Most of the surveillance stories we’ve looked at here lately have involved things you can at least see when you walk past them: cameras at the gate, sensors on the shelf, a label adjusting a price as you move through space.
The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:
Google said it does not consider browser fingerprinting to be a security vulnerability.
Apple described the attack as “currently out of scope,” with possible mitigations in the future.
Mozilla acknowledged the findings but has not implemented any fix.
In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”.
Fingerprinting is treated as a known cost of doing business on the modern web, and a side channel that leaks tab and application data through a storage API is, apparently, not a fire worth putting out.
Google said it does not consider browser fingerprinting to be a security vulnerability.
Apple described the attack as “currently out of scope,” with possible mitigations in the future.
Mozilla acknowledged the findings but has not implemented any fix.
In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”.
Fingerprinting is treated as a known cost of doing business on the modern web, and a side channel that leaks tab and application data through a storage API is, apparently, not a fire worth putting out.