I just read the paper and it isn’t 1GB, it’s system ram. So it has to create a file in your OPFS that’s closer to 32GB.
It can also only fingerprint the top 100 sites right now.
It will also noticably slow things down since it’s clearing your page cache 1000 times/sec which means you’re running almost entirely in swap/disk space.
Firefox is also the only one that limits OPFS size (10GB) so they need to create multiple files if you have more than 10GB or ram.
Unless I’m reading it wrong? Seems like it’s more of a “we can get your hardware to behave a certain way, even when sandboxed” thing than a “this is a very serious security vulnerability” thing?
I don’t see how it could become more efficient since the attack vector is basically just filling your ram and forcing your OS to clear the page cache.
Does mean it’ll be pretty easy to detect at least.
Though if I were using something like google maps I wouldn’t notice an extra 1GB.
I just read the paper and it isn’t 1GB, it’s system ram. So it has to create a file in your OPFS that’s closer to 32GB.
It can also only fingerprint the top 100 sites right now.
It will also noticably slow things down since it’s clearing your page cache 1000 times/sec which means you’re running almost entirely in swap/disk space.
Firefox is also the only one that limits OPFS size (10GB) so they need to create multiple files if you have more than 10GB or ram.
So it’s basically a non-issue unless it becomes far more efficient?
Unless I’m reading it wrong? Seems like it’s more of a “we can get your hardware to behave a certain way, even when sandboxed” thing than a “this is a very serious security vulnerability” thing?
I don’t see how it could become more efficient since the attack vector is basically just filling your ram and forcing your OS to clear the page cache.