Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This would be too late in my workplace, as they'd be logged that I downloaded the images. That I didn't see them in my browser would be irrelevant.


Yeah, fixing that would require breaking "The extension runs completely on your browser. i.e No user data is being sent to a server for processing." as image requests would have to be hashed, checked on a server and only allowed depending on the response.

So seems this extension is not really for your use case but for others.


I'm curious how workplaces do this. Does they have a root cert installed so they can MITM SSL traffic?


Yes exactly. And, ironically, many of these solutions can make you less safe; at one of my former employers we had something like this, but the problem is that since you're getting a cert from the MITM server, you're not able to inspect the cert from the real server, and at least in the case of the Cisco product we were using, the MITM server wouldn't bother to inspect it either; expired certs, certs with the wrong CN, self signed cert, didn't matter - the MITM server would ignore the problem and happily replace the cert with a valid one signed by the company CA.


That is more often a configuration issue than a technology issue. MITM proxies can be configured to reset connections to sites with invalid/expired certificates.


Every place I ever worked did exactly this. They use a protocol called WCCP which is essentially source routing, so if you're going to the internet on certain ports it routes you to a proxy server instead of whichever router it normally would.

Most companies big enough to do this already have their own internal CA installed on all the machines, for internal sites, so they use that same CA to sign the mitm cert. With so many sites using HSTS it can be annoying if you access a site while off the network.

As far as them knowing the content of a particular image they would need to have some kind of machine learning like this extension.


You could still run your own layer of encryption through that pipe though.


Presumably that is against policy and would get you fired?


Basically yes.


I don't think it's irrelevant. Having a NSFW pop up in the middle of a meeting and your access logged is much worse than just your access being logged.


It would be a nice feature for this extention to collect the URLs of detected porn images and report their hashes back, so they could be integrated into the extention itself.


true, the client still downloads the image so you'd still violate a work related policy... This plugin would have to operate as a proxy and filter the actual images that are NSFW so your client never downloads the actual image.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: