Worldlines: Visualizing Special Relativity (2010) (worldlines.sourceforge.net)

1 points by sans_souse 1m ago 0 comments

Show HN: Fine-tune your image through intuitive dialogue (flux1kontext.org)

1 points by bethany33 2m ago 0 comments

Apple Executives Won't Be Appearing at This Year's WWDC "The Talk Show Live" (macrumors.com)

1 points by tosh 4m ago 0 comments

Show HN: Edit photos with simple text prompts (fluxkontext.im)

1 points by bethany33 5m ago 0 comments

Quaternion formulation claimed to resolve Navier Stokes Millennium Problem (arxiv.org)

1 points by semi-extrinsic 7m ago 0 comments

RFK Jr's 'Maha' report found to contain citations to nonexistent studies (theguardian.com)

3 points by KnuthIsGod 8m ago 0 comments

Robert Jarvik, who designed the first permanent artificial heart, dies (sltrib.com)

1 points by Kaibeezy 8m ago 0 comments

Neuroscience needs to empower early-career researchers, not fund moon shots (thetransmitter.org)

1 points by rkp8000 9m ago 0 comments

Passkey can detect auth cloning via signCount, but big tech do not support it (uzyn.com)

1 points by uzyn 10m ago 0 comments

Twitter Header: Part 1 (fa0311.github.io)

1 points by swyx 11m ago 0 comments

Ask HN: Why Companies Do Not Provide RSS Feeds of Job Openings

1 points by quaintdev 12m ago 0 comments

How the iPhone Drove Men and Women Apart (nytimes.com)

1 points by philonoist 17m ago 0 comments

Duplication Is Not the Enemy (terriblesoftware.org)

2 points by thunderbong 26m ago 0 comments

AppImage from Scratch (kevinboone.me)

1 points by LaSombra 32m ago 0 comments

Trends shaping open source funding–and what they mean for maintainers (github.blog)

1 points by EvgeniyZh 32m ago 0 comments

Scientists Have Clear Evidence of Martian Atmosphere 'Sputtering' (sciencealert.com)

2 points by benkan 41m ago 0 comments

More film and television to watch than ever before – good luck finding it (salon.com)

1 points by benkan 41m ago 0 comments

Stealthy Backdoor Campaign Affecting Asus Routers (greynoise.io)

2 points by benkan 43m ago 0 comments

The DSM is not medical science – it's a social control manual (github.com)

3 points by stagas 43m ago 0 comments

Man skateboarding to Africa has belongings stolen (bbc.com)

2 points by suraci 44m ago 1 comments

Exploring the OKLCH ecosystem and its tools (evilmartians.com)

1 points by alwillis 46m ago 0 comments

Show HN: Laravel Cookie Consent (github.com)

1 points by ma8nk 46m ago 0 comments

Nosey: Open-source hardware for acoustic nasalance (arxiv.org)

1 points by 50kIters 47m ago 0 comments

Show HN: Free Tailwindcss Components for HTML and JSX UIs (tailwindready.com)

1 points by dvsxdev 48m ago 0 comments

9 days incident of Ubuntuforums.org HTTP (status.canonical.com)

1 points by zdkaster 48m ago 0 comments

VisionCraft v2 MCP now better than Context7 (github.com)

1 points by augmentedai 49m ago 0 comments

Open-source project that use LLM as deception system

9 points by mariocandela 49m ago 1 comments

First new antibiotic in 50 years to tackle superbug (telegraph.co.uk)

2 points by walterbell 51m ago 0 comments

Buttplug MCP (github.com)

47 points by surrTurr 56m ago 26 comments

The Ivy League Dream possible for Indian middle class

1 points by hakamsingh 58m ago 1 comments

A fake Facebook event disguised as a math problem is one of its top posts for 6M (engadget.com)

2 points by fredley 59m ago 0 comments

Taking Exams in Blue Books? They're Back to Help Curb AI Cheating (2024) (kqed.org)

1 points by walterbell 1h ago 1 comments

Launching TextCLF: An API to create custom text classification models

1 points by santanaforai 1h ago 0 comments

A Poor Man's Types (blog.snork.dev)

1 points by todsacerdoti 1h ago 0 comments

San Francisco Tech Exodus: 2020 Predictions vs. 2025 Reality (jobswithgpt.com)

1 points by sp1982 1h ago 0 comments

Let's DO this: detecting Workers Builds errors across 1M Durable Objects (blog.cloudflare.com)

1 points by 076ae80a-3c97-4 1h ago 0 comments

Ask HN: Since getting an Agent, what's changed in your life?

1 points by yeeyang 1h ago 7 comments

Decorators and Functional Programming (lihil.cc)

1 points by BerislavLopac 1h ago 0 comments

AI jobs danger: Sleepwalking into a white-collar bloodbath (axios.com)

2 points by duck 1h ago 2 comments

Learning System 1.0 (shaneso.dev)

1 points by Shaneso 1h ago 0 comments

Show HN: Because Apple's daily rings are limited: App for weekly activity goals (apps.apple.com)

2 points by tobias5 1h ago 0 comments

Consider the Cronslave (hiandrewquinn.github.io)

1 points by hiAndrewQuinn 1h ago 0 comments

Live Watches comes to CLion's debugger with the new build (neowin.net)

1 points by bundie 1h ago 0 comments

The End of Seeing Is Believing (tumithak.substack.com)

1 points by miles 1h ago 0 comments

Fake My Run Is Tricking Strava While Trying to Make a Larger Point (nytimes.com)

2 points by helsinkiandrew 1h ago 1 comments

Canonical Announces First Ubuntu Desktop Image for Qualcomm Dragonwing Platform (canonical.com)

1 points by tapanjk 1h ago 0 comments

Shadcn/UI in HTML and Tailwind (basecoatui.com)

2 points by vishnumohandas 1h ago 0 comments

What's Your Doge Number? (yourdogenumber.live)

1 points by anshyyy 1h ago 0 comments

AI is helping rescue a nearly extinct bird species (mashable.com)

2 points by 01-_- 1h ago 0 comments

Google AI Overviews Says It's Still 2024 (wired.com)

2 points by 01-_- 1h ago 0 comments

Reverse engineering Twitter's new WASM-based "X-XP-Forwarded-For" antibot header

14 dsekz 4 5/29/2025, 11:10:40 AM

Twitter/X recently added a new header called X-XP-Forwarded-For, generated and encrypted by their own WASM-based fingerprinting system. This repo breaks down the entire flow: https://github.com/dsekz/twitter-x-xp-forwarded-for-header

Comments (4)

dsekz · 11h ago

In its current state, the protections are pretty weak. I’m sure they’ll update it, and we’ll see what changes they bring. If this header is meant to serve as an anti-bot measure, then there’s a lot more work they need to do both on the JS and WASM sides. On top of that, processing fingerprint data on the backend, like building user/fingerprint profiles, analyzing detailed browser, device and low level connection info, and using AI to spot patterns, makes the system a lot more complex. However, based on the current implementation, I anticipate they’ll likely stick to a relatively simplistic approach.

Raed667 · 13h ago

so the encryption is pretty much hardcoded making it more like an "obfuscation" ?

dsekz · 11h ago

You’re right. In this case, just knowing the guest_id is enough to break down the header. Twitter’s main goal here is mostly to obfuscate the data and make the reverse engineering process more painful.

seventh12 · 7h ago

Reversing will always win