All Chrome extensions can execute remote code in their own context:
Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.
@da we install a webextension already for adblocking. Webrequest api is already working properly.
A colleague of mine is working to flesh out some of the other extension APIs that are still missing. Once that patch lands maybe I'll write up the current state of extension support.
@da interesting. I didn't have an problems on my device with 3gig. Did you try Firefox preview and get similar issues? Would be good to narrow down if it's a dat or Geckoview issue.
I added apk download links to the Cliqz Concept Browser readme. Get yourself an android browser that can load dat:// URLs.
@da Yes, there is a general privacy issue with extension capabilities, and that is not solved by these changes. The webRequest will still be available for observation.
The Chrome team claim that the Manifest V3 changes to webRequest fix privacy issues. The article I linked shows why this is not the case.
Chrome are planning to neuter the WebRequest API in their upcoming Manifest V3 changes. They claim this is for privacy and security reasons.
I had a look at the privacy case for these changes, and found that the changes actually do nothing for user privacy, and by breaking several privacy extensions, they will actually worsen the situation:
New post on how to automate Dat publishing with CI/CD systems: https://sammacbeth.eu/blog/2019/05/26/automated-dat-publishing.html
Google is doing their best to get even more people to ditch Chrome and switch to better and faster browsers such as Firefox and Brave https://9to5google.com/2019/05/29/chrome-ad-blocking-enterprise-manifest-v3/
ahhh #dtn was so good. very much my people <3
i held a 15 minute talk on cabal that i think was recorded, and should be up some time the next month or so
The pressure against #AdTech is mounting.
Today, #GDPR complaints were filed in 4 more countries against Real Time Bidding (RTB) in online advertising
🇪🇸 @gemmagaldon @EticasFdn
🇳🇱 @bitsoffreedom, David Korteweg
🇧🇪 @Jausl00s @PiDewitte
🇱🇺 Jose Bello
Part 2 of my Dat on Firefox series: https://sammacbeth.eu/blog/2019/05/12/dat-for-firefox-2.html
(also available on dat: dat://sammacbeth.eu/blog/2019/05/12/dat-for-firefox-2.html )
Finding the dat network very flaky at the moment. I have two Dats seeded on hashbase and on a VPC in a data centre, yet I can't load them locally in beaker, and dat-webext tests intermittently fail as they cannot load the test Dats.
I know p2p networking is hard, but this should be an easy case, as the seeds have fixed IPs and open ports...
@catte Thanks, it's a start, but I think this is a more general issue with both systems:
In a federated system how long do you keep hold of data from other nodes? It seems Mastodon and Matrix both keep this forever, which doesn't make that much sense as content older than a few days is stale on both networks. Some kind of pruning policy would be useful IMO.
rant about firefox
Folks, the thing that happened with Firefox was an accident. It was not part of some sinister plot. If you think it is, it's because you have no idea how complicated providing a browser and all its security features are.
Climb back from that ledge. Next you're going to talk about chemtrails and flat Earth.