Hacker News new | past | comments | ask | show | jobs | submit login

Just marvel at how much data/metadata they get from that little trick when multiplied by millions users.



I just realized, they (or a government mandate) could force a redirect under specific circumstances to a site under google.com, and if they're using the browser engine for the request, they'd get the cookies of that user as soon as they get on the internet. Maybe even trigger an exploit in the browser.

This is the most fantastic way to target and exploit any single Android user anywhere in the world that I've ever heard of. Automatic, hard to avoid, easy to implement, and the user has no idea.


> could force a redirect under specific circumstances to a site under google.com, and if they're using the browser engine for the request, they'd get the cookies of that user as soon as they get on the internet

At first, I thought this can't be true because, surely, Google marks its cookies as HTTPS-only, right? So I checked, and turns out about half the cookies google.com has in my browser are not HTTPS-only. In fact, the HTTPS-only cookies it does have seem to be the same set of cookies, just with a '__Secure-' prefix. Similarly, about half (different set) of the cookies JS accessible.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: