Posts by privacybrowser@fosstodon.org
(DIR) Post #AawHs56ubDhxf8SpEG by privacybrowser@fosstodon.org
2023-10-19T20:29:15Z
0 likes, 0 repeats
@lanodan I think it has a lot more to do with the GUI code than the rendering engine code. In my testing, Chrome and Firefox for Android do not display the correct URL. Lightning behaves correctly the same as Privacy Browser Android. FOSS Browser and Fulguris (a fork of Lightning) change the URL, but they cover it up with the website title, so you can't see it unless you tap to edit it.
(DIR) Post #AawIrnNWcuL6cbf7J2 by privacybrowser@fosstodon.org
2023-10-19T20:35:55Z
0 likes, 0 repeats
@lanodan “This function provides protection against IDN homograph attacks, so **in some cases** the host part of the returned URI may be in Punycode if the safety check fails.”Do you know which are the cases where it displays the punycode and which are the cases where it doesn’t?
(DIR) Post #AawJuf6ZwWaNmkfNHk by privacybrowser@fosstodon.org
2023-10-19T20:51:05Z
0 likes, 0 repeats
@lanodan I have to disagree with you on the password manager. Everyone should use an offline password manager that does not sync to some cloud service, but for security and privacy reasons, nobody should use a password manager that integrates with their web browser.You never want something that is processing untrusted data inputs (a web browser) having any connection path to the data store that holds your passwords.
(DIR) Post #AawKcJBmmsboYVuk5Y by privacybrowser@fosstodon.org
2023-10-19T20:58:42Z
0 likes, 0 repeats
@lanodan That is a good distinction, but even integrated is too much of a security compromise for me to be able to recommend it to anyone.
(DIR) Post #AawKcK7DLMXvQcmbbM by privacybrowser@fosstodon.org
2023-10-19T21:02:06Z
0 likes, 0 repeats
@lanodan Secure passwords look like this:1. Length is far more important for entropy than characters that are hard to remember or type. Think https://xkcd.com/936/2. Choose passwords that are unique and that you can easily remember. For example, if you think Microsoft or Google or Apple is the great evil, then your password for that site might be the following, including the spaces and punctuation.Google is the great evil.
(DIR) Post #AawL5TU3ahVQskMra4 by privacybrowser@fosstodon.org
2023-10-19T21:04:51Z
0 likes, 0 repeats
@lanodan 3. Put that password in your password manager. If you use the site frequently, you will not need to reference the password manager frequently. But, if for some reason you forget, you can open the password manager and remind yourself.4. Because you can type this password easily, you don't need to use copy/paste (which can be compromised) or an integration with the browser (which can be compromised) to input it. You can just type it.
(DIR) Post #AawLuBVWBcmhtjEQM4 by privacybrowser@fosstodon.org
2023-10-19T21:09:59Z
0 likes, 0 repeats
@lanodan If you are typing a password into a website, it better be because you typed the URL or loaded it from your own bookmark.If you go back to the original article, it was about someone downloading a compromised version of KeePass from an invalid website (ironic in the context of a discussion of password managers). KeePass is what I use myself, but I don't tend to find their website through a Google ad before initiating the download.
(DIR) Post #AawMkpPL5DFmhlRZse by privacybrowser@fosstodon.org
2023-10-19T21:21:21Z
0 likes, 0 repeats
@lanodan 😂 We are just going to have to agree to disagree. Personally, any programmatic integration of a password manager into the web browser is a much more likely vector of attack and one that I am unable to recommend to anyone.
(DIR) Post #AawN9oDWe9C0FgpW1Q by privacybrowser@fosstodon.org
2023-10-19T21:29:36Z
0 likes, 0 repeats
@lanodan How exactly would you recommend going to a new website, creating an account, and typing in the password without some version of typing the URL for the website where you want to create an account? I fail to see how any password manager is going to do this for you.
(DIR) Post #AawNQX5Za9zy3K5J68 by privacybrowser@fosstodon.org
2023-10-19T21:31:47Z
0 likes, 0 repeats
@lanodan So, use bookmarks to access sites where you already have accounts and type the URL yourself for new sites where you want to create accounts. None of that needs password manager integration and all the potential security and privacy pitfalls that entails.
(DIR) Post #Ab0zmTcJkF0uXv8Bhw by privacybrowser@fosstodon.org
2023-10-21T21:20:01Z
0 likes, 0 repeats
I wrote a blog post about Privacy Browser and password manager integration.https://www.stoutner.com/privacy-browser-and-password-managers/
(DIR) Post #Ab9I8oLlYX0QiQcxNI by privacybrowser@fosstodon.org
2023-10-26T01:07:36Z
2 likes, 1 repeats
A reminder of two things.1. You have no expectation of privacy or security when JavaScript is enabled.2. Your password manager should never be integrated into your web browser.https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/
(DIR) Post #AbgDYgEIiVk6iogt9c by privacybrowser@fosstodon.org
2023-11-10T22:33:54Z
0 likes, 1 repeats
Don’t trust the cloud, and particularly not any program that is sending your data there without your consent.https://stackdiary.com/microsoft-is-uploading-your-secret-data-to-its-cloud-through-outlook/
(DIR) Post #AbgDYiG9AcPL17ZOJE by privacybrowser@fosstodon.org
2023-11-10T22:34:41Z
0 likes, 0 repeats
I am old enough to remember when the foregoing sentence would not have even made sense.
(DIR) Post #AcH1e2WEWHCeKjq9bs by privacybrowser@fosstodon.org
2023-11-28T16:54:38Z
0 likes, 1 repeats
I am considering changing Privacy Browser Android’s default for scrolling the app bar to false for new installs. As the average device screen size has increased over the years, I have found that I now turn off app bar scrolling on all my new devices. I would imagine this is similar for most users. If this change were enacted, users could still enable app bar scrolling if desired. It would simply adjust the default to match what I assume most users want.https://redmine.stoutner.com/issues/1130
(DIR) Post #AcH2Qg7iZdeD45ZA7k by privacybrowser@fosstodon.org
2023-11-28T18:39:54Z
1 likes, 0 repeats
@publiclewdness Mostly the purpose of this poll is to see if my hunch is correct that the majority of users currently disable app bar scrolling. Generally, the default settings for a good program should be the settings the majority of users prefer. (Sometimes they need to be the settings that will keep users out of trouble, but rarely is that different than what they prefer.)
(DIR) Post #AcH2fGCxD2yd26y6nA by privacybrowser@fosstodon.org
2023-11-28T18:42:18Z
1 likes, 0 repeats
@publiclewdness Along these lines I am constantly impressed by how frequently closed-source programs have conflicts of interest that cause them to set defaults that are expressly not in their user's best interests, but are somehow perceived to be in the best interests of the company’s bottom line.
(DIR) Post #AcQvumxAzKYspwe3pQ by privacybrowser@fosstodon.org
2023-12-02T23:56:06Z
1 likes, 0 repeats
I posted a video about cookies.https://spectra.video/w/pinirDiR1skNjise6nzjRqhttps://www.stoutner.com/videos/
(DIR) Post #AiLEzg7XFLuZuokYro by privacybrowser@fosstodon.org
2024-05-27T21:19:00Z
0 likes, 0 repeats
Privacy Browser Android 3.18 has been released.https://www.stoutner.com/privacy-browser-android-3-18/
(DIR) Post #AlucxRqdphab7FZ0me by privacybrowser@fosstodon.org
2024-09-11T21:43:11Z
0 likes, 1 repeats
I posted a video explaining User Agents.https://spectra.video/w/tJt7n1iy4J24C9YnYTuHVH