Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
typosaurus1215570dYh, take smth as grammarly. Every keyPress pushed to them.
Don't know how to recognize tho -
dIREsTRAITS42870d@retoor holly cow, what? I myself have that extension installed, so anything i have typed was already pushed to them? How would you know
On the permissions section of their extension they have the following :
Read your browser history
Display notifications
Not sure if something is pushed is within the permissions they claim -
typosaurus1215570d@dIREsTRAITS I'm not sure if you're serious or not :p How did you think it worked? It doesn't work offline. It sends all your stuff to validate
-
Tounai135870dThat’s simple : only have uBlock Origin and SponsorBlock installed. The rest is not necessary.
-
feuerherz365570d@dIREsTRAITS why dont you just install sth like wireshark and monitor all network requests if ur so worried
-
dIREsTRAITS42870d@feuerherz I'm not worried, it's a subject no one cares about, I myself I have a few extensions like KeepassXC, Trust Wallet, Google Translator, uBlock, the majority will trust anything and will install random extensions without looking at the permissions... That's the issue.
-
jestdotty560070drooted android ROMs had a good feature
so in android they added that an app has to explicitly define the permissions it uses. this is dumb, it's just a compile-time annoyance and does nothing for the user
in rooted android ROMs if an app tries to use a feature that requires permission it gets blocked and you get a pop-up where you can allow once or allow this app to do that thing. this is great. this way developer doesn't have to mess with stupid permission configurations and the user isn't surprised an app was doing something it shouldn't
this is how I ended up uninstalling Instagram. as soon as Facebook bought it you couldn't open the app without giving it GPS coordinates. if you rejected it using GPS the app would shut down. you couldn't even launch it. so I deleted everything on the website and left -
lorentz1518369dThe ones I use are extremely popular and open source. Dark Reader, UBO, a password manager extension, Foxyproxy, Sideberry, Tampermonkey.
-
lorentz1518369dI refuse to obsess over security. I think about it regularly, but I believe that in order to enjoy life it's very important to be able to conclude that you've done enough even against risks where the potential damage is vast.
-
feuerherz365569d@jestdotty hmm i dont think that matters much. When an app has 913 ad Partners, it should be obvious to not have it installed. Most of the apps bundle the same trackers all the time. Aurora store let's you view them. And for the apps that i dont trust, that should be offline only, i block them in the firewall from accessing the internet entirely. Also the new Android versions show you a timeline of which permission was used by what app.
-
daniel-wu67969dThat's why you shouldn't use too many extension. The only extension I have on Firefox is only Ublock Origin. Raymond Hill seemed to be a good guy. He's active on reddit, and he constantly battle youtube's anti adblock intervention. A lonesome battle. Even if he turns evil someday, with how popular it is, I think someone will have figured out that the extension has turned evil, before it get a chance to steal my data. And I used firefox's password manager to generate and save my passwords, I have never typed in textbox manually. I have read that it can't read by extension this way.
-
CoreFusionX350968d@jestdotty
Android manifests are just a way to provide info for frontends, and to filter target devices based on capabilities.
Android it's not *just* cellphones. -
CoreFusionX350968d@jestdotty
Duh, just said. It's not useless. It lets Android based OS have a way to prevent installation of shit that uses stuff you don't provide.
Android is hardly the first platform to have manifests.
Previous to shared libraries, binaries had to static link, which was a form of de facto manifest.
UWP has manifests. Pretty much all TV OSs have manifests.
JS has manifests (angular and the like DI frameworks are essentially manifests in disguise)
God, even crapple has manifests in Xcode.
That you don't see the purpose only enlightens your ignorance on the matter. -
CoreFusionX350968d@jestdotty
The manifest is used for way more things than permissions, which is what I originally said, and tried to tell you, but knowing how it's gonna be, yeah, you're right, I'm a moron. -
CoreFusionX350968d@dIREsTRAITS
A XML file all Android apps must have where you declare, among other things, what are your app's components, entry points, permissions and features it uses, and such.
Since APK are just zips, it's trivial to parse this information, and it's what play store uses to check if your device is compatible.
It's used by many other Android devtools, but won't get into that.
Related Rants
There is something serious about web browser extensions and the risk your data might be compromised just because of a simple stupid extension. You might harden the security of your machine and forgot about what you have installed as extensions, alot of people do not realize the risk because they simply install and give permissions as is.
The question is how to spot a malicious extension?
question
browser
extensions