HackerTrans
TopNewTrendsCommentsPastAskShowJobs

palant

no profile record

comments

palant
·el año pasado·discuss
Note: I am the author of this article.

Apples and oranges. Android is supposed to isolate apps from each other (yes, theory). So a malicious app should only be able to steal data the user provides it with.

On the other hand, a single malicious extension will compromise the entire browser. Nothing you do on any website is any longer safe.

Not that I don’t think that Google should pay more attention to the apps in the Play Store. But allowing extensions to hide their functionality with remote code is plain negligent.
palant
·hace 2 años·discuss
Note: I am the author of this article.

MV3 makes it considerably harder to introduce a security vulnerability, but it doesn’t really help with outright malicious extensions. In the end this isn’t an issue which can be solved by technical means. It’s a moderation issue, and Google currently seems to be scaling back moderation despite not being great at it to start with.
palant
·hace 2 años·discuss
Note: I am the author of this article.

That question is answered, in the last section of the article. And: yes, they are selling it, as they admit in the privacy policy.
palant
·hace 2 años·discuss
As I said: “according to many credible witnesses, not all of them anonymous. Heck, some of it is even on video.”
palant
·hace 2 años·discuss
What is there to be gained you ask? Well, there is currently a creep in a position of power at FSF who is actively making women and other people feel unwelcome, effectively pushing them out of the community. By removing him from this position, making it clear that such behavior is unacceptable and will not be tolerated, a much broader participation could be achieved. And then these "much bigger" issues you seem to care about have a better chance of being solved.

Unless of course your whole point was using whataboutism to defend your hero, because you think that past achievements always outweigh any harm he may be doing.
palant
·hace 2 años·discuss
[flagged]
palant
·hace 3 años·discuss
As I said, one device is enough.
palant
·hace 3 años·discuss
Note: I am the author of this article.

They have at least one device with an unencrypted copy of their data, likely two or more. They only need this passphrase to set up sync. If they ever forget it, they reset sync, set a new passphrase and re-upload the data. No nuking.
palant
·hace 3 años·discuss
Note: I am the author of this article.

Yes, they will probably ask Facebook then. Or check your web search history. There is more than one source for them to draw from. But you can shut down this huge source of your private information easily. You can deal with the rest of them later (all possible).
palant
·hace 3 años·discuss
Note: I am the author of this article.

Firefox Sync encrypts all data on the client side before sending it. Chrome Sync can do the same if you know which settings to use. 1Password, Bitwarden, Dashlane – every password manager worth their salt encrypts data locally (LastPass is the only one which failed really badly here). How is this rare and not something we should expect?
palant
·hace 3 años·discuss
Funny thing is: declarative access to websites still allows for plenty of mischief if one wanted to do it. I’ve actually seen malicious extensions abuse that. Browsers might have to revisit the decision to ignore declarative access as far as the permission prompt goes.
palant
·hace 3 años·discuss
Note: I am the author of this article.

Yes, they fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
palant
·hace 3 años·discuss
Note: I am the author of this article.

Every ad blocker gets full and complete access to all your data. It needs that kind of access in order to … tada … remove ads. It’s really simple: ads are on all websites, so an ad blocker needs access to all websites.

You probably mean that Adblock Plus abuses this access? Surely this is something you have proof for? Here you can see an example of how this kind of thing looks like: https://palant.info/2023/06/05/introducing-pcvark-and-their-.... You can look around in my blog, there is more.

It has been a while since I’ve been involved with Adblock Plus. I sincerely doubt however that ABP’s privacy stance changed that much since I’ve left. But I’ll wait for you to find proof for your claims.
palant
·hace 3 años·discuss
Note: I am the author of this article.

They fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...