y ago0 comments

Indeed, the scary thing is that there is no theoretical limit to how sophisticated a side channel attack could be. Imagine all the timing data that could in theory be gathered from html layout engines and css, even without javascript, just by resource loading times.

I would like to salute my shitty ISP for keeping me safe from timing attacks using their unreliable network infrastructure.

0 comments

robin_reala2y ago

This attack is now why browsers segment caching into a combination of requesting domain and asset URL, rather than just caching the asset on its own. It slows down for example Google Fonts, but means that a site can’t check to see that you’ve visited a competitor by timing an asset load from their site to see whether it’s in the cache.

j / k navigate · click thread line to collapse

0 comments

robin_reala2y ago

j / k navigate · click thread line to collapse