BF2S Forums Tech: Open thread

So got an alert that a Chrome extension was infected with malware. Had the extension for years and the security report put out by Avast says the thing was probably created in order to put push malware. People have been complaining about the thing screwing with their Google search results in order to push advertising links. I would have never noticed since I have an adblocker. So I changed the three email addresses I use and my online banking. I guess at this point my TD Ameritrade, 2 Credit Cards, and student loan provider are the only other things that need to get changed? Anything beyond that is superfluous? I check my credit constantly so no worries there. I can only hope that the person who created the extension was just interested in pushing ad links.

Yup. From my recent research it seems bad Chrome extensions is a common problem.

There is no excuse for Chrome extensions to be malware infected. People getting extensions through the Chrome store or whatever it is called should have confidence in the reliability and safety of the stuff.

SuperJail Warden wrote:

There is no excuse for Chrome extensions to be malware infected. People getting extensions through the Chrome store or whatever it is called should have confidence in the reliability and safety of the stuff.

In a perfect world.

I've intercepted malware from ads in the past, which is why I no longer allow them at all. Extensions can certainly open you up:

The real problem with extensions is if they are given too much access to the websites you visit, they have the power to do just about anything. They can act as a key-logger to capture your passwords and banking details, place ads on websites you visit, reroute your search traffic elsewhere and track everything little thing you do while you are online.

Having access to this info puts you and your identity at risk and leaves you vulnerable to more serious attacks. Chrome extensions, for example, have been criticized for secretly collecting and selling users data to the highest and often most shady bidder. Google is doing all it can to put a stop to this, but it’s not enough.

Chrome has been under constant attack and scrutiny because of its popularity, but Firefox is at even greater risk. Why? Simply because Firefox operates without system permissions, which means every extension you install automatically has access to everything.

Microsoft Edge is another example of a browser that comes with a permission system for extensions, but many require access to everything in order to work properly. Even an extension that only needs access to one website can be dangerous as well. In the end, it’s all about gathering as much info about you as possible and passing it along later.

https://www.komando.com/tech-tips/every … ns/584432/

This is the kind of stuff I get to lecture old people in the business about sometimes. Once they get a modicum of know-how, that's when they're at their most dangerous.

The data collection is really the more ever-present concern, and enables some of the fraud.

The aforementioned old folks used to rely on me for pretty much all the computer questions and issues. Now, apparently I don't know what I'm talking about and they're going to smile and nod and do stuff anyway. Like run ccleaner every single time a website loads two seconds too slowly. Call up the ISP to chew them out because no internet (because a batteryless router didn't come back online after a power outage), nevermind the ISP tech support asking if there was a router between the modem and the network on our end. It's the ISP's fault. Install like 80 shady driver finders on a 20 year old laptop to get it working so they can hook it up to the network.

Or install browser extensions without asking or even reading about them.

Yeah, don't go off of download count and average reviews from the extension page.

Privacy practices

The publisher has not provided any information about the collection or usage of your data

Permissions requirements for this from the firefox extension page:

Permissions
This add-on needs to:

Download files and read and modify the browser’s download history
Access browser tabs
Access your data for all websites

E: These alone aren't particularly useful (so many extensions nowadays have these permissions), but they're a catalyst for digging up info on it from tech, programming, and privacy sites.

If it's any comfort, questionable extensions are the tip of the iceberg. Scathing, if colorful:

Slouching towards dystopia: the rise of surveillance capitalism and the death of privacy
https://www.newstatesman.com/2020/02/sl … th-privacy

We're already aware that Google itself is less than up front about stuff. Meanwhile people are worried about thermal cams and contact tracing to help fight coronavirus, as they argue about it on facebook on devices full of tracking malware and vacantly-accepted clickwrap.

i own a domain and i want to start using an email address associated with that domain. I did a quick google search but what i found wasn't very straightforward. Anyone know how to set this up?

Yes, that's absolutely something I need to do, but not necessarily from the web host (as far as I know). But I can't find a straightforward answer on how to set that up.

What company did you go with? SquareSpace? GoDaddy?

Did you click through these? Might be in here somewhere.

https://www.godaddy.com/how-to/course/setting-up-email

So Amazon is introducing a new system where all of their Amazon devices are connected with each other to provide bandwidth support. So basically if your internet goes down, your Amazon device can piggyback off of your neighbor's device. I disabled this as soon as I could and I hope Amazon gets sued for it. But cool from a tech perspective.

I checked my Amazon account and it was already disabled. Still don't trust them.

The idea is still cool. If we had something like "universal broadband" in the U.S., I would be okay the government using the modem they give me to host public wifi or the Amazon Echo developing self awareness by talking to the door bell.

They said they would only use 500 MB for your first device. If you have 2 devices 300 MB etc. as you link more Amazon devices. I have a bunch of devices so if Amazon is truthful I probably wouldn't contribute much to their network by their own algorithm but yes more questions.

Finally, imagine universal broadband in the U.S. You would have people being angry that they pay $20 a month for broadband but have to share it even though they only check their email. "I only use mine for email. Why should I pay the same amount as the kids on TikTok all day?" As if broadband is a scarce resource.