The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s.

Below is the email I sent, and the reply from OnAudience



The script that OnAudience uses can be found here

if you have time, check out this tweet thread between Carl and AntiSocial Engineer as they discuss the law vs what happens (or should happen) in reality.