Ability to selectively enable/disable device fingerprintng API of Media on each website
Otoa Kiyori
This is a request for a viewer Security featue (I could not find other requests about this...)
I would like to request a new viewer option to selectively allow device fingerprinting by web sites through Media, based on url keyword matchs (i.e. *.google.com would allow "google.com" and all it's subdomains) so individual resident may choose to allow or disallow device fingerprinting or at least warn about potential indentity leakage when media is about to be used to show new website, and allow the resident to reject the access
---
I accessed https://browserleaks.com from Media on a prim, and was able to see sepecifc information about my computer. I switched my login with an alt, and also could see the exact information. Next, I used VPN to see if the information would change, but it also did not change anything
This means regardsless of the account or IP address used, the web sites on MOAP are able to capture specific unique information about my computer through the viewers.
This would allow data collectors to capture device fingerprints of residents' computers just by placing an LSL object near them when the residents' media option is turned on. And finally, it also means that the data collectors can easily tie mutiple SL accounts operated on same computers
I understand that Google and various other sites use this information for security (so new login from different fingerprint must to go through extra layer of authentication), and this might also be used for page rendering (i.e. streaming sites such as YouTube), so simply disabling fingerprint API would break many working media contents in-world...
Since capturing screeen size by LSL function and some of the CEF's cookie was intentionally disabled to disallow fingerprintng by in-world data collectors for same safety consern, I would like to request this. I am guessing this is very poweful and accurate data collection
I was unfortunately able to succeed to capture my computers fingerprints via LSL script and MOAP face in an experimets:
Showing my signatures on MOAP:
POC of data collection on LSL object in isolated private region:
Log In
Otoa Kiyori
Supplying this part. For security reasons, I think Linden should have the fingerprints (since they protect identity uniqueness from residents already), so that banned users would have no chance to use alts with new email addresses etc. to create more accounts to do bannable actions repeatedly. They would only be able to do this with new hardware
Paige Addams
Otoa, this sounds like a good idea to me. Thanks for the post.