Ooh that's kinda evil. A server could give a client a uniquely identifying ETag ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		doomrobo on Nov 30, 2022 \| parent \| context \| favorite \| on: Using a date-modified header to detect unique visi... Ooh that's kinda evil. A server could give a client a uniquely identifying ETag for a given URL. So whenever the client comes back on the same browser, they're identified. Fortunately this is probably just as detectable as the Last-Modified abuse in the post.

bawolff on Nov 30, 2022 [–]

There are a lot of things like that. Although browsers changed it recently, you also used to be able to use TLS session tickets.

Another one was the favicon cache.

Pretty much any state on the browser can be used to track people.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact