Little Pig, Little Pig! Let Me Admin! (Security Thread)

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Wed Feb 19, 2020 4:16 pm

Mongrel wrote:Clickbait garbage aside, the WaPo also published this absolutely fascinating longform article today:

Well, last week, but it's still a good article.

User avatar
Büge
Posts: 3738
Joined: Mon Jan 20, 2014 6:56 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Büge » Wed Aug 12, 2020 6:31 am

Mozilla is laying off 250 people and planning a ‘new focus’ on making money



uh oh
Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Wed Aug 12, 2020 5:53 pm

Firefox is also getting a stronger focus on user growth “through differentiated user experiences.”


You know, you might have thought of that before you spent the past decade trying to make Firefox look and feel exactly like Chrome.

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Fri Aug 14, 2020 1:54 pm

Büge wrote:Mozilla is laying off 250 people and planning a ‘new focus’ on making money



uh oh


August 14

Image
Image

User avatar
Mongrel
Posts: 14977
Joined: Mon Jan 20, 2014 6:28 pm
Location: Canadumb

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Fri Aug 14, 2020 3:12 pm

I am not looking forward to customizing a new browser so extensively. Sigh.
Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Mon Aug 17, 2020 11:25 am

An Alexa bug could have exposed your voice history to hackers

I understand the appeal of Alexa. I have family who have it. Being able to say "Alexa, play Favorite Things by John Coltrane" and it does is some Star Trek shit. That's fucking cool; I won't deny it.

But Jesus Christ the idea of an Internet-connected device that listens to everything you say is viscerally horrifying to me. I can't ignore the Orwell underneath the Gernsback.

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Mon Aug 17, 2020 11:28 am

Yeah, now count how many of those you actually have right now.
Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Mon Aug 17, 2020 11:41 am

Brentai wrote:Yeah, now count how many of those you actually have right now.

Devices that are currently configured to listen to everything I say, all the time? None.

Devices that an attacker could reconfigure to listen to everything I say, all the time? Quite a few.

Devices that track my physical position at all times and which I keep in my pocket everywhere I go? One.

Websites I visit that track where I come from, where I go, what I do while I'm there, and probably have a reasonably accurate profile of my PII despite use of adblockers, script-blockers, privacy extensions, and VPN? All of them.

User avatar
Mongrel
Posts: 14977
Joined: Mon Jan 20, 2014 6:28 pm
Location: Canadumb

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Mon Aug 17, 2020 1:59 pm

It's funny, I stopped taking my cellphone out ever since I realized I'd have to wipe it down with alcohol every time I came home.
Image

User avatar
mharr
Posts: 1035
Joined: Tue Sep 27, 2016 11:54 am
Location: UK

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby mharr » Thu Aug 27, 2020 5:54 am

On browsers: I just picked up a hand-me-down android phone and made a discovery among the third party browser options.

Remember Opera, and how it completely shit the bed after going corporate? Turns out some of the original devs span up an employee owned company around that time and are making https://vivaldi.com - I'm not a security expert but nothing about this one is setting off my bullshit filters.

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Fri Aug 28, 2020 1:05 pm

Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri Aug 28, 2020 2:22 pm

When asked why Mozilla had stripped back the number of extensions, a company spokesperson replied: “Extensions can add powerful customization features to Firefox. However, we have noticed that the number of add-ons available for Firefox today can be overwhelming for some users. And even though our policy provides clear guidelines for the behavior of add-ons, they sometimes find it difficult to decide which tools and developers they consider most trustworthy. That's why we established the ‘recommended extensions’ program: a collection of curated extensions that meet our highest standards for security, functionality and usability, which we are now bringing to another platform with the new Firefox for Android.”


Thad wrote:
Firefox is also getting a stronger focus on user growth “through differentiated user experiences.”


You know, you might have thought of that before you spent the past decade trying to make Firefox look and feel exactly like Chrome.


It could be the usual echo-chamber stuff where people mistakenly assume that they're representative of a given product's userbase even though they're actually not, but...it kinda seems to me like the remaining Firefox userbase has a very large proportion of power users, and maybe Mozilla should start listening to them and stop taking away the customization options that are one of the major reasons they/we still use Firefox.

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Fri Aug 28, 2020 2:31 pm

Debatable on desktop, but on mobile I can't think of a single reason why you'd be opting to use Firefox other than you prefer its extension library. It sure as hell isn't for the performance or stability.

Of course, we can't assume that murdering Firefox isn't the goal, here.
Image

User avatar
Blossom
Posts: 2173
Joined: Mon Jan 20, 2014 8:58 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Blossom » Fri Aug 28, 2020 3:59 pm

Functional adblock and privacy, not feeding everything you do to Google. Which, of course, goes with this.
Image

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Fri Aug 28, 2020 4:04 pm

You're already on iOS/Android so privacy is a lie. But yes, there (was) some extra protection.
Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri Aug 28, 2020 4:49 pm

Brentai wrote:Debatable on desktop, but on mobile I can't think of a single reason why you'd be opting to use Firefox other than you prefer its extension library.


Blossom wrote:Functional adblock


Not without extensions.

and privacy


Firefox has better out-of-box privacy features than most browsers, but extensions help here too. If you're not using HTTPS Everywhere and Privacy Badger, you should be.

not feeding everything you do to Google.


Chromium isn't Chrome, though; there are a number of browsers available for Android that don't send any more data back to Google than Firefox does. (Firefox does default to using Google as its search engine, including for autocomplete on things you type into the location bar, but that can be changed or disabled. The same is true of most Chromium-derived browsers.)

And like Brent said, if you're using Android, the Google tracking is built into the OS at a lower level than the browser. I remember you were a Cyanogenmod user back in the day so maybe you're still using an AOSP-derived ROM without GSM, but that's orthogonal to your browser choice.

I can understand being averse to Chromium-based browsers on general principle (I am; monoculture is bad and we're already looking at a redux of the bad old days when website designers targeted a single popular browser instead of complying with standards), but on the whole the main reason Firefox for Android is a better tool for avoiding Google's tracking than Chromium-based browsers is because of its extension library.

User avatar
Brentai
Woah Dangsaurus
Posts: 3061
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Fri Aug 28, 2020 5:13 pm

was
Image

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri Aug 28, 2020 5:18 pm

Hey, F-Droid hasn't prompted me to update Fennec yet.

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri Aug 28, 2020 5:24 pm

Adding: I checked the list of recommended extensions (it's up to 54 now, so more than the initial 9 but still a fraction of what was previously available) and it's got uBlock Origin, Privacy Badger, HTTPS Everywhere, and NoScript. I still think this is a boneheaded move on Mozilla's part, but I also think you can make a pretty credible case that the remaining extensions are enough to provide a pretty thorough protection against tracking at the browser level (bearing in mind that that's not the same thing as protection against tracking at the OS level).

User avatar
Thad
Posts: 8467
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Mon Sep 14, 2020 11:59 pm

Recently-patched Windows exploit allows unprivileged network users to gain domain controller passwords.

If this is relevant to you then you're probably reading this at work while waiting for an after-hours security update to finish.

Who is online

Users browsing this forum: No registered users and 1 guest