ι¹ÔͽÌó¥µ¥¤¥È¤Î¡Öº£¤¢¤Ê¤¿°Ê³°¤Ë¡û¡û¿Í¤¬¸«¤Æ¤¤¤Þ¤¹¡×¤Ï¥¦¥½¤À¤Ã¤¿¤³¤È¤¬È½ÌÀ

½ÉÇñͽÌó¥µ¥¤¥È¤ä¥Õ¥é¥¤¥ÈͽÌó¥µ¥¤¥È¤Ê¤É¤Ç½ÉÇñÀè¤äÈô¹Ôµ¡¤ÎÅë¾è·ô¤ò¸¡º÷¤·¤Æ¤¤¤ë»þ¡¢¸¡º÷¸õÊä¤Î²£¤Ë¾®¤µ¤¯¡Öº£¤¢¤Ê¤¿°Ê³°¤Î¡û¡û¿Í¤¬Æ±¤¸¥Ú¡¼¥¸¤ò¸«¤Æ¤¤¤Þ¤¹¡×¤È¤¤¤Ã¤¿¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£³¤³°¤Îι¹ÔͽÌó¥µ¥¤¥È¤Ç¤¢¤ëOneTravel¤Ç¤Ï¡¢É½¼¨¤µ¤ì¤Æ¤¤¤ë¤³¤Î¿Í¿ô¤¬¥Ú¡¼¥¸¤Ø¤Î¥ê¥¢¥ë¥¿¥¤¥à¤ÊƱ»þÀܳ¿ô¤Ç¤Ï¤Ê¤¯¡¢¼Â¤Ïñ¤Ê¤ë¥é¥ó¥À¥à¤Î¿ô»ú¤À¤Ã¤¿¤³¤È¤ò¥»¥­¥å¥ê¥Æ¥£¸¦µæ¼Ô¤ÎOphir Harpaz»á¤¬È¯¸«¤·¤Þ¤·¤¿¡£

Harpaz»á¤¬OneTravel¤ÇÈô¹Ôµ¡¤ÎÅë¾è·ô¤òͽÌ󤷤褦¤È¤·¤¿»þ¡¢Í½Ìó¹ØÆþ¤òµÞ¤¬¤»¤ë¤¿¤á¤«¡¢¡Ö38¿Í¤¬¤³¤ÎÅë¾è·ô¤ò¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Þ¤¹¡×¤Èɽ¼¨¤µ¤ì¤¿¤È¤Î¤³¤È¡£¡Ö38¿Í¤â¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤ë¤Î¡©¡ª¡×¤ÈHarpaz»á¤Ï¾Ç¤Ã¤Æ¤·¤Þ¤Ã¤¿¤â¤Î¤Î¡¢38¿Í¤â¤Î¿Í¤¬¤³¤ÎÅë¾è·ô¤ò¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤ë¤³¤È¤ËµÕ¤Ëµ¿Ìä¤òÊú¤¤¤¿¤½¤¦¤Ç¤¹¡£

[1/4] Ok this is really funny, check this out.
I was in the process of booking a flight via @OneTravel. Trying to make me book ASAP, they claimed: "38 people are looking at this flight".
Whoa, 38 is a lot, I have to hurry up. But first I have to check how they came up with 38 >> pic.twitter.com/UaGhaiCQrR— Ophir Harpaz (@OphirHarpaz) October 16, 2019

¤½¤³¤Ç¡¢¤³¤Î¿Í¿ô¤Ï¤É¤¦¤ä¤Ã¤Æ¼èÆÀ¤µ¤ì¤Æ¤¤¤ë¤Î¤«¤òHarpaz»á¤¬³Îǧ¤·¤¿¤È¤³¤í¡¢¡Ö38¡×¤ËÅö¤¿¤ëÍ×ÁǤΥ¯¥é¥¹Ì¾¤¬¡Öview_notification_random¡×¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤¬È½ÌÀ¡£

[2/4] Right click and a quick "inspect" on the number, I found out the element's class name is "view_notification_random".
Awesome variable naming guys.
So you're _randomly_ trying to freak me out. Alright >> pic.twitter.com/xnL3hsZLP5— Ophir Harpaz (@OphirHarpaz) October 16, 2019

¤µ¤é¤ËHarpaz»á¤¬Chrome¤Î¥Ç¥Ù¥í¥Ã¥Ñ¡¼¥Ä¡¼¥ë¤ò»È¤Ã¤Æ¥½¡¼¥¹¥³¡¼¥É¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤È¡¢JavaScript¤Ç°Ê²¼¤Î¤è¤¦¤ÊÉôʬ¤òȯ¸«¡£´°Á´¤Ë28¤«¤é44¤Þ¤Ç¤Î¿ô»ú¤¬¥é¥ó¥À¥à¤ËÀ¸À®¤µ¤ì¡¢¤½¤ì¤¬É½¼¨¤µ¤ì¤Æ¤¤¤ë¤À¤±¤À¤Ã¤¿¤³¤È¤¬È½ÌÀ¤·¤Þ¤·¤¿¡£¤Ä¤Þ¤ê¡¢One Travel¤Î¡Ö¡û¡û¿Í¤¬¤³¤ÎÅë¾è·ô¤ò¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Þ¤¹¡×¤È¤¤¤¦Éôʬ¤ÏÁ´¤¯¤Î¥¦¥½¤Ç¤¢¤ê¡¢¥æ¡¼¥¶¡¼¤Ë¥Õ¥é¥¤¥È¤ÎͽÌó¤òµÞ¤¬¤»¤ë¤¿¤á¤Î¤â¤Î¤À¤Ã¤¿¤È¤¤¤¦¤ï¤±¤Ç¤¹¡£

[3/4] So what's your sophisticated pseudo-random algorithm?
Apparently, OneTravel are choosing a number between 28 and 45.
Because as you all know, based on serious psychological research, these numbers tend to make people book their flights fast #sarcasm #not42 >> pic.twitter.com/r2IrYhxr28— Ophir Harpaz (@OphirHarpaz) October 16, 2019

Harpaz»á¤Î¥Ä¥¤¡¼¥È¤ËÂФ·¤Æ¡¢¤ä¤Ï¤ê¤³¤Î¤ä¤êÊý¤Ï°ãË¡¤Ê¤Î¤Ç¤Ï¤Ê¤¤¤«¡©¤È¤¤¤¦À¼¤¬Â¿¤¯µó¤¬¤Ã¤Æ¤¤¤Þ¤¹¡£

¡Ö¥¢¥á¥ê¥«¤Ç¤Ï¤É¤¦¤Ê¤ë¤Î¤«Ê¬¤«¤ê¤Þ¤»¤ó¤¬¡¢EU¤Ç¤ÏOneTravel¤Ï¾ÃÈñ¼Ô¤Øº¾µ½¤òƯ¤¤¤¿¤È¤·¤Æȳ§¤ò²Ê¤»¤é¤ì¤Þ¤¹¡×

I do not know the laws in the US, but within the EU this company would get a penalty for consumer deception.— Christopher Dosin (@christopherdosi) October 18, 2019

¡Ö¤ª¤½¤é¤¯³«È¯¼Ô¤â¤³¤Î¤ä¤êÊý¤ËƱ°Õ¤·¤«¤Í¤Æ¤¤¤ë¤«¤é¡¢¤ï¤¶¤È¥½¡¼¥¹¥³¡¼¥É¤ò±£¤·¤Æ¤¤¤Ê¤¤¤Î¤À¤í¤¦¡×¤È¡¢¥µ¥¤¥È³«È¯¼Ô¤ËƱ¾ð¤¹¤ëÀ¼¤â¤¢¤ê¤Þ¤·¤¿¡£

Maybe the developers don¡Çt agree with the practice so they are not putting effort in hiding it ????— David da Silva @ LDN???????? (@dasilvacontin) October 18, 2019

°ìÊý¤Ç¡¢¡ÖMath.random()¤Ï°Å¹æ¤Ë»ÈÍѲÄǽ¤Ê°ÂÁ´À­¤¬¤¢¤ê¤Þ¤»¤ó¡£»ä¤Ê¤éCrypto.getRandomValues()¤ò»È¤¤¤Þ¤¹¡×¤È¡¢Íð¿ôÀ¸À®¤Î¥³¡¼¥É¤Ë¥À¥á½Ð¤·¤ò¤¹¤ë¿Í¤â¤¤¤Þ¤·¤¿¡£

Math.random() isn't cryptographically safe. I'd rather use Crypto.getRandomValues() ????— cl1pp0 (@cl1pp0) October 19, 2019