Viewing a single comment thread. View all comments

yam wrote

You could fuzz for hidden API endpoints, and you could do comparative timings on requests to know API endpoints to see if they diverge from relative timings from running the service locally.


CameronNemo wrote

The timing could be affected by so much, though. If they used a cloud instance to host, it might be easier to reproduce. But local hardware would be a guesstimate at best...


throwaway wrote

Having hidden endpoints would be beyond stupid, if they were trying to appear as though they are running free software.

The thing about timing is an interesting thought, but I really doubt it's of any practical use. It's simply not reliable enough, too many factors can affect the timing.