Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@retoor holly cow, what? I myself have that extension installed, so anything i have typed was already pushed to them? How would you know
On the permissions section of their extension they have the following :
Read your browser history
Display notifications
Not sure if something is pushed is within the permissions they claim -
@dIREsTRAITS I'm not sure if you're serious or not :p How did you think it worked? It doesn't work offline. It sends all your stuff to validate
-
@retoor I'm not sure what you meant with 'it worked..'
-
@dIREsTRAITS well, obviously I don't use grammarly. "It works" then
-
@dIREsTRAITS why dont you just install sth like wireshark and monitor all network requests if ur so worried
-
@feuerherz I'm not worried, it's a subject no one cares about, I myself I have a few extensions like KeepassXC, Trust Wallet, Google Translator, uBlock, the majority will trust anything and will install random extensions without looking at the permissions... That's the issue.
-
rooted android ROMs had a good feature
so in android they added that an app has to explicitly define the permissions it uses. this is dumb, it's just a compile-time annoyance and does nothing for the user
in rooted android ROMs if an app tries to use a feature that requires permission it gets blocked and you get a pop-up where you can allow once or allow this app to do that thing. this is great. this way developer doesn't have to mess with stupid permission configurations and the user isn't surprised an app was doing something it shouldn't
this is how I ended up uninstalling Instagram. as soon as Facebook bought it you couldn't open the app without giving it GPS coordinates. if you rejected it using GPS the app would shut down. you couldn't even launch it. so I deleted everything on the website and left -
@jestdotty hmm i dont think that matters much. When an app has 913 ad Partners, it should be obvious to not have it installed. Most of the apps bundle the same trackers all the time. Aurora store let's you view them. And for the apps that i dont trust, that should be offline only, i block them in the firewall from accessing the internet entirely. Also the new Android versions show you a timeline of which permission was used by what app.
-
That's why you shouldn't use too many extension. The only extension I have on Firefox is only Ublock Origin. Raymond Hill seemed to be a good guy. He's active on reddit, and he constantly battle youtube's anti adblock intervention. A lonesome battle. Even if he turns evil someday, with how popular it is, I think someone will have figured out that the extension has turned evil, before it get a chance to steal my data. And I used firefox's password manager to generate and save my passwords, I have never typed in textbox manually. I have read that it can't read by extension this way.
-
@feuerherz yes well root and edit hosts file to adblock
used to be my thing before the ROM cracker guy went to prison or something
been a bit too busy to root since then so my phone is basically unusable
we have more power and sensors than instruments we've sent to the moon and mars in our pockets but they're unusable because everybody wants you to click an ad or something -
@jestdotty
Android manifests are just a way to provide info for frontends, and to filter target devices based on capabilities.
Android it's not *just* cellphones. -
-
@jestdotty
Duh, just said. It's not useless. It lets Android based OS have a way to prevent installation of shit that uses stuff you don't provide.
Android is hardly the first platform to have manifests.
Previous to shared libraries, binaries had to static link, which was a form of de facto manifest.
UWP has manifests. Pretty much all TV OSs have manifests.
JS has manifests (angular and the like DI frameworks are essentially manifests in disguise)
God, even crapple has manifests in Xcode.
That you don't see the purpose only enlightens your ignorance on the matter. -
@CoreFusionX no it's useless
it's effectively useless
nobody reads those things. it's too far removed from every day activities. that's not how human psychology works. you're asking for people to have far too much cognitive overload
it becomes like EULAs -
-
@CoreFusionX the manifest is used for permissions. these permissions are shown to users when they install an app from an app store which was mentioned in this thread
I don't even know if I even mentioned manifest. I think you mentioned it. it was talking about permissions. why argue for nothing -
@jestdotty
The manifest is used for way more things than permissions, which is what I originally said, and tried to tell you, but knowing how it's gonna be, yeah, you're right, I'm a moron. -
@CoreFusionX I'm sorry but what is a manifest?
-
@dIREsTRAITS
A XML file all Android apps must have where you declare, among other things, what are your app's components, entry points, permissions and features it uses, and such.
Since APK are just zips, it's trivial to parse this information, and it's what play store uses to check if your device is compatible.
It's used by many other Android devtools, but won't get into that.
My favorite xkcd
Hurry up before sale ends. Now you can get Samsung internet Browser at a discount space for just 45.92 MB inst...
Life when you didn't know about browsers developer tools
There is something serious about web browser extensions and the risk your data might be compromised just because of a simple stupid extension. You might harden the security of your machine and forgot about what you have installed as extensions, alot of people do not realize the risk because they simply install and give permissions as is.
The question is how to spot a malicious extension?
question
browser
extensions