Starting in version 1.54, [the browser] Brave will automatically block website port scanning, a practice that a surprisingly large number of sites were found engaging in a few years ago. According to this list compiled in 2021 by a researcher who goes by the handle G666g1e, 744 websites scanned visitors’ ports, most or all without providing notice or seeking permission in advance. eBay, Chick-fil-A, Best Buy, Kroger, and Macy’s were among the offending websites.

this raises my antennae way up but i have to admit, although being probed makes my skin crawl, i don’t actually understand what bad actors can do. it seems bad but that could be fud.

more distressing is the wall of shame; if even slightly true, this is hideous. typing just obvious things i know from just one screenful of a 700±line document: state farm, lending tree, citibank, glassdoor, iberia. for some reason financial firms are heavily represented here.

anyone have any knowledge in this domain? and if it’s an actual problem, what’s the best way to put a ring around it? the actor is inside your browser, so the usual firewall tricks don’t apply.

  • hoshikarakitaridia
    link
    fedilink
    English
    141 year ago

    I don’t actually know what bad actors can do.

    Well, you’re not gonna like this but every pentesting / vulnerability scan starts with a port scan. It’s really there to probe a PC for anything interesting. Although it’s not strictly illegal because you’re just kindly asking a PC to handover any meta information on what is currently running on the PC exposed to the internet, the trajectory is clear and in the contrast the goal is opaque which makes it shady af.

    • Trebach
      link
      fedilink
      81 year ago

      it’s not strictly illegal

      You’re not gonna like this but the Computer Fraud and Abuse Act in the US is so ridiculously broad that damn near anything that you do to/in a network that the owner doesn’t permit could be illegal.

      • @[email protected]
        link
        fedilink
        21 year ago

        A law is only as good as it’s enforcement. Combine this with the major questions doctrine infecting our courts any “broad” law can be ignored by the courts on whimsy.

          • @[email protected]
            link
            fedilink
            11 year ago

            I’m not talking about myself, I’m talking about major corporations that do whatever they please (in the US) and the rest of us just have to deal with.

    • @TheInsane42
      link
      English
      61 year ago

      A portscan from the outside, I can dig that (still don’t like it), but sneaking one inside your network via a legit webpage (when you see ebay as legit at least) that’s bad.