White Ops. I have infered this from the name of Reddit’s feature flag, and mentions of White Ops which is a “global leader in bot mitigation, bot prevention, and fraud protection”. They appear to do this by collecting tons of data about the browser, and analyzing it. I must say, their system is quite impressive.
Back to the DRM issue, it appears that the script is checking what DRM solutions are available, but not actually using them. However, just checking is enough to trigger Firefox into displaying the DRM popup. Specfically, it looks for Widevine, PlayReady, Clearkey, and Adobe Primetime.
main.js does a bunch of other interesting things, but there’s so many that I’ve written a whole seperate blog post about all of the ones I found. Here are some highlights:
"haha jit go brrrrr"appears in a part of the code that appears to be doing something weird with math operations.
res://ieframe.dll/acr.js, which can be used to exploit old Internet Explorer versions (I think)
[native code]when stringified
toStringitself is implemented in native code (although it doesn’t go any levels deeper than data)
Weird. Thanks for reading.