Has anyone tried and tested this Mining Blocker addon for Firefox? It visually shows if the website is using a mining scheme and blocks it:
waste of resources if you already have an ad-/script blocker. dupery. Code: https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt
Well, then I'm not cool with it. I never had any security problems with single process browsers. But PC makers will definitely need to make 16GB of RAM the standard, with these crappy resource slurping browsers, 8GB isn't enough. And I'm not willing to pay more for it!
You haven't security problems with single process browsers, because Spectre-like bug discoveries are relatively new and exploits using them are not widespread yet. Send your disappointment letter to Intel.
My Lenovo E580, i5 7200u laptop has only 4GB RAM and Chrome runs like a top. No Problems whatsoever. Perhaps it has something to do with keeping things simple No need to pile on security programs. Sorry, I can't comment on Firefox, as I don't use it.
That's because you probably don't open a lot of tabs at the same time, and you also don't run many apps at the same time. So wasn't Chrome affected too? And I believe Spectre was over-hyped, it's not that easy to exploit.
4gig is minimal requirement for any current system with some software on it. and (current) browsers in general need more memory as before. i raised on my older system from 2>4gig because (but not only) quantum. running chromium same time makes both browser laggy when only 2gig. modern gaming -> 8gig or more, graphics editing -> 16gig or more. buying memory here (2gig older ram) is twice expensive as modern ddr3/4 - was same corsair twin modules with heat spreader. any other would lead to uncountable bsod. when firefox gets a memory hog in most cases its system failure, either security software, plugins, less extensions or a broken profile. mozilla is working on lower memory usage, maybe coming up with v63, v64 to be expected. (working with google together, so chrome is also affect from this dev) at least it needs 100 tabs or more to make firefox get laggy on switching tabs, in special when video sites are loaded.
Yes, Chrome was affected too, but Chrome has a lot better architecture of browser to mitigate that. Firefox Quantum was designed with assumption that small number of processes and large number of threads inside them is not going to decrease security. This assumption was justificated in 2017. It is not valid assumption in 2018, because of Spectre. Spectre is not easy to exploit, but there are going to be exploits for Spectre in Javascript provided that browser vendors don't mitigate them in time. These exploits are also hard to detect and easy to deliver to victim.
I do plan on upgrading to 8GB down the road sometime. I got a good deal on the laptop and it fell in the price range I was seeking, plus it has nice business features such as TPM 2.0 and Win 10 Pro O/S. true, I usually have no more than 5-6 tabs open at a time. I do have flags such as strict site isolation, pdf isolation, appcontainer and gpu appcontainer lockdown enabled. you'r right, spectre is way over hyped. It's difficult to exploit in the browser as a user would typically need to spend at least 15-20 minutes on an exploited site. There has been, however, and will continue to be, exploits surfacing that that are based on variations of Spectre. Chrome addressed the issue in a very timely manner with its strict site isolation feature, found in flags.
Mozilla's new DNS resolution is dangerous All your DNS traffic will be sent to Cloudflare August 04, 2018 https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/
Why is using Cloudflare any different than for instance trusting a VPN provider, or for that matter your ISP who is already able to view all of your traffic?
https://yro.slashdot.org/story/18/0...-over-mozillas-new-dns-resolution-for-firefox I use Cloudflare DNS. Works great.
Leave the iconology as it is. The 'new' ones stink. Not everything requires changejust because you can. If it ain't broke, don't fix it.
I don't think that it's much different. It just means that you share your data with one more company.
But if you use encrypted DNS then ISP doesn't have that information. Nowadays one IP often serve a few webpages. The only thing ISP can do is to use deep packet inspection to extract data from Server Name Indication field in TLS connection, but this is going to change in future, because this field will be encrypted as well.
It doesn't need that information. It will know anyway which site you visit and how long you stay there. After DNS resolution you are connecting to sites through your ISP. And how is this relevant? In such a case, whether your DNS is encrypted or not, your ISP will connect you firstly to the server the IP was translated for.
One IP can server different webpages. In that case you need domain to determine which website has been visited. IP is not enough. Without domain ISP can't identify you interests, preferences - you privacy is defended. I mean ISP can log IP, date, time and request infrastructure provider to tell which website was visited, but ISP need search warrant for that. These websites can be owned by different persons or companies. It just happens these website owners use the same infrastructure provider or reverse-proxy (i.e. Cloudflare). I know that many websites still have their own IP address and in this case these positive side-effects will be not available.
Yep, shared hosting is still a thing. On the cheap end multiple companies can be using the same server and IP for different sites. We have a dedicated server, but we are using the same IP for different sites and different companies for the same boss. So agreed, an IP address alone in that situation means little.
Usually by default DHCP delivers address of ISP's unencrypted DNS server, that can be logging DNS queries. If somebody uses DoH or DNS-over-TLS everything will be encrypted, so ISP can't log what website customer is visiting. ISP at the moment can use deep packet inspection to extract domain from SNI field in TLS traffic, but it is going to be changed in future (SNI will be encrypted).
If a page is not delivered through https, ISP can just MiTM all content and from it they could figure out which websites you were visiting. Sites are moving to https but there is still a lot of traffic delivered unencrypted.