http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy
it takes just 1 line of code to track your ass, who guarantees that the creator of your extensions wont sell out for dem sweet money in the future?
Are you willing to take the risks of using the extensions botnet?
You are just 1 extension update from all of your history being transferred to the NSA.
Should I just remove them all?
>giving a shit about being tracked on chrome
CHROME ITSELF TRACKS YOU
If you're using chrome, you're already being tracked. Hang for a penny, hang for a pound.
Always thought it was funny that people worry about being tracked then basically carry a tracking device called a "smartphone" on them 24/7.
They know your address. Your favorite restaurants. Where you work. Even when you shit.
Time to burn your house down, tear your SS card in half, and go live in a cave.
>>51838145
I use Safari with privoxy/squid for ads/tracking. No extensions.
Before I used Chromium, and after the Hoverzoom debacle I started installing only open source, unpacked extensions from Github. Before installing I would scan each line of code to make sure there was nothing fishy. For larger extensions this would take me anywhere from 2-3 hours. Eventually I grew tired of this, not to mention every time there was an update I would have to check the diff.
As far as the NSA goes, you shouldn't worry about them. If you live in the US or Europe you are already being monitored.There is nothing you can do. The ad companies should worry you though. When Chrome says "Permission to Monitor all webpages and data" assume that that is exactly what they are doing, and that every movement will be logged. To me that is unacceptable, so I removed Chrome entirely.
>>51838237
This
unless you live life like RMS, you are getting tracked.
>selling out for money
>old data sold in the future
Whats that shit worth like three fiddy who wants some stale data
>>51838191
>>51838198
This sentiment is logical, because once you lose control of information about yourself, you may as well assume that everyone everywhere has it.
>>51838237
>>51838313
This sentiment is not logical. "I can't prevent all of my personal information from becoming public, so I shouldn't try to prevent any of my personal information from becoming public. They already know where I go, so they may as well know everything that I ever think, do, or say." That doesn't make any sense.
>>51838354
That isn't my sentiment at all.
Its that people bitch about being tracked while doing nothing about it. They read one alarming article about being tracked, go apeshit, and are double sure to make sure their smartphone is on them on the way out.
They don't really care. Its just something to keep them occupied until the next muslim blows something up.
>>51838305
>privoxy/squid
I'm already googling this, but maybe you can post a link to a comprehensive guide or something like that?
>>51838354
>you may as well assume that everyone everywhere has it.
No need to assume. Companies like Acxiom and Bluekai are data companies. They buy and sell data about people, making money from advertising companies who want their data, and buying to make their data more complete.
Generally, if your data gets collected by someone, it will end up at acxiom and they will resell it to everyone who is buying.
>>51838237
Android without gapps, in open source we can trust.
Also Chromium with exclusively open source extensions.
>>51838384
what should you do is compartmentalize.
what i do on my pc is entirely separate from what i do on my phone, the two worlds do not mix. i realize there's not much i can do about government level tracking besides going innawoods with no technology, but i can attempt to mitigate it on my PC where it matters to me, and i can also take a number of simple steps to prevent the commoditization of my metadata for the purposes of sales to analytics/advertisement companies.
>>51838503
Whenever you have a cell phone that's turned on, your service provider is recording information that can be used to determine your location to within about 300 feet.
That is not a problem that's specific to "smart" phones, though. As you've pointed out, there aren't actually any privacy problems that are inherently specific to smartphones. If you're going to have a cell phone you should have a smartphone, because with a feature phone it's not even possible to use free software, with a very small number of very specific exceptions.
>>51838557
and it's still sort of futile, because the best you can hope for is a phone with Replicant, and then you still have to worry about the unchecked nature of the baseband, as there are like 4 smartphones max that have adequate baseband isolation, and they're old as fuck and barely supported. the neo900 will be interesting, but i don't think it'll get an adequate Replicant port, and the price is really prohibitive for ultimately not much gain.
>>51838602
FOSS LTE stack when
>>51838631
the licensing process and fees necessary to appease the FCC will ensure that never happens.
>>51838602
All your data is in userspace, I highly doubt firmware drivers will screw with your privacy. It would be something like the network driver requesting all data from storage to upload that to a specific web server? Highly unlikely.
>>51839056
admiral michael rogers please go
>>51839102
Get real.
You can expect backdoors in firmware drivers, not botnets.
>>51839129
https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf
everything tracks everything. you all are not that cool for someone to snoop. if youre so paranoid turn off your damn internet you fucking pedos
>>51838191
>giving a shit about being tracked on chrome
This.
All I use Chrome for is looking at porn, and surfing 4chan.
>>51838145
Does this also apply to chromium?, are there any specific extensions i should be wary of? ( i currently got orgin ad blocker for chromium)
>>51839281
>Does this also apply to chromium?,
yes
>>51839281
>are there any specific extensions i should be wary of?
all unless you trust the developer not to do shady stuff.
>>51839281
>orgin ad blocker
if it's this, then you're fine
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
>>51838503
Chromium itself is botnet.
>>51838313
>unless you live life like RMS, you are getting tracked
RMS is a high profile public figure. If you want to stay under the radar, living his life is the worst thing you could do. The gubbermint doesn't need to track you online if it knows where you're going to be speaking tomorrow.
>>51838145
There's so much retarded bullshit in this post.
>CHrome extensions = very dangerous (botnets?)
That's not what a botnet is. Kill yourself.
>it takes just 1 line of code to track your ass
Requesting the permission in the manifest doesn't magically implement tracking code. Kill yourself.
>who guarantees that the creator of your extensions wont sell out for dem sweet money in the future?
I can make money by tracking people now? Do tell more, as soon as you're done killing yourself.
>Are you willing to take the risks of using the extensions botnet?
Assuming you installed an extension that prompted you with "this extension can access your data on all websites you visit. Accept?", then clicked yes -> you shouldn't be surprised when it does that exact thing. Kill yourself.
>You are just 1 extension update from all of your history being transferred to the NSA.
An update which would request a new permission which you would manually approve. Kill yourself.
>Should I just remove them all?
Yes definitely, uninstall Ghostery since it asks for this permission, so that you're trading "oh it might try and track me" for gajillions of actual trackers, actually tracking you.
Oh and once you're done uninstalling your extensions, be sure to kill yourself.
>>51840013
Oh and also, both Chrome and the NSA already have all your shit, so while you're pissing your pants in fear, remember to kill yourself.
>>51839281
Ones that specifically prompt you with "this extension can access all your data on all sites".
In general permissions tell you what they're permitting anon, don't be retarded.
>>51840013
Kill yourself, fucking cunt.
>>51839928
Please point it out in the source code.
This happens quite a lot, but at least extensions are automatically disabled if more permissions are requested
>>51838145
do you realize your isp has all of your personal information and a real time stream of all of your online activity? who is to say they aren't already handshaking with the powers that be?
>>51838145
Firefox with ublock origin + noscript mustard race
>>51838145
Why should I care if Google Chrome tracks me? The worst they can do to me is attempt to show ads that match my preferences. Yes, those same ads that get blocked by adblock.
Extensions tracking me on the other hand can be a problem because they can use that to steal my data, but I honestly doubt it
>>51844839
This
This is an issue with FF too, which is why I only use extensions which have the source available.
I wish it was easier, some extensions claim to have the source available, but don't make it easy to find.
Default Full Zoom Level was especially suspicious, took me to a chinese github, and I didn't see the add on there....
>>51838145
As a hobbyist firefox addon dev who just moved to chrome because fuck mozilla and just finished porting his first addon to chrome, and a hobby + professional programmer with a background in various languages/frameworks like java, c#, c and webdev, and a person who strongly believes in ethical software/good intentions/customer care:
fuck you.
>>51847552
As a person who enjoys writing run on sentences, and is a giant faggot,
>>51844839
Remember that thing that happened to Ashely Madison a few month back? What if that happened to Goole? Then someone would be able to use all your personal data on a whim, including your SS, any credit cards etc. That's why you should care.