this post was submitted on 03 Jun 2024

397 points (96.5% liked)

Technology

55465 readers

7057 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

397

Chrome: 72 hours to update or delete your browser. (www.forbes.com)

submitted 3 weeks ago by BCat70 to c/technology

98 comments fedilink hide all child comments

As read from my Mozilla Firefox....

top 50 comments

sorted by: hot top controversial new old

[–] deweydecibel 217 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

headlines have focused on the detrimental effect this will have on ad blockers, which will need to adopt a complex workaround to work as now. There is a risk that users reading those headlines might seek to delay updating their browser, to prevent any ad blocker issues; you really shouldn’t go down this road—the security update is critical.

It's almost like tying together feature updates with security updates was a deliberate choice by tech companies so that they could tell users shit exactly like this.

How can there be any real market choices when software literally tells users "for your own safety, you must abandon the things you want, and take the things we give you". How can consumers influence the direction of the product if they never have the option to decline that direction?

[–] [email protected] 24 points 3 weeks ago (1 children)

We're all trying to figure out where these headlines came from. The stable channel with all the fixes does not (at this time) bundle the warning. How is that users have become confused and believe the dev channel is the only way to get security fixes?

[–] madsen 13 points 3 weeks ago

The headline is supposedly CISA urging users to either update or delete Chrome — it's not Chrome/Google itself. However, I'm having trouble finding the actual CISA alert. It's not linked in the article as far as I can tell.

[–] [email protected] 14 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

When it comes to open source software, market choices aren't nearly as necessary because new ones can be created at will and very low cost by forking. But in the abstract thech companies are definitely not interested in choices. Choices don't maximize profits.

[–] AProfessional 5 points 3 weeks ago (1 children)

Maintaining a fork of Chromium would cost millions to do it responsibly.

[–] [email protected] 9 points 3 weeks ago* (last edited 3 weeks ago) (6 children)

It depends on how fat the fork is. While I haven't worked on Blink, as a developer who works on other people's very large codebases, including one from Google, I disagree. There are free tools for build automation. That'll take care of being up-to-date with upstream in terms of security. Patching things can be done using conflict-minimizing strategies. I used to work at an Android OEM and I've seen it done with great success. Thinking of Blink specifically, there have been lots of forks during its WebKit days. If I remember correctly there are also thin forks of Firefox maintained by some open source developers. This is all to support thay I don't think it's that big of a deal. Especially if most of it is rebranding and restoring some deprecated or deleted functionality. Could be wrong. I think we'll see, because I have a feeling the cost of maintaining a Chromium fork could be cheaper than patching apps to work well on Firefox. Some corpos might even pitch in. Not to mention that it isn't at all obvious for how long Firefox will be developed by Mozilla. If they drop the ball at some point we'll be faced with implementing new features in Firefox vs patching features of Chromium. ⚖️

load more comments (6 replies)

load more comments (1 replies)

[–] [email protected] 97 points 3 weeks ago (1 children)

I'm going to go way out on a limb here and guess nothing will happen if I do neither.

[–] AlphaAutist 105 points 3 weeks ago (4 children)

The article says that’s what the government is telling employees since there were several critical vulnerabilities found in chrome. It is very convenient that these vulnerabilities were patched in the same update that manifest v2 is removed though

[–] Audalin 47 points 3 weeks ago (9 children)

CVEs are constantly found in complex software, that's why security updates are important. If not these, it'd have been other ones a couple of weeks or months later. And government users can't exactly opt out of security updates, even if they come with feature regressions.

You also shouldn't keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

[–] deweydecibel 33 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

You also shouldn't keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

It's disgusting how this exact idea is used to push users away from things they want, and no matter what they claim, you can't convince me this isn't part of how they design certain updates. When the customer has no choice but to update, the company has no reason to make the update appealing. They can actively make it all worse and worse and worse, while continuing to scare users into accepting it.

I'm tired of companies hiding behind "security" to mask anti-consumer shit, and I'm tired of the security community helping them shovel that shit while acting like the consumer is a fool for not wanting to eat it.

load more comments (2 replies)

[–] reddig33 7 points 3 weeks ago

Maybe that software doesn’t need to be so fucking “complex”. It’s a web browser. Stop cramming everything but the kitchen sink into it. Half of the crap in web browsers like WebGL and WASM should be plugins anyway.

[–] AbidanYre 6 points 3 weeks ago (2 children)

You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox

You can find them, but you're not getting them installed on your government issued work computer.

load more comments (2 replies)

load more comments (6 replies)

[–] [email protected] 6 points 3 weeks ago

That's what I was thinking. It's mighty convenient...

[–] [email protected] 5 points 3 weeks ago

Government isn't telling employees shit. Federal users have no control over browser updates or most settings. At best this is a directive to push updates to it department head.

load more comments (1 replies)

[–] [email protected] 77 points 3 weeks ago

https://www.mozilla.org/en-GB/firefox/new/

[–] [email protected] 73 points 3 weeks ago (1 children)

So google manufactured a (possibly false) security risk to force users into updating to manifest v3 software?

[–] [email protected] 10 points 2 weeks ago

its not a false security risk, it really is unsecure to withhold updates.

the bullshit comes from what they are doing.

[–] _sideffect 48 points 3 weeks ago (2 children)

What a pos company

I really need to start to de-google my life

[–] [email protected] 24 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Check out https://www.privacyguides.org, they have a bunch of useful info and recommendations.

Remember, it's not an all-or-nothing situation, every step you take away from google helps. And you can always reevaluate later, and take time to figure out what works best for you.

load more comments (1 replies)

[–] [email protected] 19 points 3 weeks ago (6 children)

Do it!

I'm still working on it, but I've cut out quite a bit. Start with Chrome, and work your way down.

When you get to email, Gmail has a very convenient forwarding feature so you can forward all email to the new one while you change accounts and whatnot. I made a new account elsewhere, and I have a separate folder for email from my old Gmail and my new email. Every so often I'll go fix an account or two, so I'm making steady progress.

For me, docs/drive is the hardest, so I'm doing it last. I'm playing with self-hosted options, and am still in an adjustment period.

[–] QuadratureSurfer 15 points 3 weeks ago (10 children)

Getting away from Google Maps has been a tough one. There aren't many options there, it's either Google, Apple, Microsoft, or OpenStreetMap.

I've been contributing to OSM for my local area as much as possible to update businesses and their opening hours, website, etc., but it's not a small task.

[–] [email protected] 5 points 3 weeks ago (1 children)

I've been getting around quite well on OrganicMaps, but it does lack live traffic information

load more comments (1 replies)

load more comments (9 replies)

load more comments (5 replies)

[–] TankovayaDiviziya 48 points 3 weeks ago (1 children)

I always use Mozilla Firefox

sips hot chocolate

So that isn't my concern.

load more comments (1 replies)

[–] [email protected] 44 points 3 weeks ago (1 children)

"Well, BYE!"

[–] gdog05 20 points 3 weeks ago (1 children)

Great reference. Also, you can do gifs in Lemmy. Not sure if everyone knows that or not.

load more comments (1 replies)

[–] [email protected] 37 points 2 weeks ago

Ok I'll delete it. Thanks Google.

[–] tsonfeir 35 points 3 weeks ago (6 children)

Which of you fools still use Google products?

[–] [email protected] 20 points 3 weeks ago (1 children)

Sometimes we have to for work. That or Edge :(

[–] tsonfeir 12 points 3 weeks ago (1 children)

Your IT department should be very concerned

[–] [email protected] 11 points 3 weeks ago (4 children)

The IT department are the morons enforcing that shit.

load more comments (4 replies)

[–] callmepk 9 points 3 weeks ago (1 children)

I have to use for work, because all our customer only uses chrome or chrome-based browser :(

[–] tsonfeir 11 points 3 weeks ago

Show them the way!!! … to Firefox.

load more comments (4 replies)

[–] [email protected] 31 points 3 weeks ago (1 children)

I choose to just continue not having it in the first place. I uninstalled it from my work PC a year ago and never put it on either personal install. Definitely haven’t missed it.

[–] Lost_My_Mind 17 points 3 weeks ago (1 children)

But you're missing out on all those privacy violations, and spying!

[–] [email protected] 6 points 3 weeks ago

Yeah, no one's thinking of the exhibitionists! For shame!

[–] NutWrench 28 points 2 weeks ago

So . . . exactly what stealth crap is hidden in the Chrome "update?"

" . . . but it’s also the day Google started to pull the plug on many Manifest V2 extensions as its rollout of Manifest V3 takes shape."

Ahhhh, there we go. Manifest 3 will break almost all Chrome adblockers.

[–] [email protected] 24 points 3 weeks ago

delete...

[–] [email protected] 23 points 3 weeks ago (2 children)

Meanwhile my school still uses Chrome v109 since that was the last version that supported Windows 8

[–] [email protected] 5 points 2 weeks ago (2 children)

We still use it in biology ,but not in IT we have windows 10 or 11 on them I always install Firefox on them if it isn't already there one time some Ukrainian kid set the language .

load more comments (2 replies)

load more comments (1 replies)

[–] LinusOnLemmyWld 18 points 3 weeks ago

chrome, hahaha

[–] [email protected] 16 points 2 weeks ago

I already did 5 years ago

[–] Sam_Bass 14 points 3 weeks ago

Awfully convenient for this to come along to coincide with.chrome new manifest change

[–] mechoman444 13 points 2 weeks ago

HOW CAN I DELETE SOMETHING I DON'T HAVE!!!!

Screams in existential crisis

[–] [email protected] 11 points 3 weeks ago (1 children)

Why foes government allow spyware on its own hardware?

load more comments (1 replies)

[–] StaySquared 8 points 2 weeks ago

Amazing how these big corps hate freedom.

load more comments