The bbc news home page is directing some users to download and run some javascript from a data collection company. This collects many hardware and device identifiers, as their privacy policy acknowledges. They also run the code below. I suspect it is an attempt to identify individual computers between different web sites. If it was this could be a breach of the GDPR (note the legal issues are the subject of this question on law.SE).
Is it possible to say what the purpose of this code is? Could the result be can be used, either directly or indirectly with different pieces of information collected together, for the identification of a particular person? Note this somewhat convoluted description is based on the EU definition of personal data.
t || (r = (new Date).getTime(), o = "undefined" != typeof performance && performance.now && 1e3 * performance.now() || 0, t = "xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g, (function(e) {
var n = 16 * Math.random();
return r > 0 ? (n = (r + n) % 16 | 0, r = Math.floor(r / 16)) : (n = (o + n) % 16 | 0, o = Math.floor(o / 16)), ("x" === e ? n : 3 & n | 8).toString(16)
})));
var a = new Date((new Date).getTime() + 33696e6);
b(n, y, t, a), e[0]["cs_fpcu"] = t
I am very far from an expert in either performance or security, but a quick glance at this code made me thing this is trying to do performance monitoring. These are the features that made me think that:
performance.now() - The performance.now() method returns a high resolution timestamp in milliseconds.
(new Date).getTime() - Is another way of measuring the time taken to run some code
"xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g - This is doing a pointless regex that seems like it will run differently on different platforms. This will produce the same result each time it runs I think.
Math.random with then Math.floor then toString run on the result - This is doing pointless meths that seems like it will run differently on different platforms
Added together these seem like the sort of thing I woudl do to try and tell is the same computer visits multiple sites I monitored.
r
is the number of seconds since the epoch,o
is the number of second since the tab was opened (or 0 isperformance
is not of typePerformance
orperformance.now
doesn't exist) andt
will be a random hex-looking string. Each nibble of firstr
and theno
(low nibbles first) is added to a random nibble and converted to hex for each x in the string and converted to hex but setting its two highest bit to 10 for each y. All other chars are left as is. This is...