The browser wars are back, but it’s different this time

Discussion in 'other software & services' started by ronjor, Jan 16, 2020.

  1. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,056
    Location:
    Member state of European Union
    Statistics are quite difficult to interpret correctly and you can't measure certain things using statistics. You can't use statistics to measure how many infections were prevented by deterrence of wannabe exploit writers by proactive approach of browser vendor used during continuous improvement of web browser's sandbox.
     
  2. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,944
    @Mrkvonic Practically you're right, as the probability that difference makes a difference for average home user is negligible. Yet at the same time the probability is not 0. This was a recent example that the damage could be prevented if Fx had the same level of sandbox as Chromium (ignore RCE part; strict site isolation which prevents UXSS was not enabled by default at the time, but you could enable it via flags). UXSS is much worse than XSS, and complete cure requires site isolation tho addons like uMatrix/Noscript and my recommended practice of separating profiles can mitigate it. In this case attacker appeared to target Coinbase employees indiscriminately, that makes sense as usually those large organization are recognizable by IP. You never know if your org will be targeted tomorrow, and statistical quantity is irrelevant to us individual security-conscious users.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    I think it depends on the implementation. The old Edge (not based on Chromium) and the new Firefox have had more serious holes that allowed the browser sandbox to be bypassed, when compared to Chrome. But it's a matter of time until Firefox becomes just as secure.
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,586
    Google warns against installing Chrome extensions on Microsoft’s new Edge browser
    February 21, 2020
    https://9to5google.com/2020/02/21/google-chrome-microsoft-edge-extensions-warning/
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,953
    Location:
    Here
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,953
    Location:
    Here
    If you're serious about browser privacy, you should probably pass on Edge or Yandex, claims Dublin professor
    https://www.theregister.co.uk/2020/..._browser_privacy_shame_says_dublin_professor/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,586
    Microsoft says Edge Protects its users from malicious Extensions after Chrome Web Store warning
    February 27, 2020
    https://techdows.com/2020/02/micros...xtensions-after-chrome-web-store-warning.html
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
  9. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    45,600
    Location:
    U.S.A.
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    45,600
    Location:
    U.S.A.
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,808
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,462
    Location:
    USA
    I don't know that "privacy doesn't matter" is entirely accurate. To what degree it matters is the problem. It's more of a lost cause situation. It would take something like Fight Club or WWIII to even begin to address the issue. Opinions and lesser of evil choices won't fix this.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,736
    Month to month is less important, especially by just one data collector. You need to look at semi-annual trends at least, and correlate 2-3 sources.
    Mrk
     
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,056
    Location:
    Member state of European Union
    It doesn't matter for most Internet users. They may state otherwise in questionnaires but choices and action tell different story.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,462
    Location:
    USA
    "It doesn't matter" vs. "not much you can do about it" are not the same thing. You can refuse to use the internet or carry a smartphone but in today's world it will make it difficult for you to function as part of society. Compliance is not necessarily consent.
     
  16. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,056
    Location:
    Member state of European Union
    "not much you can do about it" vs "I can't do nothing" are not the same thing. Many people use false dichotomy of two choices:
    1) extreme privacy and not using e-commerce and rest of Internet services at all
    2) zero privacy, using big-tech services without E2E for everything, sharing everything about everybody

    Small steps are important and people can make them, but most people don't make them. Most people make excuses and use false dichotomy to back them up, but in reality they are just lazy and don't care.
     
  17. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    744
    First 1.9.0 BETA version of CyberDragon OS/Browser VM ready now. Use VirtualBox or QEMU-KVM (please see the instructions from the Manual included in the file)

    https://www.orwell1984.today/cname/CyberDragon-1.9.0.tar.xz
     
  18. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    744
    The tracker blocker can be very aggressive sometimes. Particularly the XHR blocker.
    But most of the time the stuff it blocks is either harmless (that is not actually needed) or suspicious like
    the geolocation.forbes.com/json ...


    There is a whitelisting built-in but currently the list is very short (press Ctrl + O, select show all files and open /etc/cyberdragon/whitelist.txt).


    So if you have found something from the log that should really not be blocked then mail me in the address in that manual.

    Another thing I forgot to mention....if the font is too small (because agressive blocking) you can increase it by pressing Ctrl ++ (Left Ctr ++ in VirtualBox).
    Or send me URL of the blocked stuff and I investigate if it need to be added to whitelist.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.