so.cl

In this article, we explain how the real name of a macOS user can be leaked through a browser without permissions. The proof of concept demo is optimized for performance rather than accuracy and results may be affected by device or network configuration.

The name brute-forcing technique uses a pre-made list of the 50 most popular gender-specific names from a specific country origin. Our experiments showed that this is enough to detect a macOS user’s name correctly in 65% of the cases on average. Brute-forcing a macOS user’s real name from a browser using mDNS