April 25th, 2016
On April 1st, I spoke at the very first Fronteers Spring Conference. The theme of the whole conference was performance. For my presentation, I decided to try something a little bit different: instead of talking about techniques that lead to better client-side performance, I focused on security-sensitive situations in which performance can actually be a bug rather than a feature.
View the slides here:
Check out the video below.
The Q&A session after the talk was recorded as well.
To me, this stuff is extremely interesting on a technical level. It’s also a little scary, however, to realize that malicious actors can use these techniques to invade your privacy while you’re browsing the web, without you ever knowing. Embedded third-party advertisements could be running timing attacks in the background, leaking pieces of private info (such as age, gender, location), which in turn enables them to serve you more targeted advertisements, fingerprint and track you across the web, or even de-anonymize you completely.
The sad news is that, as a web developer, there’s no obvious way to prevent this type of attack. End users should consider using a content blocker (not just an ad blocker) in their browser.