More accurately, researchers have discovered side-channel attacks that make an old attack effective again.
The actual "unmasking" technique here is actually not new at all. What is new is the ML-based side-channel that leaks whether images or other protected resources are successfully loaded.
Alternatively, wouldn't you be able to hobble this by just disabling JavaScript?
(Side thought: Remember all those "Flash is bad! Flash is insecure! Flash is malware!" arguments? JavaScript is demonstrably just as bad, maybe even worse, as evidenced by this and literally thousands of other possible attacks it enables...)
4 comments
[ 3.2 ms ] story [ 20.2 ms ] threadMore accurately, researchers have discovered side-channel attacks that make an old attack effective again.
The actual "unmasking" technique here is actually not new at all. What is new is the ML-based side-channel that leaks whether images or other protected resources are successfully loaded.
https://blog.mozilla.org/en/products/firefox/firefox-rolls-o...
Alternatively, wouldn't you be able to hobble this by just disabling JavaScript?
(Side thought: Remember all those "Flash is bad! Flash is insecure! Flash is malware!" arguments? JavaScript is demonstrably just as bad, maybe even worse, as evidenced by this and literally thousands of other possible attacks it enables...)