Oh god...

All Chrome extensions can execute remote code in their own context:

Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.

@da we install a webextension already for adblocking. Webrequest api is already working properly.

A colleague of mine is working to flesh out some of the other extension APIs that are still missing. Once that patch lands maybe I'll write up the current state of extension support.

@da interesting. I didn't have an problems on my device with 3gig. Did you try Firefox preview and get similar issues? Would be good to narrow down if it's a dat or Geckoview issue.

I added apk download links to the Cliqz Concept Browser readme. Get yourself an android browser that can load dat:// URLs.

@da You can either go through the standard support page (cliqz.com/en/support), or you can email it directly to me (sam[at]cliqz.com) and I'll forward to the right person.

@da Yes, there is a general privacy issue with extension capabilities, and that is not solved by these changes. The webRequest will still be available for observation.

The Chrome team claim that the Manifest V3 changes to webRequest fix privacy issues. The article I linked shows why this is not the case.

Chrome are planning to neuter the WebRequest API in their upcoming Manifest V3 changes. They claim this is for privacy and security reasons.

I had a look at the privacy case for these changes, and found that the changes actually do nothing for user privacy, and by breaking several privacy extensions, they will actually worsen the situation:

Google is doing their best to get even more people to ditch Chrome and switch to better and faster browsers such as Firefox and Brave 9to5google.com/2019/05/29/chro

ahhh #dtn was so good. very much my people <3

i held a 15 minute talk on cabal that i think was recorded, and should be up some time the next month or so

The pressure against #AdTech is mounting.

Today, #GDPR complaints were filed in 4 more countries against Real Time Bidding (RTB) in online advertising
🇪🇸 @gemmagaldon @EticasFdn
🇳🇱 @bitsoffreedom, David Korteweg
🇧🇪 @Jausl00s @PiDewitte
🇱🇺 Jose Bello


On my way to Berlin for @DTNConf! Exited!

Finding the dat network very flaky at the moment. I have two Dats seeded on hashbase and on a VPC in a data centre, yet I can't load them locally in beaker, and dat-webext tests intermittently fail as they cannot load the test Dats.

I know p2p networking is hard, but this should be an easy case, as the seeds have fixed IPs and open ports...

Looks to be working now, and I'll try a push out a release to Cliqz beta channel tomorrow.

I also managed to get a crazy CI setup running to test dat swarming and the DatArchive API in a headless firefox browser, which should help to keep track of regressions in future!

@catte Thanks, it's a start, but I think this is a more general issue with both systems:

In a federated system how long do you keep hold of data from other nodes? It seems Mastodon and Matrix both keep this forever, which doesn't make that much sense as content older than a few days is stale on both networks. Some kind of pruning policy would be useful IMO.

Matrix and mastodon databases are starting to take up significant disk space on my server. Any tricks to discard stale data in the databases?

rant about firefox 

Working on updating dat-webext to use the latest libdweb changes. This should get networking working again on Firefox 67+

Show more

macbeth.cc is one server in the network