Conversation

Notices

1. Embed this notice
   Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 10:16:08 JST Rich Felker

   TIL Firefox slipped in a feature to disable your privacy & security extensions on a list of sites Mozilla controls through some undocumented process: https://support.mozilla.org/en-US/kb/quarantined-domains

   It can (and absolutely should) be disabled, but I'm quite concerned that there's no info on where the default list of sites (a bunch of Brazilian banks?) comes from and how they inject it to the browser. New hidden phone-home shit?

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Nire Bryce (nirebryce@hachyderm.io)'s status on Sunday, 03-Nov-2024 10:16:42 JST Nire Bryce

     in reply to

     @dalias Mozilla is working hard on further reducing it's marketshare

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 10:40:09 JST Rich Felker

     in reply to

     Discovering this stuff while setting up new laptop. More fun: when I migrated over manually curated initial prefs.js, somehow AMO "Add to Firefox" button is broken. 😈 But right clicking it to get the extension still works. No idea how I did this, but getting rid of AMO's backdoor into browser was something I always wanted to do and I think I did it. 😂

   • Embed this notice
     James 🌈💜 (shaknais@mastodon.social)'s status on Sunday, 03-Nov-2024 11:04:29 JST James 🌈💜

     in reply to

     @dalias

     I believe these come from Brazil's PLC 53/2018, a data protection bill similar to GDPR, with a greater scope. The people in question can order a company not to collect their data. So these banks have told Mozilla not to touch them.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 11:04:29 JST Rich Felker

     in reply to

     • James 🌈💜

     @shaknais That's not blocking Mozilla from collecting their data. It's blocking UBO from protecting your data.

   • Embed this notice
     Victor S Sigmoid (victorsigmoid@hachyderm.io)'s status on Sunday, 03-Nov-2024 11:28:16 JST Victor S Sigmoid

     in reply to

     @dalias You can see the list of quarantined domains in about:config extensions.quarantinedDomains.list

     Looks like you can edit the list if you want

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 11:36:45 JST Rich Felker

     in reply to

     • Victor S Sigmoid

     @Victorsigmoid I cleared it and the malicious default list got restored. You can disable use of the list entirely with the .enabled pref, but I want to know what process is causing the list to be restored.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 22:14:00 JST Rich Felker

     in reply to

     • Diotima

     @tieflingdio 🙄

   • Embed this notice
     Diotima (tieflingdio@mstdn.games)'s status on Sunday, 03-Nov-2024 22:14:01 JST Diotima

     in reply to

     @dalias I've just uninstalled it. Between this, the sneaky process of enabling privacy backward settings, bugs that they ignore for years ("download failed" anyone?) and the utter attitude they display when called out...

     ...hell, I'm better like... going with a corp. At least they're honest about spying on me and "for your own good"ing me.

   • Embed this notice
     Apicultor 🐝 (apicultor@hachyderm.io)'s status on Monday, 04-Nov-2024 07:17:25 JST Apicultor 🐝

     in reply to

     @dalias Actually, I see this as a security win, not a privacy loss.

     If it becomes misused, then that's another story — but I don't see that right now.