Hacker News new | past | comments | ask | show | jobs | submit login

The title is misleading because they are not using DRM to generate a unique identifier like, for example, Netflix would use. Instead, it is using the type of DRM implementation for fingerprinting/bot detection. It's just a few more bits of unique entropy, along the lines of your screen size and user agent.

This might seem like a small difference, but reason activists hate DRM is that it enables service providers to go a step beyond traditional fingerprinting and gain a truly unique identifier.




Bot detection seems like one of the more defensible uses of fingerprinting, and it might become a casualty in this war. If automated bot detection becomes impractical, the consequences are pretty negative for users: frequent captchas, login walls, aggressive throttling, mandatory email/SMS validations, and reduced accessibility.

Some may suggest that web services should just give up on bot detection, open up all of their private APIs, and accept bots and third-party clients as facts of life. But this idealism is out of touch with the reality of running an expensive, large-scale web service and a customer-facing business.


It's not misleading, they check for DRM presence and that's bad enough.

> but reason activists hate DRM is that it enables service providers to go a step beyond traditional fingerprinting and gain a truly unique identifier.

The reason is that in some places on Earth you can be sentenced for violation of special computer laws prohibiting you to even look at such code and disclose what it does, you just run it and see what happens


> The reason is that in some places on Earth you can be sentenced for violation of special computer laws prohibiting you to even look at such code and disclose what it does, you just run it and see what happens

You couldn't in this case, no license object is served. It literally just asks the browser which systems it supports.


maybe this a silly question, but isn't that like most closed source code?


No. You can basically always decompile proprietary software and work out how it works. And even publish most of your findings. In some places like the US, if that code is DRM its now illegal to study (Under the DMCA specifically I think).


Is there a specific definition that makes something DRM?

Sounds like all software companies should add some trivial DRM only for the specific purpose of exposing people to legal risk if they attempt to reverse engineer their code.


Reverse engineering is generally legal. Reverse engineering DRM can potentially get you a lengthy jail sentence.


> Instead, it is using the type of DRM implementation for fingerprinting/bot detection.

Currently. Do we know that? Is that in their privacy policy? If it works well enough technically, will they use it for other things?


Is there a good way to spoof screen sizes and fonts?

... asking for a friend.


firefox/tor browser with resistfingerprinting.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: