Tldr: Someone can guess reasonably where you are by sending you a glitched friend request notification on your phone that tells the hacker what data center you’re closest to.
It is pretty clever but I wouldn’t call it full deanonymizing, should still get patched though.
good find by the tester.
Edit: used the term ‘glitch’ for simplicity of people reading, didn’t mean to upset people; I’m just an amateur.
It’s a native friend request that you make through discord. The vulnerability lies in the attacker making a unique pfp for each request, forcing the CDN to cache the pfp at the closest data center to the user.
I would agree that it’s not fully deanonymizing but it could resurrect tracking Elon and other billionaires.
Tldr: Someone can guess reasonably where you are by sending you a glitched friend request notification on your phone that tells the hacker what data center you’re closest to.
It is pretty clever but I wouldn’t call it full deanonymizing, should still get patched though.
good find by the tester.
Edit: used the term ‘glitch’ for simplicity of people reading, didn’t mean to upset people; I’m just an amateur.
It’s not a glitched friend request notification.
It’s a native friend request that you make through discord. The vulnerability lies in the attacker making a unique pfp for each request, forcing the CDN to cache the pfp at the closest data center to the user.
I would agree that it’s not fully deanonymizing but it could resurrect tracking Elon and other billionaires.
Don’t we lnow wjere to shoot down their planes alreqdy? Or wait until they bribe washington officials?
I like how you see the positive in bad news 😃
It’s not even glitched, it’s working as intended
deleted by creator