Forwarded from BlackBox (Security) Archiv
Google Just Gave Millions Of Users A Reason To Quit Chrome, Windows 10
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
💡Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
👉🏼 Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
💡Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
👉🏼 Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Ubuntu has full access to your Google Account
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
👉🏼 Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
👉🏼 Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Exclusive: Massive spying on users of Google's Chrome shows new security weakness
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
https://www.reuters.com/article/us-alphabet-google-chrome-exclusive/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO
#spyware #google #chrome
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
https://www.reuters.com/article/us-alphabet-google-chrome-exclusive/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO
#spyware #google #chrome
Reuters
Exclusive: Massive spying on users of Google's Chrome shows new security weakness
SAN FRANCISCO (Reuters) - A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect…
Netmarketshare: Chrome now officially has more than 70% of the desktop browser market.
Netmarketshare has released its market share report for June 2020.
In this month’s report, Windows 10’s share is 58.93%, up from last month’s 57.83%. Windows 7 share continues to decline from 24.28% to 23.35%. Windows overall maintained its share at 86.69%.
macOS share dropped from 9.68% share to 9.22%, while Linux share continued its mysterious increase from 3.17% to 3.61%. ChromeOS only has 0.41% share.
https://mspoweruser.com/netmarketshare-chrome-now-officially-has-more-than-70-of-the-desktop-browser-market/
#google #chrome
Netmarketshare has released its market share report for June 2020.
In this month’s report, Windows 10’s share is 58.93%, up from last month’s 57.83%. Windows 7 share continues to decline from 24.28% to 23.35%. Windows overall maintained its share at 86.69%.
macOS share dropped from 9.68% share to 9.22%, while Linux share continued its mysterious increase from 3.17% to 3.61%. ChromeOS only has 0.41% share.
https://mspoweruser.com/netmarketshare-chrome-now-officially-has-more-than-70-of-the-desktop-browser-market/
#google #chrome
Google Chrome is working on biometric authentication for payment autofill
No more digging through your wallet to find that CVC number for authentication
A few months ago, we spotted Chrome working on Windows Hello integration for payment autofill authentication, sparing you from digging out your physical card to enter your CVC over and over. We've now found out that Windows isn't the only place where Google wants to make access to payment cards easier and more tightly integrated. The company is also working on system-wide authentication for Android (and possibly Chrome OS, Linux, and macOS). Sadly, the feature isn't fully live on any iteration of Chrome for Android yet.
https://www.androidpolice.com/2020/07/06/google-chrome-is-working-on-biometric-authentication-for-payment-autofill/
#google #chrome.#biometric #privacy
No more digging through your wallet to find that CVC number for authentication
A few months ago, we spotted Chrome working on Windows Hello integration for payment autofill authentication, sparing you from digging out your physical card to enter your CVC over and over. We've now found out that Windows isn't the only place where Google wants to make access to payment cards easier and more tightly integrated. The company is also working on system-wide authentication for Android (and possibly Chrome OS, Linux, and macOS). Sadly, the feature isn't fully live on any iteration of Chrome for Android yet.
https://www.androidpolice.com/2020/07/06/google-chrome-is-working-on-biometric-authentication-for-payment-autofill/
#google #chrome.#biometric #privacy
Android Police
Google Chrome is working on biometric authentication for payment autofill
No more digging through your wallet to find that CVC number for authentication
Cluster of 295 Chrome extensions caught hijacking Google and Bing search results
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
Chrome for Android may soon send notifications reminding you to use Chrome
For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google’s Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications.
Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called “browser wars,” between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively.
https://9to5google.com/2020/08/04/chrome-android-notifications-reminding-use-chrome/
#google #chrome
For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google’s Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications.
Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called “browser wars,” between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively.
https://9to5google.com/2020/08/04/chrome-android-notifications-reminding-use-chrome/
#google #chrome
Forwarded from BlackBox (Security) Archiv
A Chrome Reverse Proxy Extension has been put up for sale by the threat actor MrMillionaire.
According to the actor the extension turns victim Chrome browsers into fully-functional HTTP/HTTPS proxies, allowing the actors to browse sites as their victims.
👀 👉🏼 https://twitter.com/shad0wintel/status/1306080368114589698
#chrome #reverse #proxy #extension #MrMillionaire
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
According to the actor the extension turns victim Chrome browsers into fully-functional HTTP/HTTPS proxies, allowing the actors to browse sites as their victims.
👀 👉🏼 https://twitter.com/shad0wintel/status/1306080368114589698
#chrome #reverse #proxy #extension #MrMillionaire
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Choose your browser carefully
Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one's web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.
Information 2020-10-20: This article was originally called "Mozilla is becoming evil - be careful with Firefox" and it was mainly about Firefox, but since this issue is so important and is also very relevant to other browsers, such as Google Chrome, Google Chromium (the Open Source version of Chrome) and Brave, I have changed the name of the article and rewritten the article with relevant information about other browsers as well.
💡 Table of contents: 💡
Mozilla Firefox
Google Chrome and Chromium
Brave
Palemoon
Waterfox
Real privacy respecting browsers
Conclusions
Appendix
Controlling Firefox
Blocking DoH via a firewall
👀 👉🏼 https://unixsheikh.com/articles/choose-your-browser-carefully.html
#firefox #chrome #palemoon #waterfox #browser #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one's web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.
Information 2020-10-20: This article was originally called "Mozilla is becoming evil - be careful with Firefox" and it was mainly about Firefox, but since this issue is so important and is also very relevant to other browsers, such as Google Chrome, Google Chromium (the Open Source version of Chrome) and Brave, I have changed the name of the article and rewritten the article with relevant information about other browsers as well.
💡 Table of contents: 💡
Mozilla Firefox
Google Chrome and Chromium
Brave
Palemoon
Waterfox
Real privacy respecting browsers
Conclusions
Appendix
Controlling Firefox
Blocking DoH via a firewall
👀 👉🏼 https://unixsheikh.com/articles/choose-your-browser-carefully.html
#firefox #chrome #palemoon #waterfox #browser #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Google exempts its own websites from Chrome's automatic data-scrubbing feature, allowing the ads giant to potentially track you even when you've told it not to.
https://www.theregister.com/AMP/2020/10/19/google_cookie_wipe/
#google #chrome #nogoogle #youtube
https://www.theregister.com/AMP/2020/10/19/google_cookie_wipe/
#google #chrome #nogoogle #youtube
The Register
When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube
Is this another case of one rule for the Chocolate Factory and one for everyone else?
Forwarded from BlackBox (Security) Archiv
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
ZDNET
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
Forwarded from BlackBox (Security) Archiv
Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.
In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.
Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.
Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.
Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")
Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.
The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.
https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/
#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.
In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.
Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.
Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.
Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")
Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.
The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.
https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/
#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Register
Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
Forwarded from BlackBox (Security) Archiv
What’s in your browser (backup)?
It’s not every day that I wake up thinking about how people back up their web browsers. Mostly this is because I don’t feel the need to back up any aspect of my browsing. Some people lovingly maintain huge libraries of bookmarks and use fancy online services to organize them. I pay for one of those because I aspire to be that kind of person, but I’ve never been organized enough to use it.
In fact, the only thing I want from my browser is for my history to please go away, preferably as quickly as possible. My browser is a part of my brain, and backing my thoughts up to a cloud provider is the most invasive thing I can imagine. Plus, I’m constantly imagining how I’ll explain specific searches to the FBI.
All of these thoughts are apropos a Twitter thread I saw last night from a Chrome developer, which purports to explain why “browser sync” features (across several platforms) don’t provide end-to-end encryption by default.
https://blog.cryptographyengineering.com/2021/03/25/whats-in-your-browser-backup/
#chrome #browser #backup #sync #encryption #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
It’s not every day that I wake up thinking about how people back up their web browsers. Mostly this is because I don’t feel the need to back up any aspect of my browsing. Some people lovingly maintain huge libraries of bookmarks and use fancy online services to organize them. I pay for one of those because I aspire to be that kind of person, but I’ve never been organized enough to use it.
In fact, the only thing I want from my browser is for my history to please go away, preferably as quickly as possible. My browser is a part of my brain, and backing my thoughts up to a cloud provider is the most invasive thing I can imagine. Plus, I’m constantly imagining how I’ll explain specific searches to the FBI.
All of these thoughts are apropos a Twitter thread I saw last night from a Chrome developer, which purports to explain why “browser sync” features (across several platforms) don’t provide end-to-end encryption by default.
https://blog.cryptographyengineering.com/2021/03/25/whats-in-your-browser-backup/
#chrome #browser #backup #sync #encryption #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A Few Thoughts on Cryptographic Engineering
Why the FBI can’t get your browsing history from Apple iCloud (and other scary stories)
It’s not every day that I wake up thinking about how people back up their web browsers. Mostly this is because I don’t feel the need to back up any aspect of my browsing. Some people lo…
Forwarded from BlackBox (Security) Archiv
Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome
Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.
💡 FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.
You can use the DuckDuckGo Chrome extension (pending Chrome Web Store's approval of our update) to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.
DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.
https://spreadprivacy.com/block-floc-with-duckduckgo/
https://www.theverge.com/2021/4/9/22376110/duckduckgo-privacy-floc-block-chrome-extension-advertising-tech
#ddg #DuckDuckGo #google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv
Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.
💡 FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.
You can use the DuckDuckGo Chrome extension (pending Chrome Web Store's approval of our update) to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.
DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.
https://spreadprivacy.com/block-floc-with-duckduckgo/
https://www.theverge.com/2021/4/9/22376110/duckduckgo-privacy-floc-block-chrome-extension-advertising-tech
#ddg #DuckDuckGo #google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv
Spread Privacy
Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome
Google has created a new tracking mechanism called FLoC, put it in Chrome, and automatically turned it on for millions of users. It's bad for privacy, which is why we're now blocking it in the DuckDuckGo extension.
Forwarded from BlackBox (Security) Archiv
Brave disables Chromium FLoC features
https://github.com/brave/brave-core/pull/8468
#brave #browser #floc #chromium #chrome #google #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv
https://github.com/brave/brave-core/pull/8468
#brave #browser #floc #chromium #chrome #google #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv
GitHub
14942: Disable FLoC features and the provider service. by iefremov · Pull Request #8468 · brave/brave-core
Resolves brave/brave-browser#14942
Submitter Checklist:
I confirm that no security/privacy review is needed, or that I have requested one
There is a ticket for my issue
Used Github auto-closing...
Submitter Checklist:
I confirm that no security/privacy review is needed, or that I have requested one
There is a ticket for my issue
Used Github auto-closing...
Forwarded from BlackBox (Security) Archiv
FLoC Block
Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.
FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.
💡 How does this Chrome Extension help?
If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.
💡 How do I install this extension?
👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip
👉🏼 Extract extension.
👉🏼 Follow the instructions to load into Chrome.
https://github.com/ShivanKaul/flocblock
#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv
Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.
FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.
💡 How does this Chrome Extension help?
If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.
💡 How do I install this extension?
👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip
👉🏼 Extract extension.
👉🏼 Follow the instructions to load into Chrome.
https://github.com/ShivanKaul/flocblock
#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv
GitHub
Release FLoC Block · ShivanKaul/flocblock
Contribute to ShivanKaul/flocblock development by creating an account on GitHub.
How to disable annoying grid tab view?
1. Simply go in chrome://flags/
2. Enter tab and find "Tab Grid Layout", "Tab Groups" and "Tab Groups continuation"
3. Change it to "Disabled" and restart browser as proposed
4. Enjoy old good view
Disable Tab groups :
Disable Tab Grid :
#tab #grid #chrome #chromium #bromite
1. Simply go in chrome://flags/
2. Enter tab and find "Tab Grid Layout", "Tab Groups" and "Tab Groups continuation"
3. Change it to "Disabled" and restart browser as proposed
4. Enjoy old good view
Disable Tab groups :
chrome://flags/#enable-tab-groupschrome://flags/#enable-tab-groups-continuationchrome://flags/#enable-tab-groups-ui-improvementsDisable Tab Grid :
chrome://flags/#enable-tab-grid-layout#tab #grid #chrome #chromium #bromite
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
Against Modern Browsers – https://againstmodernbrowsers.neocities.org/
#Browsers #Webpages #navigateur #web
Web browsers were originally designed with one purpose: reading HTML documents. The web was simple and was not owned by large corporations (most notably Google). Overtime the web has evolved and became bloated and complex. All modern browsers are either forked from #Chromium or funded by Google, giving #Google complete control over the web. An independent browser developed by a small community cannot compete with #Chrome or #Firefox.
This website covers everything wrong with the modern web, everything wrong with modern web browsers, and what should have been done to prevent this..
#Browsers #Webpages #navigateur #web