| ▲ | bmacho 6 hours ago |
| It's not just cookies, it's explicit consent to track you, and sell your browsing history to ~1500 spy companies around the world. To the sibling comments: don't "accept the cookies" and then delete them. - - - I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it. We need a browser with a safe extension model. - - - edit: I guess using 2 Firefox profiles, one with uBlock and one with my google/facebook/bank/amazon/etc accounts solves the threat posed by uBlock and extensions. I still don't like it. |
|
| ▲ | microtonal 6 hours ago | parent | next [-] |
| Not just the web. Last time I installed Backdrops on my phone (a nice wallpaper app), you would literally approve hundreds of uses of your data when you press Consent. Even if you choose to manage choices, 200 'legitimate interest' options are enabled by default. Even when you are a paying Pro user. Data used includes location data. What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it. Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less. |
| |
| ▲ | drnick1 an hour ago | parent [-] | | > Last time I installed Backdrops on my phone (a nice wallpaper app), you would literally approve hundreds of uses of your data Why are you using that malware? Is a "nice wallpaper" worth the security risks? Really? |
|
|
| ▲ | ambicapter 6 hours ago | parent | prev | next [-] |
| How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access? |
| |
| ▲ | bmacho 6 hours ago | parent [-] | | > How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access? Browsers should provide a filtering option before they makes a request. IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc. | | |
| ▲ | jstanley 5 hours ago | parent | next [-] | | We do sort of have that with the capabilities stuff (although I admit hardly anyone knows how to use it). But the tricky part is that "reading files" is done all the time in ways you might not think of as "reading files". For example loading dynamic libraries involves reading files. Making network connections involves reading files (resolv.conf, hosts). Formatting text for a specific locale involves reading files. Working out the timezone involves reading files. Even just echoing "hello" to the terminal involves reading files: $ strace echo hello 2>&1 | grep ^open
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/proc/self/maps", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/cargo/bin/coreutils/echo/en-US.ftl", O_RDONLY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)
| | |
| ▲ | tadfisher 4 hours ago | parent [-] | | OP says "restricted access to files". Read access to your home directory is not required for loading dynamic libraries or printing the time. |
| |
| ▲ | user142 5 hours ago | parent | prev [-] | | > the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux) Bubblewrap allows you to do that on Linux. |
|
|
|
| ▲ | latexr 5 hours ago | parent | prev | next [-] |
| Safari’s extension model could be really good by now, had they not stopped putting effort into it. You are able to define which extensions have access to which websites, and if that applies always or only in non-Private¹ mode. You can also easily allow an extension access for one day on one website. But there are couple of things I find subpar: You can’t import/export a list of website permissions. For a couple of extensions I’d like to say “you have access to every website, except this narrow list” and be able to edit that list and share it between extensions. On iOS, the only way to explicitly deny website access in an extension’s permissions is to first allow it, then change the configuration to deny. This is bonkers. As per the example above, to allow an extension access to everything except a narrow list of websites is to first allow access to all of them. Finally, these permissions do not sync between macOS and iOS, which increases the maintenance burden. ¹ Private being the equivalent to incognito. |
|
| ▲ | konform an hour ago | parent | prev | next [-] |
| I had similar frustrations and been maintaining a Firefox fork trying to fill a gap there. The result is Konform Browser and I think it might be relevant to you; please check it out! https://codeberg.org/konform-browser/source/releases https://techhub.social/@konform Shared today on Show HN but seems to be drowning in deluge of LLMs... https://news.ycombinator.com/item?id=47227369 > every single extension provides 100% access to my websites to whoever controls the extension That feels a like a bit of overstatement and depends on what addons you use and how you install them... CSPs at least make it possible to restrict such things by policy (assuming user has been exposed to it and parsed it...). https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web... MV3 introduced further restrictions and controls regarding addon capabilities. While I agree the UI and UX around this could be much better, it's not all hopeless. The underlying pieces are mostly there. While the fundamental addon execution security model in Konform Browser is inherited from upstream, for core addons like uBO you can improve the supply-chain security situation by loading it under "system scope" and disable addon updates in the browser itself. So while we don't (yet) improve on the runtime aspects you speak of, at least for now we can tighten up the supply-chain side to minimize risk of bad code running in the first place. Literally `apt-get install webext-ublock-origin-firefox`. "Enterprise policy files" can be used to change Firefox behavior and tweak security model around addon loading. A little explanation and reference of how it works if you want to do the same in other FF build or for other addons: https://codeberg.org/konform-browser/source#bundled-extensio... Any particular addon you think is missing from the list there and should also be packaged and easily available? Maybe will be able to improve some of the security-UI/UX here too down the line. I'd be keen to hear your take on how this should be done better! Regarding what addons can and do leak about you to the outside... I think you may also take interest in FF Bug 1405971. We ship a patch for that which can hopefully be upstreamed Soon (tm). |
|
| ▲ | jstanley 6 hours ago | parent | prev | next [-] |
| > every single extension provides 100% access to my websites to whoever controls the extension. But the browser also has 100% access to all of the websites. The browser is software that works for you. You control the browser. Who but yourself do you imagine controls your extensions? |
| |
| ▲ | 6 hours ago | parent | next [-] | | [deleted] | |
| ▲ | esseph 5 hours ago | parent | prev [-] | | > The browser is software that works for you. You control the browser. Oh really? Then why do my browsers keep moving things? |
|
|
| ▲ | jazzypants 5 hours ago | parent | prev | next [-] |
| How would an extension work if it didn't have access to the website you're browsing? |
| |
| ▲ | hedora 5 hours ago | parent [-] | | Pick one: - Read-only access to cross-tab web site content - Ability to modify web site content - Ability to access the network They can always "access the network" in that the extension developer can push static updates for things like ad block lists or security updates. It might be possible to have "read only" cross-tab access include automation APIs like keyboard + mouse, with user prompting to prevent data exfiltration. | | |
| ▲ | xphos 5 hours ago | parent [-] | | That just seems like a lazy capitalism models. We had both 10 years ago without crazy tracking and accept all cookies why do we have for the worst lowest common denominator ? | | |
| ▲ | hedora 4 hours ago | parent [-] | | I agree; the web ecosystem is enshittified garbage. However, I'm just suggesting a modest improvement to browser extension security (that doesn't completely break ad blockers like Chrome's approach). In practice, I run an ad blocker, and just trust that it won't exfiltrate bank passwords and stuff. Imagine the blast radius for a successful and undetected UBlock Origin supply chain attack! My "pick one" approach (ad blockers would pick the middle option) would mean that comparable supply chain attacks would also need to include a sandbox zero day in the web browser. |
|
|
|
|
| ▲ | bpt3 6 hours ago | parent | prev [-] |
| What would a safe extension model look like to you? At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run. |
| |
| ▲ | bmacho 3 hours ago | parent | next [-] | | > What would a safe extension model look like to you? > At some point, you have to implicitly trust someone A model so I trust my OS and my browser, and I don't have to trust anyone else, that is, they can't harm me. | | |
| ▲ | bpt3 3 hours ago | parent [-] | | You need open source extensions (they are now, as the source is included) and you need to personally audit them, or you need to find a browser with every single feature you want. Or do you want the browser to enforce permissions on extensions so you can lock them down as well as auditing them? |
| |
| ▲ | raw_anon_1111 6 hours ago | parent | prev [-] | | This is a solved problem for at least ad blockers for over a decade on iOS. The ad blocking extension gives Safari a list of URLs and regex expressions to block | | |
| ▲ | blackcatsec 5 hours ago | parent | next [-] | | No, it's a solved problem for ad blockers, a very specific problem case that extensions have traditionally solved. But the entire concept of extensions is far greater than just "ad blockers", although that's the use case for which 99.9% of people have used them for. But there are other uses cases, like cloud2butt. | |
| ▲ | bpt3 5 hours ago | parent | prev [-] | | It's solved if you trust Safari. I'm not sure that's the case for the parent poster. | | |
| ▲ | raw_anon_1111 4 hours ago | parent [-] | | So you don’t “trust” Safari but you trust Firefox? In 25 years absolutely no one has accused Apple of storing your browsing data that’s not e2e encrypted (its stored so it can sync across devices). | | |
| ▲ | bpt3 2 hours ago | parent [-] | | Did I say I trusted Firefox? I'm not the person who wants to redesign the browser extension ecosystem, but I can build Firefox from scratch and review the source code if I want, unlike Safari. | | |
| ▲ | raw_anon_1111 2 hours ago | parent [-] | | Right and you’re going to analyze every single line of code and verify it? | | |
| ▲ | bpt3 2 hours ago | parent [-] | | What exactly is your issue? Once again, I'm not the one who said they would like to design a new browser extension framework, but I have created custom versions of Firefox that have all ability to phone home removed and modified extension support. So not verifying every single line of code, but making fairly substantial changes in the direction the parent poster wanted to go in. I'm interested in a conversation about that, not you pestering me about whatever issue I seem to have triggered within you that resulted in your interjections in this conversation. | | |
| ▲ | raw_anon_1111 2 hours ago | parent [-] | | That the geeks solution to “I don’t trust $companyX” is that “I am going to compile an alternate solution without looking at the source code”. Is kind of meaningless. |
|
|
|
|
|
|
|
