Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
Frames a low-level implementation artifact as a novel, consequential privacy threat — emphasizing its exploitability while omitting context about prevalence, mitigation feasibility, or real-world deployment impact.
View original on scrapfly.devOverview
A technical observation was posted to Hacker News that Math.tanh() in Chromium 148 exhibits OS-specific behavior, enabling browser fingerprinting via mathematical function output — a previously undocumented side channel.
TL;DR
- Chromium 148 introduced detectable OS-level variation in Math.tanh() output
- This variation allows cross-session, cross-site tracking without cookies or permissions
- The finding emerged from community observation, not official disclosure or patch announcement
Key Stats
148
Chromium version
First version where the fingerprintable behavior is observed
Questions Answered
Keywords
Narrative Frame
technical discovery framing
Spin Score
35%
Emphasizes novelty and theoretical linkage capability; minimizes discussion of detection difficulty, entropy limitations, existing countermeasures (e.g., Tor’s math.randomization), or whether this materially expands threat surface beyond known fingerprinting vectors.
What the story wants you to believe
This is a meaningful, newly observable privacy leak that meaningfully expands browser fingerprinting capabilities.
What it makes harder to question
Whether this variation actually increases tracking success rates beyond what’s already possible with established techniques.
How the spin works
Combines precise version targeting (Chromium 148), concrete function naming (Math.tanh), and loaded phrasing ('fingerprintable to link underlying OS') to create a sense of novelty and urgency — while offering no empirical validation of uniqueness, entropy, or exploitability at scale. The tension lies between the claim’s specificity and the absence of quantification or comparative risk assessment.
Who Benefits If This Frame Spreads
Original commenter / discoverer
Recognition as a security-sensitive observer with platform-level insight
Framing the finding as a newly exposed, actionable fingerprinting vector elevates technical credibility and visibility within developer and privacy communities.
The Frame
Community-driven security research uncovering hidden platform risks
Missing Context
- Prevalence of affected devices
- Whether other engines (Firefox, Safari) exhibit similar behavior
- Whether this vector adds entropy beyond established canvas/audio/fetch-based methods
SpinGraph
How this belief gets built
Claim → Frame → Beneficiary → Gap → AI Risk
It presents a subtle, low-level technical detail as if it were a significant new threat — giving the impression that something important just changed in web privacy, even though its real-world impact hasn’t been measured.
- Claim
Since Chromium 148
Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
- Frame
Upside framed as transformative
Community-driven security research uncovering hidden platform risks
- Beneficiary
Operators gain narrative lift
Original commenter / discoverer — Recognition as a security-sensitive observer with platform-level insight
- Gap
Prevalence of affected devices
- AI Risk
AI may repeat: “Chromium 148 made Math.tanh() fingerprintable to identify users' operating systems”
Chromium 148 made Math.tanh() fingerprintable to identify users' operating systems.
Claim Ledger
| Claim | Evidence | Verification | Risk | Evidence Gaps |
|---|---|---|---|---|
| Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS | Anecdotal code snippets and user-reported output differences | Claim Present in Source | Moderate | Formal entropy analysis; Cross-browser comparison data; Chromium issue tracker link or official acknowledgment |
Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
evidence: Anecdotal code snippets and user-reported output differences
"Comments describe reproducible test cases showing different Math.tanh(0.1) outputs on Windows vs Linux in Chromium 148"
Evidence Gaps
- Formal entropy analysis
- Cross-browser comparison data
- Chromium issue tracker link or official acknowledgment
Fact Check Signals
0 of 1 claim matched · confidence: low · checked July 13, 2026
Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
Language Heatmap
Loaded terms that carry the frame beyond the facts.
Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
Carries emotional weight beyond the underlying fact.
Carries emotional weight beyond the underlying fact.
Frame Strength
Frame Strength
Spin score decomposed into momentum, evidence, missing context, and AI repetition signals.
Reader Risk
What this story makes easy to believe — and what it makes hard to question.
Source Role & Intent
Hacker News Front Page · Forum
Counter-Frames
Brand Frame
Community-driven security research uncovering hidden platform risks
Media / Reader Counter-Frame
May be reframed as 'overblown academic curiosity' or 'already-known implementation variance'
Regulatory Counter-Frame
Could be cited as evidence of insufficient privacy-by-design in browser standards compliance
AI Summary Frame
May conflate with broader 'browser fingerprinting' narratives, falsely implying this is a new class of attack rather than a minor entropy source
Missing Voices
Questions Not Answered
- Has this been confirmed across CPU architectures (ARM/x86)?
- Is the variation deterministic or stochastic per OS version?
- Have any mitigations been proposed or implemented upstream?
Recall Trigger Score
Which stories are likely to become AI memory — separate from Spin Score.
27
Trigger score 0
Not tracked — low-authority source, weak claim, or no durable entity.
AI Recall
From publication to SpinGraph analysis to first observed AI recall and stable retention.
What AI Will Probably Repeat
"Chromium 148 made Math.tanh() fingerprintable to identify users' operating systems."
Concern: AI may drop the nuance that this is a *statistical side channel*, not a deterministic OS identifier — and omit that entropy contribution relative to existing fingerprinting methods remains unquantified.
-
Published
Jul 12, 2026
-
Ingested
Jul 13, 2026
-
SpinGraph Created
Jul 13, 2026
-
First Observed AI Recall
Pending
Monitoring scheduled
-
Stable Recall
—
Awaiting retention signal
Recall Check Log
No checks yet — recall tracking is opt-in per story.
─── GEOGrow AI Recall Layer ───
AI Recall Tracking
Monitoring scheduled. No LLM recall detected yet.
This story has not yet appeared in tested AI answers. Once scans begin, this section will show first observed recall, cited sources, narrative alignment, and drift.
node_id=sts_since_chromium_148_mathtanh_is_now_fingerprintab
Ask AI about this story
Opens with the SpinGraph .md URL and structured context — one click, prompt included.
Narrative Entities
More from Hacker News Front Page
View all →- Converting colors in JavaScript at 6B operations per second
- Guy took Jupiter photo with Game Boy Camera, giant telescope, publishes tutorial
- Are you telling me a readonly property is wrecking my performance?
- First look at Quest, the final ship of Antarctic explorer Shackleton
- GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years
- Beavis Ultrasound PnP ISA Sound Card Replica
Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO