All Chrome extensions can execute remote code in their own context:
Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.
I added apk download links to the Cliqz Concept Browser readme. Get yourself an android browser that can load dat:// URLs.
Chrome are planning to neuter the WebRequest API in their upcoming Manifest V3 changes. They claim this is for privacy and security reasons.
I had a look at the privacy case for these changes, and found that the changes actually do nothing for user privacy, and by breaking several privacy extensions, they will actually worsen the situation:
New post on how to automate Dat publishing with CI/CD systems: https://sammacbeth.eu/blog/2019/05/26/automated-dat-publishing.html
ahhh #dtn was so good. very much my people <3
i held a 15 minute talk on cabal that i think was recorded, and should be up some time the next month or so
The pressure against #AdTech is mounting.
Today, #GDPR complaints were filed in 4 more countries against Real Time Bidding (RTB) in online advertising
🇪🇸 @gemmagaldon @EticasFdn
🇳🇱 @bitsoffreedom, David Korteweg
🇧🇪 @Jausl00s @PiDewitte
🇱🇺 Jose Bello
Part 2 of my Dat on Firefox series: https://sammacbeth.eu/blog/2019/05/12/dat-for-firefox-2.html
(also available on dat: dat://sammacbeth.eu/blog/2019/05/12/dat-for-firefox-2.html )
Finding the dat network very flaky at the moment. I have two Dats seeded on hashbase and on a VPC in a data centre, yet I can't load them locally in beaker, and dat-webext tests intermittently fail as they cannot load the test Dats.
I know p2p networking is hard, but this should be an easy case, as the seeds have fixed IPs and open ports...
rant about firefox
Folks, the thing that happened with Firefox was an accident. It was not part of some sinister plot. If you think it is, it's because you have no idea how complicated providing a browser and all its security features are.
Climb back from that ledge. Next you're going to talk about chemtrails and flat Earth.
While Firefox addons are broken, why not try Cliqz, which still has working antitracking and adblocking: https://cliqz.com/en/download
Fun find today: we were getting errors from our code only in Firefox dev edition and up, and also only when the devtools were opened. So obviously I had to make a page that detects when the devtools are opened or closed!
(open in FF dev edition or nightly)
Bugzilla ticket is open: https://bugzilla.mozilla.org/show_bug.cgi?id=1545400#c2
Nice writeup by @darius about Dat, SSB, and ActivityPub and how they can learn from each other: https://blog.datproject.org/2019/03/22/three-protocols-and-a-future-of-the-decentralized-internet/
Indeed, my post-standardization of ActivityPub work (on Spritely) has largely been about exploring similar thoughts! See also the @librelounge episode with @joeyh where we talk about Secure Scuttlebutt (esp in relation to ActivityPub) https://librelounge.org/episodes/episode-14-secure-scuttlebutt-with-joey-hess.html
And yes, Firefox is still fighting a huge uphill battle against Chrome interop, and I have no idea how they're even able to keep their heads above water. They need all the help they can get, because they're battling stupid bugs like this every single day.
WebKit (Safari) is no less amazing for the comeback they've pulled off in the past few years, although they have fewer interop pressures. Web devs make sure their sites work in Safari, because the CEO has an iPhone.
Had a very interesting chat today with Sebastian from Mozilla who's working on their android components project: https://github.com/mozilla-mobile/android-components
If you want to make a browser for android, this is the place to look. Well written, well-tested, modular and composeable components covering all of the different parts of the browser. This will make making browsers and browser-like apps much easier!