From: Yuchen Guo <yguo@posteo.net>
To: Michael McMahon <michael@fsf.org>
Cc: libreplanet-discuss@libreplanet.org
Subject: Re: Malicious CSS
Date: Fri, 13 Oct 2023 21:25:17 +0000 [thread overview]
Message-ID: <871qdymczm.fsf@lan> (raw)
In-Reply-To: <04ea986b-61d5-48c6-9a61-3a93a75c49f9@fsf.org> (Michael McMahon's message of "Fri, 13 Oct 2023 14:23:23 -0400")
Michael McMahon <michael@fsf.org> writes:
> Do you know if the CSS on this page is intentionally malicious or are
> the system requirements for the visuals greater than these old
> machines?
I think that depends on whether we share the same definition for the
phrase "intentionally malicious".
Perhaps the website author did not intend anyone viewing their page. In
that case, it would be safe to assume it was not intentional. I found
the link while viewing AUTHORS file from a popular piece of Free
Software, namely Xournal++.
About "maliciousness". When an unsuspecting user visits the page,
http://cryptobitch.de/
with a web browser which understands CSS, their computer will be
occupied with rendering the animation, that even moving the mouse cursor
is difficult. All with JS disabled. For reference, I am using a
reasonably specced Kaby Lake laptop computer from the year 2017.
> An example of malicious CSS would be using complex queries to
> fingerprint users that did not want to be fingerprinted. Examples of
> this can be found at the CSS tracking [1] page.
>
> [1] https://csstracking.dev/
This is certainly eye-opening. Thanks for the link.
> but it essentially breaks the Internet when you do not view media
> files or CSS.
This is debatable. The term "Internet" encompasses many different kind
of technologies. Also, on many occasions I found websites "unbreaked"
when viewed in Emacs Web Wowser or W3M. A design with small fonts, or
huge Cookie banners, for example.
Thanks.
_______________________________________________
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
next prev parent reply other threads:[~2023-10-13 22:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-12 21:18 Malicious CSS Yuchen Guo
2023-10-13 18:23 ` Michael McMahon
2023-10-13 21:25 ` Yuchen Guo [this message]
[not found] <mailman.81.1697212834.15439.libreplanet-discuss@libreplanet.org>
2023-10-13 22:08 ` Laurent Lyaudet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871qdymczm.fsf@lan \
--to=yguo@posteo.net \
--cc=libreplanet-discuss@libreplanet.org \
--cc=michael@fsf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).