Abraxas is now trying to extract information about your computer using HTML5 Canvas Image Data. As others have already stated, DON'T USE ABRAXAS!

Here's an image screenshot:

https://img.bi/#/dSF4sEH!b7J4wAPxyRvA_PvkjQX4cGcwdeMmOgpFJpYAE7L9

EDIT:

I want to apologize because this is a FALSE ALARM. As others have stated, the browser does automatically when you inspect an Image element. The same happened to me on BlackBank and Nucleus. It's not the market trying to get any information. I saw the popup notification and freaked out. It is my fault and this is a false alarm. I'm an idiot. I'm sorry to any damage I might have done to the community and the Abraxas marketplace.

Let this be a reminder to keep your JavaScript turned off by using the NoScript tool in the top left of your browser. Thank you.


Comments


[40 Points] youarefuckedanyways:

top left corner. your javascript is enabled. that can be used to track your IP address or extract info from your computer that can uniquely identify you.

you should turn that off. with it, you are fucked regardless of the HTML5 canvas attack


[11 Points] sapiophile:

> worried about side-channel anonymity compromises in the browser

> uses an image host that requires JavaScript to view the image

smh


[9 Points] anoyli:

If anyone was wondering what kind of information could get extracted:

After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today. Initial studies show that the Canvas can provide an easy-access fingerprinting target: The adversary simply renders WebGL, font, and named color data to a Canvas element, extracts the image buffer, and computes a hash of that image data. Subtle differences in the video card, font packs, and even font and graphics library versions allow the adversary to produce a stable, simple, high-entropy fingerprint of a computer. In fact, the hash of the rendered image can be used almost identically to a tracking cookie by the web server.

http://tor.stackexchange.com/questions/3283/html5-canvas-security-flaw/3288#3288


[10 Points] 19216815:

Hey guise, making new dnm. I'm only 14 but I'm super at coding. It will cover all the best in infosec and opsec. Clearnet IP leaks, mandatory javascripts, html5 canvas image data, awesome sql vulns. We are going to call it PoohBear's Hunny Pot.


[6 Points] theseeker01:

Dear god I keep saying don't use this site.

Don't even make an account or look at the site if you don't want to potentially ruin your opsec.

It's a train wreck of code


[6 Points] None:

[deleted]


[5 Points] r-isomer:

I guess what the community really needs is "stumbling in the dark" type opsec for buyers. I work in IT and I still worry constantly about any little fuckup. Don't worry, I'm not paranoid the feds will kick in my door for that gram of MDMA that I got burned on during the evo exit hotmessness. But something like what we sysadmins might call a SHV (pronounced shiv so we can sound tough like we were in jail and gonna shank someone who owed us a cigarette for a handjob), a system health validator. It could make sure you're coming from an obfuscated IP address, don't have jscript enabled,etc, or you don't get your ticket to get into the park. I know it's just a dream, and if you typed in # cat /root/.bash_history into most DNMs you'd probably see chmod777 at some point just to get it up and running, but it seems like too many people are making easy mistakes lately.

Just a dream. You can't foolproof a theme park for fools.

I sure am damn glad we have DNMs though.


[1 Points] None:

[deleted]


[1 Points] ___xXx___:

I want it to be known that I'm an idiot. As others have mentioned in this thread, this seems to be something that the browser does automatically when you inspect an Image element. I saw the popup notification and freaked out. It is my fault and this is a false alarm. I'm sorry to any damage I might have done to the Abraxas marketplace.


[0 Points] someDdudde:

Fck my elter, nucleus does it as well... https://img.bi/#/NBvzMjE!6sE53gdFKYFQJTjfJgL9iN0Q_9RyZQCJ_9gwddN4