Ask HN: Is fingerprint.com reading your forename?

Dear HN,<p>regarding the recent fingerprint discussions, I had look on fingerprint.com client-side javascript and found something I didn&#x27;t know. Maybe you can comment. I did not find this in their public repo on github.<p>Its javascript seems to store a list of common forenames. Based on location &quot;en-us&quot;, &quot;en-gb&quot;, or russian, it picks a list of common forenames:<p><pre><code> us: [&quot;james&quot;, &quot;mary&quot;, &quot;john&quot;, &quot;patricia&quot;, &quot;robert&quot;, &quot;jennifer&quot;, &quot;michael&quot;, &quot;linda&quot;, &quot;william&quot;, &quot;elizabeth&quot;, &quot;david&quot;, &quot;barbara&quot;, &quot;richard&quot;, &quot;susan&quot;, &quot;joseph&quot;, &quot;jessica&quot;, &quot;thomas&quot;, &quot;sarah&quot;, &quot;charles&quot;, &quot;karen&quot;, &quot;christopher&quot;, &quot;nancy&quot;, &quot;daniel&quot;, &quot;lisa&quot;, &quot;matthew&quot;, &quot;margaret&quot;, &quot;anthony&quot;, &quot;betty&quot;, &quot;donald&quot;, &quot;sandra&quot;], gb: [&quot;oliver&quot;, &quot;george&quot;, &quot;noah&quot;, &quot;arthur&quot;, &quot;harry&quot;, &quot;leo&quot;, &quot;muhammad&quot;, &quot;jack&quot;, &quot;charlie&quot;, &quot;oscar&quot;, &quot;jacob&quot;, &quot;henry&quot;, &quot;thomas&quot;, &quot;joshua&quot;, &quot;william&quot;, &quot;olivia&quot;, &quot;amelia&quot;, &quot;isla&quot;, &quot;ava&quot;, &quot;mia&quot;, &quot;isabella&quot;, &quot;sophia&quot;, &quot;grace&quot;, &quot;lily&quot;, &quot;freya&quot;, &quot;emily&quot;, &quot;ivy&quot;, &quot;ella&quot;, &quot;rosie&quot;, &quot;charlotte&quot;], ru: [&quot;aleksandr&quot;, &quot;sergej&quot;, &quot;vladimir&quot;, &quot;elena&quot;, &quot;tatana&quot;, &quot;andrej&quot;, &quot;aleksej&quot;, &quot;olga&quot;, &quot;nikolaj&quot;, &quot;natala&quot;, &quot;anna&quot;, &quot;ivan&quot;, &quot;dmitrij&quot;, &quot;irina&quot;, &quot;maria&quot;, &quot;mihail&quot;, &quot;svetlana&quot;, &quot;ekaterina&quot;, &quot;evgenij&quot;, &quot;viktor&quot;, &quot;anastasia&quot;, &quot;urij&quot;, &quot;ulia&quot;, &quot;valentin&quot;, &quot;roman&quot;, &quot;igor&quot;, &quot;anatolij&quot;, &quot;oleg&quot;, &quot;pavel&quot;, &quot;maksim&quot;] </code></pre> Using this names, it builds a WEBRTC-request like this:<p>sdp: &quot;v=0\r\no=mozilla...THIS_IS_SDPARTA-99.0 5217214617606885133 0 IN IP4 0.0.0.0\r\ns=-\r\nt=0 0\r\na=fingerprint:sha-256 79:15:54:8B:C7:71:71:D7:C4:D7:4C:A9:34:82:E2:EF:B4:58:9F:AE:BC:AC:91:2D:9A:B0:37:FC:23:AC:34:21\r\na=group:BUNDLE 0\r\na=ice-options:trickle\r\na=msid-semantic:WMS *\r\nm=application 9 UDP&#x2F;DTLS&#x2F;SCTP webrtc-datachannel\r\nc=IN IP4 0.0.0.0\r\nb=AS:30\r\na=candidate:0 1 udp 2113937151 iphone.local 50003 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 iphone-2.local 50004 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 jamess-iphone.local 50005 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 marys-iphone.local 50006 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 johns-iphone.local 50007 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 patricias-iphone.local 50008 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 roberts-iphone.local 50009 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 jennifers-iphone.local 50010 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 michaels-iphone.local 50011 typ host generation 0 ufrag ABCD network-cost 999\r\na=candidate:0 1 udp 2113937151 lindas-iphone.local 50012 typ host gene....<p>Researching some more it seems these .local domains are registered by apple devices on your local router. Depending on the phones name, it will register such a domain. You can ping it using the ping command, e.g. ping iphone.local<p>Is it now, that fingerprint.com is probing for these domains, and is in case of success, finding your device name and possibly your forname?<p>Sounds nasty to me. Any WEBRTC expert could comment?