Can I use a timing attack to determine if my script has been seen before as a fi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

kodablah on April 24, 2018 | parent | context | favorite | on: Improved code caching

Can I use a timing attack to determine if my script has been seen before as a fingerprint measurement? Meaning, is there a way via timing checks to determine whether this is a cache hit which could tell me something about the user? Or is it per domain and effectively like storing a bool in local storage?

hashseed on April 24, 2018 [–]

You were already able to do this by loading any other kind of cached resource.

kodablah on April 24, 2018 | [–]

While true, I was under the impression that there wasn't a cross-domain cache that wasn't opt-in. Again, though, maybe this is per-domain so it's moot.

londons_explore on April 26, 2018 | | [–]

Simple cross domain <IMG> tags can have their load time measured..

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact