Olivia
Online
Alain Meier
@alain
Building something new for preventing fraud from AI agents. Co-founder of @getcognito, acquired by @Plaid.
San Francisco, CA
Joined July 2008
442 Following
2.5K Followers
1.6K Posts
Pinned Tweet
Discovered a new method for detecting if someone is using Incognito in Chrome:
Write 512 tiny 1-byte responses into a scratch Cache API cache, then read:
https://t.co/gsVNLl57y6.estimate().usageDetails.caches
Normal Chrome: ~393kb
Incognito: ~85kb
Why? When you're in incognito, Chrome writes to memory instead of disk, which leaves less metadata residue
@ilyagordey @BrightData @browser_use @browserbase @nottecore Do you use any novel techniques for anti-detect / stealth?
What are your favorite scraping, anti-detect, and AI agent browser services? Eg: @brightdata, @browser_use, @browserbase, @nottecore
Working on a report
@ilyagordey @BrightData @browser_use @browserbase @nottecore I’ve made a stealth benchmark that I’d like to run them against
Who to follow
John Backus
@backus
Dissonant and obsessive try-hard. Founded @getcognito (acquired by @Plaid)
Nathan Wailes 🇺🇦🇹🇼
@NathanWailes
Perfect score on the LSAT, went to the same elite HS as geohot.
Full-stack dev, indie hacker.
Brad Vogel
@BradVogel
Builder of https://t.co/Rt0absSkFl (prev @mixmax). Software craftsman 🛠️✨. Thoughts and opinions are my employer’s.
@Medaiseo 1) if you’re an iCloud Relay user it’s helpful to know that depending on your country, it may be less randomizing than you think it is relative to other VPNs
2) if you’re in risk, it’s helpful to have another data point to key anonymous traffic on. In this case, lowering risk
You can detect if someone is using iCloud Private Relay super easily
Apple publishes a database of their egress IP addresses and the entire world's iCloud Private Relay traffic exits through ~105K IPv4 addresses.
I analyzed it and found some surprising stuff. Let's dig in:
@Medaiseo Does anything matter?
@james_raftery Extremely cool idea. Love the concept of tying revenue to fraud rules directly and modeling it as protecting-the-upside rather than just the downside
Did you do it with anything other than ASNs?
@SanthProject Sounds interesting, any more details?
You can find the raw data, straight from Apple, here:
https://t.co/cA24MZO6yy
Follow me @alain for more opsec, browser security, and privacy/fingerprinting explorations
You can detect if someone is using iCloud Private Relay super easily
Apple publishes a database of their egress IP addresses and the entire world's iCloud Private Relay traffic exits through ~105K IPv4 addresses.
I analyzed it and found some surprising stuff. Let's dig in:
But iCloud Private Relay users can rejoice: its traffic is typically associated with *lower* levels of fraud because it requires having a valid Apple ID with a working credit card.
So (good) fraud models treat this as a risk reducer, despite it being a VPN
Nice find! This is different though - the link you have is about:
(await https://t.co/gsVNLl57y6.estimate()).quota
Try it yourself in devtools, it reports the same across incognito and not incognito
The finding in the parent post is still active and survives quota normalization because it leaks through per-storage-type usage accounting
Discovered a new method for detecting if someone is using Incognito in Chrome:
Write 512 tiny 1-byte responses into a scratch Cache API cache, then read:
https://t.co/gsVNLl57y6.estimate().usageDetails.caches
Normal Chrome: ~393kb
Incognito: ~85kb
Why? When you're in incognito, Chrome writes to memory instead of disk, which leaves less metadata residue
@filipens00 Mozilla has different ones that I have found, but not this specific one
@chrisbward Yep - this can also work. Some of the privacy browsers mitigate this one, though
@pa1nark Just sharing my research. I think it's helpful for people to be aware that these things are possible
It's structurally difficult for the browsers to fix issues like this because the memory-based write is advantageous for other reasons
@quasa0 @uwukko @heliumbrowser Helps with:
1) backend scoring for fingerprinting because you can tune thresholds [browsers change multiple readings in incognito mode]
2) feed it into risk models - it's a small indicator, but more often associated with low-tier fraud activity
@quasa0 @uwukko @heliumbrowser Looks like the one in the tweet works on Helium btw - different/tighter threshold than Chrome though
Last Seen Users on Sotwe
Jade Eagle
Seen from Turkey
gokhantest
Seen from Thailand
🔞sargodha couple 🔞
Seen from United States
ASS LICK
Seen from Turkey
Exconada
Seen from Italy
mersin travesti ecrin
Seen from Turkey
huma shahzadi
Seen from Pakistan
lovemuscledads
Seen from Germany
Couple.DZ
Seen from Algeria
🔞Gay Ai🌭series 3D🚀by ApolloX
Seen from Saudi Arabia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers