
joined 1 year ago
[–] [email protected] 2 points 1 year ago

I'm honestly really pleasantly surprised that Nexus Mods are willing to take this fight head on. That they are willing to tell these potential customers to sod off, and that they have the tact and understanding to tell the difference between a superficially benign mod with a malicious purpose like this, and the many vulgar mods that they do allow on the site. (Shout out to Schlongs of Skyrim, you magnificent beast)

Gamers, in the general, being the worst people I don't have high expectations from gaming companies but it all seems to be moving slowly in the right direction, even as gamers gnash their teeth and waddle their fingers.

[–] [email protected] 1 points 1 year ago (1 children)

But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.

Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not "monitor your activities". It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it's on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I've never seen a false positive on that list and I understand that even I'm vulnerable to attack.

We should be free to customize programs, free to block what we don’t need

And you are. If you don't want to use safe browsing, turn it off, is right there in the menu. They have given you a default that's best for most people and the option to customize.

Further, since it's free software there's really no limit to your power to customize or get rid of what you don't need. (I understand that this is not possible for most people, but that's why you have the menu options, this is just a final line of defense.)

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Security for the user is obviously what we are talking about. Regular people do not have the knowledge or patience to make informed decisions regarding their technical security; any model that relies on that is going to fail because people will click whatever they need to make stuff work. Even people who do understand the technology do stuff like disabling SSL verification, rather than going through the effort of adding the new CA to their cert list.

Firefox is not doing the same as Chrome. Firefox is adding a feature to disable unverified add-ons on particular domains to stop attacks from malicious add-ons. Chrome is adding a feature that tracks the sites you visit and shares them with other sites to improve ad tracking.

How are these features comparable at all?

[–] [email protected] 1 points 1 year ago (3 children)

That's interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can't swap that login QR-code. Here's an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/

I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.

TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.

remotely monitored their browsing real-time

it’s kind of inevitable that sometimes they have to support that giant

What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?

[–] [email protected] 2 points 1 year ago (2 children)

You can absolutely disable this feature, Mozilla provides instructions for how in their article https://support.mozilla.org/en-US/kb/quarantined-domains

Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (5 children)

While I don't completely understand the use cases for Mozilla's add-on domain blocklist, I also don't see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it's obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.

Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what's the real problem?

(That said I think it's great that people are being skeptical even of Mozilla)

Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.

[–] [email protected] 3 points 1 year ago

I don't think their reviews are generally intended to be watched from beginning to end. I watch the introduction, the conclusion and any parts I'm specifically interested in. But yeah, it's not entertainment :)

Otherwise I like kitguru for some more lightweight information

[–] [email protected] 1 points 1 year ago (1 children)

you still instinctively hate me, simply because I’m not exactly like you. I really don't, I feel worried for you, and intimidated by your hostility. How would I even know whether you are like me or not? We know nothing about each other!

I am not questioning that you have been abused and that it must have been truly horrible. The paranoid delusion is thinking that every person is a sadist who's out to hurt you, and that some stranger saying "sorry" on the internet is doing so with some undefined malicious intent.

I hope you get better.

[–] [email protected] 5 points 1 year ago

I hope that this example can show that more humane treatment of workers is attainable and realistic. We were not given these rights by benevolent overlords; our parents, grandparents etc. fought for them, and so can you. Unionize!

[–] [email protected] 9 points 1 year ago (1 children)

The way the law works here is you get five weeks vacation every year and have a right (but not an obligation) to take four of those consecutive between June and August. You must however take four weeks of vacation every year, the rest you can save for up to five years (before you have to take them as well).

Oh, and to really blow your mind, if you get sick during vacation, those count as sick days and you get the vacation back.

[–] [email protected] 3 points 1 year ago

They really are required not just to allow you take time off, but to make sure you take it. Which is great because as you say it leaves no room for pressure tactics.

And yeah I did once work with a weirdo who had no life and got really mad that he was forced to take time off :D

view more: ‹ prev next ›