Tawagar masu bincike daga Mozilla, Jami'ar Iowa da Jami'ar California sakamakon nazarin amfani da lamba akan gidajen yanar gizo don ɓoye bayanan mai amfani. Ƙoyayyun ganewa yana nufin ƙirƙirar masu ganowa dangane da bayanan kai tsaye game da aikin mai binciken, kamar su. , jerin nau'ikan MIME masu goyan baya, takamaiman sigogi a cikin rubutun kai ( и ), nazarin shigar , samuwan wasu APIs na Yanar Gizo, musamman ga katunan bidiyo yin amfani da WebGL da , da CSS, , tashar jiragen ruwa na cibiyar sadarwa, nazarin fasali na aiki tare da и .
Wani binciken da aka yi na shahararrun shafuka dubu 100 bisa ga ƙimar Alexa ya nuna cewa 9040 daga cikinsu (10.18%) suna amfani da lambar don gano baƙi a asirce. Haka kuma, idan muka yi la'akari da dubu mafi mashahuri shafukan, da irin wannan code da aka gano a cikin 30.60% na lokuta (266 shafukan), da kuma a cikin 24.45% na lokuta (shafukan 2010). . Ana amfani da ɓoye ɓoye a cikin rubutun da sabis na waje ke bayarwa don da kuma tantance bots, da kuma hanyoyin sadarwar talla da tsarin bin diddigin motsin mai amfani.
Don gano lambar da ke aiwatar da ɓoyewa, an ƙirƙiri kayan aiki , wanda code ƙarƙashin lasisin MIT. Kayan aikin yana amfani da dabarun koyan inji a haɗe tare da tsayayyen bincike mai ƙarfi na lambar JavaScript. An yi iƙirarin cewa yin amfani da na'ura koyan na'ura ya ƙara haɓaka daidaiton gano lambar don ɓoyewa da gano rubutun matsala 26%.
idan aka kwatanta da ƙayyadaddun kayan aikin heuristic da hannu.
Yawancin rubutun da aka gano ba a haɗa su cikin jerin toshewa na yau da kullun ba. , ,DuckDuckGo, и .
Bayan aiko Masu haɓaka jerin toshewar EasyPrivacy sune wani sashe daban don ɓoyayyun rubutun tantancewa. Bugu da kari, FP-Inspector ya ba mu damar gano wasu sabbin hanyoyin yin amfani da API ɗin Yanar Gizo don ganowa waɗanda ba a taɓa cin karo da su a aikace ba.
Misali, an gano cewa bayanai game da shimfidar madannai (getLayoutMap), an yi amfani da sauran bayanan da ke cikin cache don gano bayanai (ta yin amfani da API ɗin Performance, ana nazarin jinkirin isar da bayanai, wanda ke ba da damar tantance ko mai amfani ya sami dama ga wani yanki ko a'a, da kuma ko an buɗe shafin a baya), an saita izini a cikin mai binciken (bayani game da samun damar Faɗakarwa, Geolocation da API Kamara), kasancewar na'urori na musamman da na'urori masu auna firikwensin (gamepads, kwalkwali na gaskiya, kama-da-wane), firikwensin kusanci). Bugu da ƙari, lokacin gano gaban APIs na musamman don wasu masu bincike da bambance-bambance a cikin halayen API (AudioWorklet, setTimeout, mozRTCSessionDescription), da kuma amfani da AudioContext API don ƙayyade fasalin tsarin sauti, an rubuta shi.
Har ila yau, binciken ya yi nazari kan batun rushe daidaitattun ayyuka na shafukan yanar gizo a cikin yanayin amfani da hanyoyin kariya daga ɓoyewar ganewa, wanda ke haifar da toshe buƙatun hanyar sadarwa ko hana damar shiga API. Zaɓin taƙaita API ɗin zuwa rubutun da FP-Inspector ya gano kawai an nuna yana haifar da ƙarancin rushewa fiye da Brave da Tor Browser ta amfani da ƙarin tsauraran ƙuntatawa gabaɗaya akan kiran API, mai yuwuwar haifar da zubewar bayanai.
source: budenet.ru