Google Chrome Extension Steals Login Details 155
An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.
How is this different (Score:5, Insightful)
Re: (Score:1, Redundant)
True. Nuff said.
Re: (Score:3, Interesting)
Re: (Score:2)
Does a tight Noscript setup block the attempts of malicious plugins to communicate with malicious sites?
Re: (Score:1, Interesting)
Definitely not. Noscript only prevents scripts running on web pages.
Re:How is this different (Score:5, Informative)
NoScript does nothing whatsoever to restrict extensions or plugins. Nor would it even possible for it to do so without a major redesign of Firefox's extension system including the introduction of a security model with trust levels.
Re: (Score:2, Funny)
NoScript does nothing whatsoever to restrict extensions or plugins.
*gasp* HERETIC!!! This is SLASHDOT, unbeliever! The almighty NoScript and its blessed son FlashBlock are the infallible answers to every single problem you have ever had or will ever have. REPENT! REPEEEEEEENT!!!
Re: (Score:2)
For example, you login as mainuser. Browser1 runs as wwwbrowser1, browser2 runs as wwwbrowser2.
You do your banking stuff with browser1 which has zero or only extensions you are sure you can trust. You do your normal browsing with browser 2.
You configure browser 2 to have a different skin (browser 1 has default skin), so that you can more easily tell the difference.
This way if browser 2 is pwned. It is lesss likely to have
Re: (Score:2)
I think you may have intended to reply to someone else. I was simply answering a question on NoScript's capabilities.
Also I'm quite familiar with running multiple profiles; my job would actually be impossible without it. In Chrome you simply pass the --user-data-dir switch. I don't see how that's any worse than running Firefox with the -P and -no-remote switches (or the old way requiring env vars). I am curious how you run IE under a separate profile without using a different Windows accounts. I didn't thin
Re: (Score:2)
You did mention "introduction of a security model with trust levels".
And I don't think it's going to be easy to do right while allowing many types of extensions - after all if there can be extensions that help manage passwords, it'll be possible to have extensions that can abuse them.
So IMO it is better to just run different browser instances as different user accounts as I suggested.
Running browser instances as the same user but different data directories does not protect you as much. Because if the browse
Re: (Score:2)
You're conflating a few different things. There's origin security and there's local client security. Origin security is what protects you from one site accessing browser data from another site. Any discussion of extension permissions would apply primarily to origin security, because once you install anything with local client access you've already lost control. And when considering origin security, separate profiles within the same OS-level user account provide one method of strict enforcement.
Now, if your
Re: (Score:2)
Conflating or not, I prefer a more role/task based concept.
That way I can use one browser for lower security level stuff (whether visiting sites, or having more fancy plugins), and not have it affect my other browser which I use for higher security level stuff.
And I can do this without having to buy multiple computers.
If the browsers support sandboxing that's great. But whether they do or not does not affect my approach. I'd still be using multiple browsers, because it is just better "hygiene", and a more s
Re: (Score:1, Interesting)
Funny you should mention NoScript, since that's a plugin that's already been involved in its own scandal [hackademix.net]. Not as bad as stealing login information but still a breach of the users' trust.
Re: (Score:1, Interesting)
Some check boxes showing which permissions the plugin wants, and which permissions you will give it, would be nice, easy, and effective at preventing something titled as a "bookmark enhancer" from stealing your passwords
Re:How is this different (Score:5, Informative)
Chrome already lists the permissions an extension requests at installation. The UI on that interaction is junk, so you need to be a fairly knowledgeable user to make heads or tails of it, but the information is definitely there.
Re:How is this different (Score:5, Funny)
Maybe what the browsers need is some sort of vetted App Store for extensions, where all submissions are reviewed by a central authority and approved or rejected?
Re:How is this different (Score:5, Insightful)
Does it surprise anyone
Yes, anyone who is not a geek.
Look, to us tech people, these things are obvious. But everyone else out there doesn't have a clue. You have to design the car so that the user doesn't get the idea of looking into the fuel tank with a lighter, or if he does get that idea, that he can't do it. No matter how silly it sounds. This is why our society works, because we can safely use tools without having to be experts in them.
Re: (Score:2)
Remember when Google pulled a vulnerability exploit proof of concept app from the Android Market, and purged it from end-user phones? That was a security research project. And this is just an A-grade crap.
Re: (Score:2)
Re: (Score:2)
And that's not the browser's fault in any way. You can't stop idiotic users from downloading malicious shit unless you stop them from downloading ANY program or plugin. They'll ignore every warning they see because they don't feel like reading.
Re: (Score:2)
Clueless people can go install LimeWire just as easily as they can install a bad extension for Chrome. Hell, look at how easy it is to download and install something from IE - try the installer at http://www.google.com/chrome [google.com] in IE8. It's a
Re: (Score:3, Interesting)
However, that's beside my point. I was just demonstrating that Chrome has plenty of warning for installing an extension, and that people should not get their panties in a bunch because *gasp* users ignoring a warning about downloading and installing software from third parties can lead to malicious code execution.
Re: (Score:2)
Re: (Score:2)
My argument stands - Chrome gives you a warning for extension installation, so there's nothing to see here; unless it's suddenly news that installing third-party software and ignoring warnings about the possible consequences can lead to theft of information.
Re: (Score:2)
sad thing is, most non-geeks will not read this unless it happens to land on some front page in scare-types.
and even then they will likely not see the simple solution (be smarter when you browse) and instead hit the government "protect me!" button over and over like a caffeinated squirrel.
Re: (Score:1)
You have to design the car so that the user doesn't get the idea of looking into the fuel tank with a lighter
Or, you could educate the user that fire and gasoline don't mix. They don't need to know the chemical reaction side of it, but simply informing them that these two things don't mix shouldn't be too difficult. (I know you were being extreme to prove a point, so was I).
I find it ridiculous to continually dumb down products. To me, this seems like it will cause a slippery slope to stupidity. What happens if we dumb down the products to the point where people don't know how to create them anymore, or th
Re: (Score:2)
I find it ridiculous to continually dumb down products. To me, this seems like it will cause a slippery slope to stupidity. What happens if we dumb down the products to the point where people don't know how to create them anymore, or the knowledge is only in the hands of the far and few? I resist the notion that learning should be back-seated for short-term profits. In the long run, people will become too stupid to buy those products and we're stuck with even dumber products.
Funny thing: how many people do you know in regular society that can put together a lightbulb? How about a microwave? What about the latest iPhone?
Re: (Score:2)
Or, you could educate the user that fire and gasoline don't mix.
Yes, and to only walk on green, and to install antivirus, and to have safe sex, insurance, not go into certain parts of town, keep the car in working condition, verify their patch level is current, check all money for forgery is easy as well, and two million other things.
There is only so much that a human brain can actually act on. Storage is not the problem, recall is. Sometimes, the right decision is to educate people, but it is not a panacea. If it is easier to simply design in a safety than to educate e
Learn enough to know your limits. (Score:2)
It's not about memorizing facts, or about recalling something, it's about knowing what you know and what you don't know. I don't know how to use a chainsaw properly, but I know enough to know that I don't know, and that I would need to learn how or I'm going to get hurt.
If it is easier to simply design in a safety than to educate everyone and keep them educated, then building in the safety is the proper thing to do.
That's true, if the safety has no downsides whatsoever. Otherwise, it bears more discussion.
For example, the iPhone and the Great Firewall of China [wikipedia.org], both of which claim to be making things more secure and stable for you by removing your choi
Re: (Score:2)
For example, the iPhone and the Great Firewall of China, both of which claim to be making things more secure and stable for you by removing your choice. Even if the iPhone is more secure for the kind of user who would download BonziBuddy, I don't think it's worth it, and this is exactly what is meant by dumbing down.
Here's the funny thing: You're dead wrong. I'm an iPhone developer. There is no "dumbing down" here at all. Anything I want it to do, I can make it do. However what has happened, in comparison to 1980s computers, is that the user has most of the complicated stuff hidden away from him. That is not a conspiracy, it is the normal process by which things mature. Look at cars: Early on, you'd better know quite a bit about it, just to drive one. These days, you put your car into the ignition, and you care nothing
Re: (Score:2)
I'm an iPhone developer. There is no "dumbing down" here at all.
For the user?
Anything I want it to do, I can make it do.
Jailbroken?
the user has most of the complicated stuff hidden away from him.
In the case of the iPhone, it's not that the complicated stuff is hidden. It's that it's actually forbidden -- see above. Can you make it do anything Apple doesn't explicitly allow?
That is not a conspiracy,
I never suggested it was.
Nor do I think Apple and China are in a conspiracy to censor technology -- they just seem to agree (quite publicly and openly) that computer users need to be protected from themselves, beyond the point of making it simpler and more usable, and to the point of removing choices.
Look at cars: Early on, you'd better know quite a bit about it, just to drive one. These days, you put your car into the ignition, and you care nothing about what goes on under the hood.
I do,
Re: (Score:2)
Nor do I think Apple and China are in a conspiracy to censor technology -- they just seem to agree (quite publicly and openly) that computer users need to be protected from themselves, beyond the point of making it simpler and more usable, and to the point of removing choices.
Removing choices is what design is all about. In the words of Antoine de Saint Exupery: "You know you've achieved perfection in design. Not when you have nothing more to add. But when you have nothing more to take away."
A light switch works so well precisely because it gives you two options: "Lights on" or "Lights off", instead of presenting you with a spectrum of things you can do with electron flow through a wire.
Anything I want it to do, I can make it do.
Jailbroken?
*laugh* no. Why should I? Sure, some Apps would not be accepted in the App Store, but I can s
Re: (Score:2)
A light switch works so well precisely because it gives you two options: "Lights on" or "Lights off", instead of presenting you with a spectrum of things you can do with electron flow through a wire.
Mostly because, in that situation, it would be useless.
By contrast, despite being automatic, my car's transmission also has a first and second gear and an overdrive toggle, not to mention neutral and reverse. That's just the transmission -- my car also has four separate braking mechanisms, each with their own unique interface. It may be possible to simplify this, but people are willing to put up with this situation from a car.
Take a moment to look into a car sometime. Count how many separate controls there
Re: (Score:2)
Take a moment to look into a car sometime. Count how many separate controls there are, and remind yourself that this thing's purpose is ultimately to move you from point A to point B.
I know. Cars are some of the things that you quickly come across when you teach yourself about design. And I mean car controls, not bodies. :-)
The point is, of course, that the purpose is not to get your from A to B. If that were the ultimate purpose, the interface could be a lot simpler - and is. The interface for a taxi is "open door, sit down, close door, talk to driver, wait, pay driver, open door, get out, close door".
All the additional complications of a car are because you want to drive from A to B y
Re: (Score:2)
All the additional complications of a car are because you want to drive from A to B yourself. Plus quite a lot of the controls have nothing to do with driving, they're for the stereo or the AC or they serve secondary purposes such as the gas gauge or the maintainance lamp.
And this maps well to computers.
The additional complication of having to change the oil occasionally (or have someone else do it), knowing what the RPM gauge means (or at least that redlining is bad), needing a key to get into your car, etc, all have reasonable analogies in the computer world, and there doesn't seem to be much in a computer that doesn't have a similar analogy in the car interface.
The additional stuff, like the stereo, air conditioning, windows, etc, maps to additional stuff users might have
Re: (Score:2)
The problem with our society today is we're dumbing our tech to match the ever lowering intellect. This isn't so much a problem in other parts of the world as it is here in the US.
Ok, putting "don't dry hamsters in microwave oven" signs on every microwave is probably excessive. Then again, with a bit more of technology you could probably detect that there's a living being inside the oven and not turn it on. What is dumbing down, the sign or the automatic detection? I'm not arguing for the sign.
Now, don't equate that we need the government's blessing to use a browser and the internet, but I don't think we should shield the stupid who refuse to read the warning signs.
Why not? The example with the cars is only valid because it's a potentially deadly weapon to others. If you want to kill yourself because you didn't bother reading the instructions, by all mean
Re: (Score:2)
Does it surprise anyone
Yes, anyone who is not a geek.
Look, to us tech people, these things are obvious.
Please, most people (>90%) posting on Slashdot are perfectly ignorant of how security works. Don't toot your/our horn too much.
Re: (Score:2)
Re: (Score:2)
I might argue that you have cited the reason our society is most likely to fail. We protect morons from themselves, so that they can survive to breed. Society is selectively breeding more and more morons with each generation.
If the idiot wants to peer down his fuel tube with a match, LET HIM DO IT!! Don't stand in his way. Hell, let's facilitate the operation - move the gas tank into the trunk, and put a trap door on top of the tank, and put a box of matches right beside the trap door.
The gene pool real
Re: (Score:2)
We protect morons from themselves, so that they can survive to breed.
That is true, and it irks me to no end. However, the real problem is not selection - most of the moronic things are not deadly. The real problem is that we encourage stupidity.
Just look at the idols of the day. Most of them are either dumb as shit, or at least pretend to be (I'm looking at you, Paris). Dumb is "cool". The whole football/soccer world cup has been a great example - otherwise smart people use it as an opportunity to become total idiot assholes for an evening, or several.
Selection does not only
Re:How is this different (Score:4, Informative)
We, developers take it as a given that programs (and thus extensions) should be able to do anything. Arbitrary code if you will.
If you actually think about it, it's a little nuts. You download an application, and it could reformat your harddrive.
Truth be told, even we programmers simply rely on 'trust' that the various programs and extensions aren't doing anything evil.
I don't go through every line of source code. I trust the developers. I trust a popular program. But it really is just that... trust.
Now the OS does prevent somethings to enhance trust. There are file permissions for example.
Other web technologies have other security. Silverlight for example can open local files... but the user has to manually select it via the windows file dialog. You can't program in a file location.
They were smart enough to not just take the Active X approach were 'just because you visit this website and run the application, it can do anything'. They build limitations into the environment.
So what safeguards does a browser provide?
Well, password information is crucial. Quite frankly, any application that even attempts to access a password field should be blocked... unless the user explicitly understand this. And I don't mean some generic warning message that applies to every extensions.
And so the point is... extension are no different than downloading and installing a regular program... but they bloody well should be!
Re: (Score:2)
Ignorant people will probably skim over the initial warning because they see a bunch of stuff they don't understand (or more commonly because they DON'T EVEN BOTHER TRYING TO READ IT) - so the password warning would have to be as blunt as possible.
I can't believe how many people just don't even bother re
So why does the article single out Google Chrome? (Score:2)
I am a little confused here. This article very specifically singles out Google Chrome. But, it turns out the same thing could be done with any browser?
Re: (Score:2)
Chrome gives you a clear warning for installing extensions. Chrome also runs each process in its own sandbox, unlike the security nightmare that was IE back in the ActiveX glory days.
And of course I'm biased toward clearly better software (in this case, Chrome vs. IE).
Re: (Score:2)
Exactly - and this is why Chrome's not at fault for this whole extension thing, and why it's not even a problem. They give a warning, and ignorant people will ignore it.
OK... (Score:5, Insightful)
He's just doing basic stuff here with that extension. When you try to install any extension Chrome throws up a warning that the extension can access your personal data on whatever sites the extension author has requested access to in the manifest.json file. Ignore that warning at your own peril, especially if it doesn't match with what the extension description says it should do.
Lots of extensions inject content scripts. Lots of extensions do random AJAX calls to random sites that the user doesn't have open in a tab. That he put the two together to steal data is hardly revolutionary.
The only problem I see is that if the author specifies enough websites in their extension permissions, Chrome truncates them to "multiple sites" which is a bit ambiguous.
Standard abuse of trust. Is this /. worthy? (Score:2, Insightful)
Guy learns to program, abuses trust of software users. Film at 11?
Evidence (Score:1)
Evidence exists that browser plugins and extensions are providing a lot of leaks and possibilities for intrusions.
So avoid installation of unnecessary problems by not installing anything else than really necessary extensions for your browser activities. What browser manufacturers needs to consider is how to improve security related to extensions and plugins. One way is to make sure that the plugins and extensions run in isolated subprocesses with lowest necessary privileges.
Re: (Score:2)
"Evidence exists that browser plugins and extensions are providing a lot of leaks and possibilities for intrusions."
*coughFLASHcoughJAVASCRIPTcoughACTIVEXcough*
In other news ... (Score:5, Funny)
... a proof-of-concept Google Chrome browser extension that steal users' login details.
That's nothing. Wait till you see my research on what's possible when you get the user to install a malicious kernel module ...
Re: (Score:2)
I get your point (that a kernel module, being low-level, gives you greater access), but I think a malicious browser extension is worse.
* It's a lot less likely that a user will install a malicious kernel module, as compared to a browser plugin.
* It's a lot easier for someone with bad intentions, a few hours, and a little coding experience to write a browser plugin, than it is for them to write a kernel module.
* It's much easier to distribute a plugin, and the install base is much greater.
* The signal/noise
Re: (Score:2)
and this is why i dont worry much about rootkits for home computers, as even access to just the users account will likely expose a whole lot of valuable data to whoever wants it. so if one want more security the valuable data should be accessed by way of an account that only do so, and have no real contact with the everyday user activity.
heck, was there not talk about a livecd specifically for banking?
Re: (Score:2)
You're reading too much into my subtle sarcasm: I was merely suggesting that this is a highly unsurprising result. All that has been discovered here is a special case of the rule that your security is at risk if you download and execute malicious code.
Re: (Score:1)
... a proof-of-concept Google Chrome browser extension that steal users' login details.
That's nothing. Wait till you see my research on what's possible when you get the user to install a malicious kernel module ...
I can't wait to see how long the instructions for installing your kernel module will be. Remember you have to /trick/ a regular user.
Re: (Score:2)
OK, let me explain. The kernel module was what's known as a 'rhetorical device' intended to illustrate a point. The point was that writing a program do commit a dastardly deed, then executing it in a context where it has permission to commit that dastardly deed, is (a) not news, and (b) not even a security violation.
Super secret security advice... (Score:2)
Is this different than someone deciding to run a bash script that wipes their hard drive, as root?
So you can install an extension that's bad. Like you can open an e-mail attachment that's bad. Like you can open a programmable document that has a bad macro.
Seriously, where's the security concern? Don't install crap extensions and you won't have your passwords stolen through crap extensions. Easy enough?
Sandbox? (Score:2)
Re:Sandbox? (Score:5, Funny)
I think you might also risk catching something if you're *thrusting* the author.
Re: (Score:2)
Re: (Score:2)
The Chrome extensions system has the concept of permissions, where an extension must list the special permissions it needs in its manifest.json file. If the extension requires special permissions, the user is warned. If the extension tries to do something requiring permissions without asking for them, it fails. One comment in TFA says that the proof of concept extension given does require permissions. If that's true, then this is a nonstory, since it would be just as hard to get in by convincing the user to
Re: (Score:2)
Yes, i think its an nonstory.
However:
Me (to secretary): I can access the webpage without getting a warning about the certificate
Secretary: I cant access it without problems
I (sitting besides her) see that she takes 0.1 sec to click the warning away: Ahem, you just got the warning!
Secretary: yes, its always there.
(And this was an company-internal application where the fix was to download the certificate exactly from the same untrusted website - that educates the users well)
Maybe the permission for "reads pas
Re: (Score:2)
There isn't anything like "reads password data," nor could there be without drastic changes to the DOM standard and how JavaScript is implemented in modern browsers. The way the system works is that the installation manifest states what origins a content script will run in. And any script executing within an origin has access to all that origin's data. This is conveyed to the user with a message like "this extension can access data from site X.com" or "this extension can access data from all sites."
If you h
Re: (Score:2)
Re: (Score:2)
Not only have I read the paper, I've worked with a few of the authors on this subject matter. And that's why I know that it's essentially impossible to provide a useful extension API that is not also vulnerable to intentional abuse. Claiming the opposite is akin to claiming you've refuted Gödel's first incompleteness theorem. And if you've succeeded at either, I'd like to see the evidence. (Just a heads-up, you're starting to line up a pretty tall list of things you'll need to accomplish to support you
Re: (Score:2)
Before i claim the opposite, i would like to see your mathematical proof that a "useful" API can not protect against intentional abuse. (Citation?)
Re: (Score:2)
You have this backwards. I can point to every major browser, along with research directly addressing the topic. Whereas you haven't provided one iota of evidence to back up your misguided and ignorant statements.
Since it's obvious you have nothing of value to contribute, I'm just going to close this out with a suggestion. When confronted with a topic you obviously know nothing about, please resist the temptation to make noise just so people will notice you. It just wastes everyone's time and prevents you fr
Re: (Score:2)
Re: (Score:2)
It's just sad that you find it perfectly acceptable to comment like this on an application you obviously know absolutely nothing about. Chrome actually does run extensions in a sandbox. It also warns on installation of an extension, and explains what permissions that extension requires. If an extensions attempts something require a privilege that wasn't in its installation manifest the operation fails. As I said in another comment, the UI has issues and could certainly be improved, but the fact is that Chro
Re: (Score:2)
"For now.,," (Score:5, Insightful)
> For now, only install plugins from people you know and trust...
Um, "for now"?
Re: (Score:1)
Well, "for now" there is not much possibilities aside from that. But in a "hopefully" near future, we'll get some easy to use and easy to set-up security for thingslike extensions and plugins, so we'll be able to ignore the "people you know and trust" part. Except for, you know, unexpected flaws in said security.
How? If you're going to use, let's say, a password and userid manager, you pretty much have to accept that the plugin is going to be storing and accessing that shit. Unless Google develops an API that acts as a secure black box - developer uses an API for passwords and UIDs and any other private type of information so that he has no access, a user will have to accept some loss of security for convenience. Then there's the issue of auditing the plugins for compliance.
Erm, news? (Score:4, Insightful)
Re: (Score:2)
So, he created a plugin that let him do what the plugin architecture is designed to allow him to do? I'm not sure how this is newsworthy...
Yeah, combined with the Android rootkit [slashdot.org] it seems like Google has no concept of security.
These "security researchers" need to understand that there is neither respect nor prestige creating software that asks permissions to do something and then does it. They are merely pointing at various faces of a larger system flaw: that people who don't understand computers will not understand what any type of software can do to their computers. There really is no "best case" solution for this problem. Either choose a ve [apple.com]
Re: (Score:2)
They are merely pointing at various faces of a larger system flaw: that people who don't understand computers will not understand what any type of software can do to their computers.
That's an excellent point, and one that most people miss. No matter how much security you lather onto a system (infrastructure and AV) or how difficult you make it to do mundane tasks (I'm looking at YOU uac and gksudo), it's fatally flawed if it has to be used by a person.
You mean my computer is a general purpose machine? (Score:2)
capable of running whatever code I instruct it to? Waah, I want big government/big business to protect me!
Seriously though, this isn't news. Extensions are intended to be general purpose, and in order to be powerful enough to do what you want, some risks are taken. I suppose you could take a partial sandboxing approach such as BitFrost or that taken in Android to warn users of what permissions are being requested (and mitigate the effect of expoits), but there's a tradeoff between functionality and safety.
What is this browser safety you speak of? (Score:2, Insightful)
Re: (Score:1)
yep, and... (Score:1)
your original post claimed that these types of security holes were inevitable, the only way to combat them is with informed and careful users.
I countered that another way to counter them (even with uninformed and un-careful users) is to place all your users in a padded room which locks from the outside.
FF before version 2 (Score:2)
I wrote an extension to FF long ago that was reading any form field at all, including password fields and was able to send this information to any address on the web via an http call. Starting from FF version 2 the method I used to read the form field (basically enumerating the form input fields with javascript) could no longer read the password field from a form.
Re: (Score:2)
Intercepting POST on an encrypted page needs to be tested, but replacing an input element is easy, it will also need to replace characters with **** asterisks and then on a post it'll have to replace the input back with a password field with the actual password in it.
FF does not need to modify API to protect against this, it needs to provide a way to protect specific pages from extensions modifying them, something like a 'locked page' that cannot be modified by any extensions. Any password page needs to be
In other news ... (Score:4, Insightful)
Executing arbitrary code downloaded from the internet might lead to arbitrary code execution. Not news.
The real question here is... (Score:1)
...WHY Google allows so much potential access of personal data to installed Extensions?!
I mean every time I tried to install an extension on Chrome I got the warning that it could potentially access my user data and or browser history, and I still don't see any reason that extensions should (even potentially) be allowed access to that information!
Untrue that this could be written for any browser (Score:2)
Safari on iOS (iPad, iPhone, iPod) doesn't have extensions. On iOS, instead of an extension, the developer just creates a whole other browser, and that has to be audited to be deployed. Although you may be able to write this for Safari on Mac/Windows, those extensions have to be signed to run, and signatures can be revoked immediately, so even if you got this deployed, at the first sign of trouble it stops running on 100% of systems. There is very little point in tagging a wall that can repaint itself insta
In another news (Score:2, Funny)
Chrome extensions are different (Score:2)
The only way to get to the password database is to connect directly to the opensql database and decrypt the passwords with the userID - and that is how chrome password dumpers work.
this story is pretty mean
Re: (Score:1)
Troll??? HAHAHAHA!
Fanbois to the rescue [youtube.com]...
Re: (Score:2, Interesting)
They ARE censoring their search results. And they are doing that everywhere, not just China. What makes you think they aren't? Because they say so? Please... stop
Re: (Score:2)
[citation needed]
I really hate to do this but unless you can back that up, then please...stop
Re: (Score:1)
*sigh [google.com]*
We're #4! (Score:1)
USA! USA! USA! USA!
Uh, wait a minute.
Re: (Score:2)
That's not less than 10 in all of Europe. That's less than 10 for every one of those European countries listed (and 59 for the UK, and 188 for Germany, and 57 for Italy, and 32 for Spain... totalling much more than 123 for the United States for a lot fewer citizens than the United States). How is this at all relevant, anyway?
Re: (Score:1)
Guess you didn't notice the red question mark over China. That's what we call censorship at their "request".. Relevant now? And it all goes back to my original premise that Google cannot be trusted with anybody's privacy, unless you happen to have the power of the state backing you up.
Re: (Score:2)
Relevant now?
Not really. Google isn't telling you what information they're distributing... only that they're distributing information. You know they're distributing information to China just like they're distributing information to every other country Google has operations in. Google knows that you know this, and Google knows that anybody with any sense in their head won't need the exact number to know that Google is doing this (and that's why they make the question mark red and noticeable... if they wanted to hide it,
Re: (Score:2)
They filter (and possibly misdirect) what you're searching for, and they try to track your every move.
They filter results for people in China. The only thing they filter in the US is links to child pornography. Nothing else. Yes, they track your every move. Every search engine and Internet advertising firm does that. They don't do it so they can do bad things to you, they just do it so they can make more money from advertising. I still don't understand what point you're trying to make.
Re: (Score:1)
The reasons make no difference. They are censoring.. Oh, and fuck copyright! Its sole reason for existence is censorship.
Re: (Score:1)
controversial hate speech laws = censorship
copyright = censorship
And in direct violation of the 1st Amendment
You are wrong.
In this case it is.
Re: (Score:1)
You cannot acquire any rights through censorship. Any and all regulation of speech is censorship.
Andreas Grech (Score:3, Insightful)
Someone should illustrate his lack of body armor by shooting at him with a large caliber rifle.
Re: (Score:2)
Re: (Score:2)
I don't know of any browser that can't disable JS. With NoScript you can even do it on a per domain basis.