It’s javascript, so unless Signalapp takes special defensive actions, anything in javascript is possible. E.g. Google could get your internal LAN IP address even if you proxy your traffic through Tor – which can then be used as part of the fingerprint. Visit wtfismyip.com to see how that works.
How useful is an internal Lan IP? I’d imagine for most people it’s just 192.168.something or 10.something. Though if you’re on IPv6 is it just the same was your public IP?
I choose a quite obscure LAN IP so it’s less trivial for someone who gets past the firewall to target a host. There are thousands of LAN subnets, so once you divide a non-unique fingerprint into thousands, it’s quite trivial to identify unique hosts, particularly if the traffic to a particular site is not in the thousands.
Even running a browser add-on/extension is sufficient to alter a fingerprint to be more unique.
Apparently it forces you to use reCaptcha. I wonder if it’s possible for the reCaptcha code to access user data.
It’s javascript, so unless Signalapp takes special defensive actions, anything in javascript is possible. E.g. Google could get your internal LAN IP address even if you proxy your traffic through Tor – which can then be used as part of the fingerprint. Visit wtfismyip.com to see how that works.
How useful is an internal Lan IP? I’d imagine for most people it’s just 192.168.something or 10.something. Though if you’re on IPv6 is it just the same was your public IP?
I choose a quite obscure LAN IP so it’s less trivial for someone who gets past the firewall to target a host. There are thousands of LAN subnets, so once you divide a non-unique fingerprint into thousands, it’s quite trivial to identify unique hosts, particularly if the traffic to a particular site is not in the thousands.
Even running a browser add-on/extension is sufficient to alter a fingerprint to be more unique.