Typescript annotations for hypercore and hyperdrive: https://github.com/sammacbeth/types
New post: Running webextensions on Android with Geckoview
Firefox 69.0 available:
– Enhanced Tracking Protection will be turned on by default; default standard setting for this feature now blocks third-party tracking cookies and cryptominers
– support for the Web Authentication HmacSecret extension via Windows Hello
– various security fixes
@da That sounds like what coil (https://coil.com/) are doing. They also proposed a web monetisation API (https://github.com/interledger/rfcs/blob/master/0028-web-monetization/0028-web-monetization.md).
Didn't hear much about Flattr since the Eyeo acquisition, wonder how they're doing with the increased competition...
"You’ve to enable third-party cookies in your browser for Scroll to do its thing." https://www.ctrl.blog/entry/scroll.com-first-impressions.html from @da
Interestingly, Scroll contacted us at Ghostery during their beta phase as our cookie blocking was preventing the subscription detection. I suggested a few ways they could implement the service without having to track all non-scroll users too, including a per-site login button, but unfortunately they didn't take up the offer...
First, [Google]’s continuing to argue that third-party cookies are actually fine, and companies like Apple and Mozilla who would restrict trackers’ access to user data will end up harming user privacy. This argument is absurd. But unfortunately, as long as Chrome remains the most popular browser in the world, Google will be able to single-handedly dictate whether cookies remain a viable option for tracking most users.
A very nice writeup and retrospective from Feross about his open source project maintainer funding experiment. (The one with ads the in cli that caused a big stink.) For anyone involved in building, maintaining, or using open source projects it's worth a read.
I reimplemented the libdweb TCPSocket API moving the actual networking to the parent process.
This should fix the issues with Linux and Mac process sandboxes blocking socket creation. Now to do UDPSocket too!
WIP branch: https://github.com/sammacbeth/libdweb/tree/tcp-parent
Sandbox issue: https://github.com/cliqz-oss/dat-webext/issues/11
Seems some of the issues dat-webext has with connecting to peers may be due to a lack of UTP. It is apparently the source of hole-punching magic in discovery-swarm and the new hyperswarm: https://github.com/hyperswarm/network/issues/16#issuecomment-522869321
All Chrome extensions can execute remote code in their own context:
Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.
@da we install a webextension already for adblocking. Webrequest api is already working properly.
A colleague of mine is working to flesh out some of the other extension APIs that are still missing. Once that patch lands maybe I'll write up the current state of extension support.
@da interesting. I didn't have an problems on my device with 3gig. Did you try Firefox preview and get similar issues? Would be good to narrow down if it's a dat or Geckoview issue.
I added apk download links to the Cliqz Concept Browser readme. Get yourself an android browser that can load dat:// URLs.
@da Yes, there is a general privacy issue with extension capabilities, and that is not solved by these changes. The webRequest will still be available for observation.
The Chrome team claim that the Manifest V3 changes to webRequest fix privacy issues. The article I linked shows why this is not the case.