Most of the surveillance stories we’ve looked at here lately have involved things you can at least see when you walk past them: cameras at the gate, sensors on the shelf, a label adjusting a price as you move through space.
The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:
Google said it does not consider browser fingerprinting to be a security vulnerability.
Apple described the attack as “currently out of scope,” with possible mitigations in the future.
Mozilla acknowledged the findings but has not implemented any fix.
In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”.
This isn’t entirely true. Apple and Google said “piss off”, but Firefox acknowledged the issue, but don’t yet have a solution, which doesn’t mean they aren’t working on one. It is bad, though, that they haven’t come up with something during the responsible disclosure timeline.
This isn’t entirely true. Apple and Google said “piss off”, but Firefox acknowledged the issue, but don’t yet have a solution, which doesn’t mean they aren’t working on one. It is bad, though, that they haven’t come up with something during the responsible disclosure timeline.