Say, I am using YouTube, Quora, etc.
Can they detect my IP address if I use VPN?
In what ways site administrators can detect incoming CSRF attacks? Is it possible or not?
I’m wondering whether git commit metadata can shred light on potential risk signals or vulnerabilities.
Henry Hinnefeld has investigated this, here but this seems to be a way of detecting vulnerabilities which already have been spotted by other developers.
Can anyone think how metadata alone can detect vulnerabilities that have never been found before?
How can I know if a pc has a backdoor in bios, and how to know if there is an hardware malicious impairment?
Blindsight is described as using your other senses to detect your surroundings. Now, if someone invisible walked into my blindsight zone, would I be able to detect him, because he is only hidden from sight?
If JS is turned off even in vanilla Firefox, and I apply modifications to the DOM (like CSS mods, zooming in etc.) after the website has finished loading, I can’t see how a website or ISP could detect what the user is doing in the DOM.
I know if you, for example, hide an element in CSS before it is fully loaded (such as the sidebar), the browser may skip downloading resources (such as icons) associated with the element. This would distinguish your web traffic patterns from other users. That’s why I wait till the page is fully loaded. I’m also careful to not trigger CSS media queries which can be set up to connect to a remote URL if triggered (or remove them first if they will be triggered).
I think the above should be enough to avoid distinguishing myself by my web traffic. Do you see any way I could be distinguished with only CSS & HTML?
Can someone with non-detection be picked up with Detect magic? It seems to me that detect magic will sense a magical aura (perhaps abjuration) since it does not target the creature.
Also, I see nowhere that states that Detect Magic is a scrying sensor.