Post AMBlTI9guz2RCM9LUG by devSJR@mastodon.technology
(DIR) More posts by devSJR@mastodon.technology
(DIR) Post #AM8HXsWA5LeZ293Equ by privacybrowser@fosstodon.org
2022-08-02T23:23:16Z
0 likes, 1 repeats
This is why something as sensitive as a browser should not have the ability to install extensions or plugins.SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity – https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
(DIR) Post #AM8JJhT4ZTyGcKyPrc by huy_ngo@fosstodon.org
2022-08-02T23:43:06Z
0 likes, 0 repeats
@privacybrowser yea and stuff like content blocking, custom css, url redirect, password manager integration should all be built in the browser
(DIR) Post #AM8K9RYey8ZsKeGAxE by privacybrowser@fosstodon.org
2022-08-02T23:52:28Z
0 likes, 0 repeats
@huy_ngo Agreed, except that, for security reasons, your password manager should never be integrated into the browser in any way. There needs to be several degrees of separation between your password manager and anything that parses untrusted data like a web browser.
(DIR) Post #AM8Ys7CWtvHpaN6VZA by gruff@mastodon.technology
2022-08-03T02:37:23Z
0 likes, 0 repeats
@privacybrowser @huy_ngo "parses untrusted data" wow that almost put my brain in an infinite loop. Pretty much all data fall into that bracket, because it transits..... I'll just leave you to ponder...... lol...
(DIR) Post #AM8aS0vNoYG6UxlWZE by privacybrowser@fosstodon.org
2022-08-03T02:55:06Z
0 likes, 0 repeats
@gruff @huy_ngo Basically everything on the web that you didn’t create yourself is untrusted data. Compare this to something like a word processor, which, unless you are opening documents from the web, is only parsing data you yourself are entering into it. Which means that, unless you are attempting to hack yourself, it is only parsing trusted data.
(DIR) Post #AM8ak9A7vPuhGBJAbA by privacybrowser@fosstodon.org
2022-08-03T02:58:22Z
0 likes, 0 repeats
@gruff @huy_ngo I have written a bit about this concept in discussing that, for security reasons, web browsers should not attempt to be a general operating system.https://www.stoutner.com/privacy-browser-android/core-privacy-principles/https://www.stoutner.com/minimizing-privacy-browsers-attack-surface/
(DIR) Post #AM8anb4AdSIufgAR1c by privacybrowser@fosstodon.org
2022-08-03T02:59:01Z
0 likes, 0 repeats
@gruff @huy_ngo I have written a bit about this concept in discussing that, for security reasons, web browsers should not attempt to be a general purpose operating system.https://www.stoutner.com/privacy-browser-android/core-privacy-principles/https://www.stoutner.com/minimizing-privacy-browsers-attack-surface/
(DIR) Post #AM9DnDyuMQtNHrWFge by pixelcode@social.tchncs.de
2022-08-03T10:15:55Z
0 likes, 0 repeats
@privacybrowser I really like browser addons, because they can improve both security and privacy. There will always be measures to do that that aren't natively implemented into the browser yet, for example a CSS exfil protection or a URL parameter cleaner. https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
(DIR) Post #AM9cHrHtBSKQmRXOlM by privacybrowser@fosstodon.org
2022-08-03T14:50:22Z
0 likes, 1 repeats
@pixelcode Privacy Browser already has URL parameter cleaning (named URL Modification), and there are more configurable options planned for the future. You are welcome to submit feature requests for any specific feature you would consider valuable.https://www.stoutner.com/url-modification/https://redmine.stoutner.com/issues/502
(DIR) Post #AM9cPIvAqCfeVmSmUy by privacybrowser@fosstodon.org
2022-08-03T14:51:44Z
1 likes, 0 repeats
@pixelcode At the end of the day, if you are only interested in a semi-private and semi-secure browser, then having an extension framework is an OK idea. But there ought to be at least one browser on the internet that is completely focused on security and privacy, which is why Privacy Browser will never allow extensions or plugins.
(DIR) Post #AM9dVl3PFyxzSIxHXs by privacybrowser@fosstodon.org
2022-08-03T15:04:06Z
0 likes, 1 repeats
@pixelcode Stealing Data With CSS: Attack and Defense :: Mike Gualtieri – https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense“There are a variety of attack scenarios which can leverage CSS Exfil, including:”...“Malicious or hijacked browser extensions”I rest my case.
(DIR) Post #AMBlTHe8oHnjcVO9JI by futureisfoss@fosstodon.org
2022-08-03T08:52:36Z
0 likes, 0 repeats
@huy_ngo @privacybrowserA couple of things I use extensions for are:To make websites dark. Privacy browser has an option to darken websites and it works good most of the time.Sometimes I use the zapper mode in uBlock Origin to get rid of those annoying cookie boxes and stuff like that. I think uBlock Origin even had some filter lists to automatically get rid of these annoyances, so I've enabled those too.URL redirection to private front-ends like Invidious, Nitter, etc.
(DIR) Post #AMBlTI9guz2RCM9LUG by devSJR@mastodon.technology
2022-08-04T15:11:08Z
0 likes, 0 repeats
@futureisfoss''URL redirection to private front-ends like Invidious, Nitter, etc.'' would be a nice thing in privacy browser.@huy_ngo @privacybrowser
(DIR) Post #AMBlTIbhErRKbDFi8e by privacybrowser@fosstodon.org
2022-08-04T15:42:42Z
0 likes, 0 repeats
@devSJR @futureisfoss @huy_ngo You can leave any comments you have on this feature request at https://redmine.stoutner.com/issues/502 .
(DIR) Post #AMBlTJBV5k50OG0Iwi by futureisfoss@fosstodon.org
2022-08-03T08:54:31Z
0 likes, 0 repeats
@huy_ngo @privacybrowserIt would be really cool if a browser had all of these features built-in, but I don't know how practical that is because it could also increase the complexity of the code.
(DIR) Post #AMBlrEEd94kvzPsFDU by privacybrowser@fosstodon.org
2022-08-04T15:47:01Z
0 likes, 0 repeats
@futureisfoss @huy_ngo EasyList Cookie List, part of Fanboy’s Annoyance List, which is included in Privacy Browser, does a pretty good job of blocking cookie banners and GDPR overlays.https://easylist.to/
(DIR) Post #AMCDF05e5KPJpfEOEy by devSJR@mastodon.technology
2022-08-04T20:53:51Z
0 likes, 0 repeats
@privacybrowserGreat. Nothing to add.@futureisfoss @huy_ngo