Pakukurukura
Iyo X-Client-Data musoro haina kuvanzwa mashandiro uye maitiro ayo ndeaya
Header
Musoro wacho unonzi hauna ruzivo rwemunhu uye unongotsanangura mamiriro ekuisa Chrome uye anoshanda ekuyedza maficha. Kana bhurawuza yekushandisa telemetry uye kurongeka kwekuzivisa kwakavharwa muzvirongwa, kugadzira iyo base X-Client-Data musoro kukosha inoshandisa chete 13 bits ye entropy (8000 misanganiswa yakasiyana), iyo isina kukwana kuti izivikanwe.
Tichifunga kuti musoro unoisawo mamwe masisitimu ehurongwa uye ma parameter, pakupedzisira zviri mukati meX-Client-Data zvakanyatsokodzera seimwe sosi yedata yekuzivikanwa kwemushandisi asina kunanga munguva pfupi (yekuyedza masimba anogoneswa uye akaremara nekufamba kwenguva, izvo zvinotungamira kune nguva nenguva shanduko yekukosha muX-Client-Data).
Nekudaro, mukuwedzera kune yekutanga entropy, kana uchigadzira iyo X-Client-Data kukosha, kune zvakare kutevedzana kwembeu yakadzoserwa nemaseva eGoogle uye zvichienderana nenyika, IP kero uye mamwe maitiro ayo Google anoona akakosha (semuenzaniso, hapana chinodzivirira. iwe kubva pakudzorera yakakura isina kutevedzana inoteedzana, inova iyo chaiyo identifier).
Pamusoro pezvo, kutarisa uchishandisa Google domain masks paunenge uchitumira X-Client-Data haisanganisi mamiriro ezvinhu apo munhu anorwisa anogona kunyoresa domain se "youtube.xn--55qx5d" uye otanga kuunganidza zviziviso.
Source: opennet.ru