• kattfisk@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/

    I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.

    TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.

    remotely monitored their browsing real-time

    it’s kind of inevitable that sometimes they have to support that giant

    What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?

    • Saki@monero.town
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Thanks for taking time to dig deeper and share the results. It’s ironic if big search engines are practically assisting those scams.

      The main thing behind my previous comment is the SREN bill and Mozilla’s blog post about it.

      I hope I am wrong, but I feel that Mozilla, while being against browser-side censorship, is strongly supporting Google-side restrictions. The situation becomes clearer if you actually read SREN, Art. 6, which is based on the premise that browser providers can and will monitor each user’s activity (my post about this on Lemmy). Conceptually similar to WEI.

      The technology that restricts what a user can do can be useful, if unquestionably bad things are blocked. The fundamental problem is, in order for this to work, someone has to decide what is “bad” for you, and has to monitor your activities directly or indirectly so that you may not visit “bad” websites. Protecting users from malware may be important, but I don’t want forceful “protection” by for-profit big tech companies, especially when their OSes/services are not really privacy-respecting, if not themselves spyware. While “protection” might not involve real-time monitoring or anything privacy-invasive, the current situation feels preposterous. We should be free to customize programs, free to block what we don’t need; it’s not like they have freedom to block us from accessing info, to force us to use/view what they want us to.

      • kattfisk@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.

        Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.

        We should be free to customize programs, free to block what we don’t need

        And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.

        Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)

        • Saki@monero.town
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I’ve been a long time Mozilla-supporter, since forever—since much before Firefox was even born. Every browser I use now is also Firefox-based [EDIT: one of them is SeaMonkey, not firefox-bsed but from Mozilla too]. As such, I wouldn’t like to say bad things about Mozilla. While I could clarify what I was trying to say, let’s just say several other people prefer LibreWolf to Firefox (I’m not a LibreWolf user, though).

          In the big picture, we don’t want to be abused by big tech companies like Google, and relatively speaking, Firefox is a much better choice. Also, you’re absolutely right about how free software is supposed to work (at least in principle). Like I said, I really hope I’m totally wrong here.

          The original (initial) post is a question about Brave, and we’re getting so off-topic now. Besides it seems that most Lemmy users don’t even read anything older than a week anyway, too busy to have a slow, deep conversations. So let’s call it a day. What I was trying to say in passing might become painfully clearer soon enough, or perhaps—hopefully—I’m just overly worrying about nothing. Although maybe Mozilla as an organization can’t exist anymore without Google’s financial supports (and so not in a position to keep saying “No!” to Google for a long time), as you pointed out, let’s hope that the philosophy of free (libre) software will prevail in the end.