• Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    2
    ·
    6 months ago

    Since January 2018, 42% of malicious extensions use the Web Request API.

    That’s like making knifes illegal in general because they have been used in a certain amount of murder cases.

      • Treczoks@lemmy.world
        link
        fedilink
        English
        arrow-up
        34
        ·
        6 months ago

        Indeed. What a f-ing stupid argument: “We cannot trust the extensions that the user installed, therefor we give malware from advertisers free roam!”

      • Treczoks@lemmy.world
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        9
        ·
        6 months ago

        You just made the argument for gun rights.

        Definitely not. Gun ownership should be abolished like slavery was. A knife has good use for cutting and cooking, but a gun, especially in private hands, has absolutely no reason to exist.

        • Skeezix@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          6 months ago

          a gun, especially in private hands, has absolutely no reason to exist

          Americans phrase it a bit different:
          ‘Fuckin guns fuck yea!’

        • Excrubulent@slrpnk.net
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          16
          ·
          6 months ago

          So you completely accept the state’s monopoly on violence, and you also don’t think farmers should be allowed to shoot pests?

          This is a statement made by someone who lives in a political and ecological bubble.

          • Treczoks@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            2
            ·
            6 months ago

            So you completely accept the state’s monopoly on violence

            Better than spreading this to everydays mass shooting event culprits, don’t you agree?

            • Excrubulent@slrpnk.net
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              5
              ·
              edit-2
              6 months ago

              “Spreading”? It’s already spread.

              Plus it’s kind of impossible to understand how you see police brutality and the way they responded to the George Floyd protests and think, “Yeah, these guys should be trusted with the only guns in existence.”

              Like have you already forgotten about Uvalde? If the cops hadn’t been there to cower behind their cars and stop people rescuing their kids then less kids would’ve died.

              • Treczoks@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                6 months ago

                First: Is “every redneck yokel and his dumb brother is allowed to own an arsenal” in anyway better than a government monopoly in that regard?

                Second: This would of course need properly selected and trained policemen, not those trigger-happy yokels that the US uses instead.

                My position is from a country where “Police Brutality” is seen as an American or other third world country thing. We don’t allow every random idiot to own a gun. We have properly trained police. We therefor also don’t have issues like Uvalde and George Floyd. For an American, it is hard to draw a straight line between those factors, but in the rest of the civilized world, it is the standard.

                • Excrubulent@slrpnk.net
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  edit-2
                  6 months ago

                  So sorry for assuming you were talking about the US when you talked about school shootings.

                  I come from a country like that too, but if you think police brutality doesn’t happen in your country then again: political bubble.

                  Go ahead, tell me what country you’re from and I’ll burst it for you.

                  I used to say the same thing about my country, Australia, where they’ve recently been imprisoning whistleblowers who expose clear government abuse. EDIT: They’ve also been doing racist colonial violence since day 0 and they have never stopped.

                  There is no such thing as a state that can be trusted with violence. They always use it to oppress.

          • cheddar@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            6 months ago

            So you completely accept the state’s monopoly on violence

            That’s the whole point of the state. And no, you guys are not fighting the US army with its armored vehicles, rockets, bombs, drones, etc. with your guns if it comes to this.

            • Excrubulent@slrpnk.net
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              6 months ago

              The point of the state is to maintain one class’s domination over others, violence is just the means to achieving that. It’s not a good thing.

              And not all armed resistance takes the form of open warfare.

              Under a strong state one viable way of resisting the state is community defense. For instance the Black Panthers began open carrying to observe police doing traffic stops, because black men kept getting killed (edit: of course we know they still are).

              The state’s response was weapons bans. That ban targetted the Black Panthers and was selectively enforced against them. This is where California got its reputation for banning guns. It was the state maintaining its ability to oppress people along class and racial lines.

    • mrgreyeyes@feddit.nl
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      I mean it’s just a browser. Bit of fiddling with the saved password and your go to go again to never look back. If they value their users they will improve again like Firefox did in the background over years.

      I only hope a good search engine will appear again. I don’t like the alternatives.

      • Veneroso@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        I have been using swisscows for about a month. It’s no Google… But it seems to be better than what Google is now…

      • dustyData@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        If you are smart, you have a password manager that you login once then everything is there and ready to login to every single account instantly.

  • 9point6@lemmy.world
    link
    fedilink
    English
    arrow-up
    49
    arrow-down
    1
    ·
    6 months ago

    Run a pihole or similar

    Your web browser is just one piece of software on your network capable of displaying ads and collecting data

    • uzay@infosec.pub
      link
      fedilink
      English
      arrow-up
      32
      ·
      6 months ago

      Network-level adblock cannot replace browser-level adblock and vice versa

    • xyz1195@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      I’m a bit clueless when it comes to that but certainly interested. Could you maybe go into more detail as to which hardware and software is needed to set that up?

      Thanks much in advance!

      • 9point6@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 months ago

        So the main software is here https://pi-hole.net/ (and they have good documentation, so I’m not going to repeat the nitty-gritty here)

        You obviously need something to run it on, which could be some existing computer that’s always on, but (as the name might suggest) a lot of people use some form of Raspberry Pi (or similar) single-board computer.

        Pihole will run on basically anything, so you can get an ancient pi and it will still run fine

    • MentorKitten@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      6 months ago

      I thought this requires permission to a router. Can you do this say at a dorm or an apartment where internet is provided for you through a portal

      • 9point6@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        You can always configure the DNS manually on a device you own to ignore the DHCP settings sent from the router and just go directly to the pihole, obviously not as good as it happening automatically, but a good workaround if that’s not possible

    • erwan@lemmy.ml
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      1
      ·
      6 months ago

      Use Firefox if you want but don’t donate to Mozilla. Money doesn’t go to Firefox development anyway.

      Also if they can afford to pay their CEO $3 millions a year, they don’t need your donations.

    • 001Guy001@lemm.ee
      link
      fedilink
      English
      arrow-up
      43
      ·
      edit-2
      6 months ago

      Just adding that as I understand this, donations to the Mozilla Foundation cannot go towards Firefox, because it’s [edit: Firefox is] actually part of the Mozilla Corporation. To help with funding Firefox people can consider purchasing the Corporation’s other products (VPN/Relay/Monitor), or purchasing merch.

      See more here on the AMA on Reddit, and this thread

        • 001Guy001@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          6 months ago

          Sorry, it was unclear in my comment. By “it’s actually part of the Mozilla Corporation” I was referring to Firefox, not Mozilla Foundation

  • Jeena@piefed.jeena.net
    link
    fedilink
    Svenska
    arrow-up
    17
    ·
    6 months ago

    uBlock Origin for Chrome has over 34 million installations according to the Chrome Web Store

    Oh wow, that is very surprising to me. I somehow expected a billion of installations. Especially when I saw the screenshots without it in the article, how can anyone browse the web without it?

    • corbin@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      23
      ·
      6 months ago

      Adblock users are still a statistical minority of web users. Most people don’t care (as evidenced by Netflix’s ad tier gaining subscribers every quarter) or don’t know those extensions exist.

    • Lord Wiggle@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      6 months ago

      There are other ad block options. And there is Firefox. I use Vivaldi browser, it has a built-in ad blocker, just like many other browsers. I just wish Vivaldi would be Firefox based.

      • Jeena@piefed.jeena.net
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        6 months ago

        But Firefox has a installation base of 2.8% and Chrome 65%. The Firefox uBlock Origin installations are in my opinion statistically insignificant, so are Brave browser installations which are even lower.

    • Scotty_Trees@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      They only have 40 posts so I gave them a follow. It’s when accounts have like 10k posts and an account is less than a year old that I won’t follow them, I don’t need that noise.

  • StaySquared@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    4
    ·
    6 months ago

    I think I’ve made this comment before, but I really wish people would learn more about technologies like pihole. Get the ad once, get the hyperlink, add it to blacklist.

    • DefederateLemmyMl@feddit.nl
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      I run a pihole as well, but it is a very rudimentary tool compared to browser based adblockers like uBlock origin. It can only block DNS queries, and can’t for example block ads if they are served from the same domain as the main site (i.e. youtube) or block specific elements on a page or block a specific script from running.

      • StaySquared@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        can’t for example block ads if they are served from the same domain as the main site (i.e. youtube) or block specific elements on a page or block a specific script from running.

        Yeah that’s true.

    • morrowind@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      Until that ad also happens to be for a legitimate website you want to visit. I’d rather have a adblocker I can change right there in the website

      • cheddar@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        That’s a very rare case, and you can whitelist a domain using the pihole’s web interface. It may require extra two clicks, but I had to do that maybe twice in the last year.

      • StaySquared@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        But it’s worth it… pretty much can block anything and everything across the entire network - on all endpoints.

    • BaroqueInMind@lemmy.one
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      10
      ·
      6 months ago

      Ironically, I wish people including yourself knew more about shit like how PiHole/RaspPi simply leverage Unbound, which is not unique to only Pi software or Pi devices. You can do this same thing on any OS that has it installed.

    • corbin@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      1
      ·
      6 months ago

      What specifically is “google propaganda and fear mongering” in the article?

      • kbin_space_program@kbin.run
        link
        fedilink
        arrow-up
        29
        arrow-down
        16
        ·
        edit-2
        6 months ago

        Mentions UBlock seems.to be fast and safe, but that the API used lets extensions look at everything you do amd can dramatically affect browser speed. Implying that UBlock Origin is responsible for Chrome being such a memory Hog and that they, not Google, are the ones after your data.

        • Deebster@programming.dev
          link
          fedilink
          English
          arrow-up
          29
          arrow-down
          1
          ·
          6 months ago

          That performance cost seems to be negligible in uBlock Origin and other popular ad blockers that have focused on optimization […], but there were probably other extensions not doing that well.

          The article goes out of its way to not do what you’re accusing it of. I don’t understand how you’ve managed to read the article as having the opposite slant as what it actually does.

        • corbin@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          1
          ·
          6 months ago

          Except the part where it didn’t imply that at all?

          That performance cost seems to be negligible in uBlock Origin and other popular ad blockers that have focused on optimization (uBO has an explainer wiki page), but there were probably other extensions not doing that well. It’s not hard to see a situation where multiple poorly-optimized extensions installed using the Web Request API could dramatically slow down Chrome, and the user would have no way of knowing the issue.

      • far_university1990@feddit.de
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        6 months ago

        I don’t think that’s necessarily the case: Google knows as well as I do that a total crackdown would give governments like the European Union and United States more ammo for antitrust lawsuits.

        They do not care, never have, never will. Cost of operation.

        It would also be a motivator for more people to switch browsers, which would weaken Google’s browser monopoly.

        Not enough even care that would make noticable difference in market share.

        A lot of people were upset 23 years ago when Windows ME removed real mode DOS, too.

        And they all stopped using it, right? Right?

        The new Declarative Net Request API is still a downgrade in capability compared to the older API, but the feature gap has closed significantly.

        Chrome now allows extensions to include 100 rule lists, with up to 50 lists active at once. There are also additional filtering options, including an option to have case-insensitive rules, which cuts down on duplicates in filter lists. The maximum number of filter rules now varies by use case — an extension can now have up to 30,000 dynamic rules (filters downloaded by the extension) if they are deemed as “safe” (block, allow, allowAllRequests or upgradeScheme), an additional 5,000 other types of dynamic requests, and more filters included in the extension package.

        for context, EasyList is just one of the lists enabled by default in uBlock Origin and other ad blockers, and it has over 75,000 rules.

        Can you math? Feature gap almost same as before.

        • corbin@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          6 months ago

          That’s up to 30K dynamic rules, at least 30K static rules, and at least 1K regex rules: https://developer.chrome.com/docs/extensions/reference/api/declarativeNetRequest#property-GUARANTEED_MINIMUM_STATIC_RULES

          That seems like it’s fine for general use, and those limits might go up again. EasyList and the other big lists can be consolidated to varying degrees with Chrome’s rules format, and there’s probably some dead rules in there. uBlock Origin on Firefox will definitely be more versatile moving forward, but every time I’ve used uBlock Origin Lite in Chrome it’s almost the same experience.

          • far_university1990@feddit.de
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            6 months ago

            Why even make limit at all? Should not have any.

            EasyList and the other big lists can be consolidated to varying degrees with Chrome’s rules format

            Source? Or you just assume they can? What about specific list? List by small maintainer?

            Not convinced feature gap any better yet just by slightly higher number and not said real number and vague „can compress list“.

            Also, until Hill say satisfied with api or proven it enough to fight google head on in adblock war, not think good enough.