Apples and oranges. Android is supposed to isolate apps from each other (yes, theory). So a malicious app should only be able to steal data the user provides it with.
On the other hand, a single malicious extension will compromise the entire browser. Nothing you do on any website is any longer safe.
Not that I don’t think that Google should pay more attention to the apps in the Play Store. But allowing extensions to hide their functionality with remote code is plain negligent.
MV3 makes it considerably harder to introduce a security vulnerability, but it doesn’t really help with outright malicious extensions. In the end this isn’t an issue which can be solved by technical means. It’s a moderation issue, and Google currently seems to be scaling back moderation despite not being great at it to start with.
What is there to be gained you ask? Well, there is currently a creep in a position of power at FSF who is actively making women and other people feel unwelcome, effectively pushing them out of the community. By removing him from this position, making it clear that such behavior is unacceptable and will not be tolerated, a much broader participation could be achieved. And then these "much bigger" issues you seem to care about have a better chance of being solved.
Unless of course your whole point was using whataboutism to defend your hero, because you think that past achievements always outweigh any harm he may be doing.
>Unless of course your whole point was using whataboutism to defend your hero,
No. My point is that replacing him with people who prioritize political grandstanding over fighting for the cause at hand are just as worse if not more.
The people who gave their signature on the previous failed deplatforming attempt were numerous enough to easily fund their own FSF that is not encumbered by the influence by rms. But they didn't. They didn't because that takes actual work unlike spewing vitriol like they do here. They can only destroy but not create.
They have at least one device with an unencrypted copy of their data, likely two or more. They only need this passphrase to set up sync. If they ever forget it, they reset sync, set a new passphrase and re-upload the data. No nuking.
I do believe (but, though I work at Mozilla, I don't work particularly close to the relevant team) that our support team regularly gets help requests from people who have locked themselves out after e.g. wiping their device, and we can't help them recover their data. It's a hard balance to strike between usability and privacy, though Google obviously guides the user more to the never-lose-my-data end of the spectrum that also happens to give them more insight into what the user does.
Almost 20% of Americans only access the Internet on their phone.
If I only own a phone, all I have to do is break my phone and forget my encryption passcode when I set up my new phone and I would lose all my bookmarks.
- Having 1 password for Google account + one passphrase may be great - in a sense holy grail
But... as some one doing CS for many people
- People just dont focus or show importance to these things
- People will forget the passphrase and lose data
- The importance to the data that was lost is MORE painful than the 'loss' of privacy
- So many people incl. my spouse live totally in phones (and work laptop). With the advent of large screen phablets (a.k.a - all new phones) - one does not even need any tablet.
- Sure, your advice is logically correct but reality for most is that people still treat password or PIN as a PITA.
I sincerely wish some country will pass strong privacy laws + have a connection between google/apple account with national ID of some type so that people can validate and reset password of SV behemoths. But again - strong privacy laws so that neither govt not SV misuses it.
Yes, they will probably ask Facebook then. Or check your web search history. There is more than one source for them to draw from. But you can shut down this huge source of your private information easily. You can deal with the rest of them later (all possible).
Firefox Sync encrypts all data on the client side before sending it. Chrome Sync can do the same if you know which settings to use. 1Password, Bitwarden, Dashlane – every password manager worth their salt encrypts data locally (LastPass is the only one which failed really badly here). How is this rare and not something we should expect?
Yes, they fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
Every ad blocker gets full and complete access to all your data. It needs that kind of access in order to … tada … remove ads. It’s really simple: ads are on all websites, so an ad blocker needs access to all websites.
You probably mean that Adblock Plus abuses this access? Surely this is something you have proof for? Here you can see an example of how this kind of thing looks like: https://palant.info/2023/06/05/introducing-pcvark-and-their-.... You can look around in my blog, there is more.
It has been a while since I’ve been involved with Adblock Plus. I sincerely doubt however that ABP’s privacy stance changed that much since I’ve left. But I’ll wait for you to find proof for your claims.
Funny thing is: declarative access to websites still allows for plenty of mischief if one wanted to do it. I’ve actually seen malicious extensions abuse that. Browsers might have to revisit the decision to ignore declarative access as far as the permission prompt goes.
They fixed this particular issue (and a few more), the article mentions it. But the update I published today explains why Chrome Sync is still very bad privacy-wise (as opposed to outright horrible which it was back in 2018). https://palant.info/2023/08/29/chrome-sync-privacy-is-still-...
Apples and oranges. Android is supposed to isolate apps from each other (yes, theory). So a malicious app should only be able to steal data the user provides it with.
On the other hand, a single malicious extension will compromise the entire browser. Nothing you do on any website is any longer safe.
Not that I don’t think that Google should pay more attention to the apps in the Play Store. But allowing extensions to hide their functionality with remote code is plain negligent.