1

The bbc news home page is directing some users to download and run some javascript from a data collection company. This collects many hardware and device identifiers, as their privacy policy acknowledges. They also run the code below. I suspect it is an attempt to identify individual computers between different web sites. If it was this could be a breach of the GDPR (note the legal issues are the subject of this question on law.SE).

Is it possible to say what the purpose of this code is? Could the result be can be used, either directly or indirectly with different pieces of information collected together, for the identification of a particular person? Note this somewhat convoluted description is based on the EU definition of personal data.

t || (r = (new Date).getTime(), o = "undefined" != typeof performance && performance.now && 1e3 * performance.now() || 0, t = "xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g, (function(e) {
    var n = 16 * Math.random();
    return r > 0 ? (n = (r + n) % 16 | 0, r = Math.floor(r / 16)) : (n = (o + n) % 16 | 0, o = Math.floor(o / 16)), ("x" === e ? n : 3 & n | 8).toString(16)
})));
var a = new Date((new Date).getTime() + 33696e6);
b(n, y, t, a), e[0]["cs_fpcu"] = t

I am very far from an expert in either performance or security, but a quick glance at this code made me thing this is trying to do performance monitoring. These are the features that made me think that:

performance.now() - The performance.now() method returns a high resolution timestamp in milliseconds.

(new Date).getTime() - Is another way of measuring the time taken to run some code

"xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g - This is doing a pointless regex that seems like it will run differently on different platforms. This will produce the same result each time it runs I think.

Math.random with then Math.floor then toString run on the result - This is doing pointless meths that seems like it will run differently on different platforms

Added together these seem like the sort of thing I woudl do to try and tell is the same computer visits multiple sites I monitored.

Improve this question
6
  • If you don’t mind me asking- what makes you think that it is trying to identify computers?
    – security_paranoid
    Commented Jun 27 at 8:18
  • I think it is trying to make a unique identifier.
    – security_paranoid
    Commented Jun 27 at 8:24
  • @security_paranoid I have edited the question, does that make sense? Why would the regex do anything to create an identifyer, the random number is not put in there.
    – User65535
    Commented Jun 27 at 8:27
  • Unfortunately, we are not a code analysis site. If you want an analysis, you could pop it into something like chatgpt.
    – schroeder
    Commented Jun 27 at 8:31
  • There is not enough context to deobfuscate the code. The fragment you provided is easy to understand and deobfuscate. r is the number of seconds since the epoch, o is the number of second since the tab was opened (or 0 is performance is not of type Performance or performance.now doesn't exist) and t will be a random hex-looking string. Each nibble of first r and then o (low nibbles first) is added to a random nibble and converted to hex for each x in the string and converted to hex but setting its two highest bit to 10 for each y. All other chars are left as is. This is...
    – Margaret Bloom
    Commented Jun 27 at 15:06

0

Reset to default

Browse other questions tagged .