This example is hilarious, granted, but not even the one I truly worry about.
I work in a lax multi-national corporate environment, to be vague. These extensions, especially with religiously conservative adults, is of limited concern.
I am far more concerned about the semi-professional extensions.
I doubt this is malicious, but someone installed this in my environment and inquried why the quality of output went down (in terms of pixelation).
The problem here is it raises fewer eyebrows. It does a purpose-filled operation professionals would need, and they are far less discerning than me.
This person had Adobe Acrobat Pro, and forgot. Such extensions have real potential to IOC (indicators of compromise), but only very expensive next-generation malware detection knows that when it sees traffic out.
But what if there is no traffic out? Or it does a more professional job with exfil?
Most modern software inventory has no intelligence into plugins. That is terrifying. Per-user javascript directories? Enumerating just the obvious ones can be a full-time job?
What about dupes? I am the only one I know in my department who uses uBlock ... Origin. And I know there is a fork. Others are intended to have a similar logo and fool busy professionals.
I love FF, but also use Chromium. I am worried that the freedom afforded to me by the beauty of things like Keysnail, like the generally abstracted trend of vendor lockdown, forces me to voluntarily suck it up and deal with crap software defaults and workflows, and doubly recommend the same to people in my environment. I will increasingly have to part with each of the limited extensions I like, all while people here push Electron apps. I like them (who am I to be arrogant and judge the work of these people half my age; at least they put out code while I bitch all day), but the browser base is not discernibly updated or managed unless some developers coordinate. I am sure that came or is coming down the line, but currently populars apps will play catch up while people like me are forced to preemptively yet again restrict use of likeable tech because security was an afterthought.
Qubes increasingly looks like the future. It is sad, but I must every few years consume more resources of my computer for useful, but wasteful, separation of software from its self, because, well, queue the recently retracted Theo de Raadt "x86 virtualization being secure is a waste of time" trope rescinded because even his OpenBSD crew will bite the bullet and work on OpenBSD virt technology.
I just depressed myself.
Sincerely,
Guy running multiple browsers in Firejail in a VM
EDIT: I do not the difference between have and half apparently; probably a sign of my age, haha!
I work in a lax multi-national corporate environment, to be vague. These extensions, especially with religiously conservative adults, is of limited concern.
I am far more concerned about the semi-professional extensions.
I doubt this is malicious, but someone installed this in my environment and inquried why the quality of output went down (in terms of pixelation).
https://chrome.google.com/webstore/search/screenshot?hl=en-U...
The problem here is it raises fewer eyebrows. It does a purpose-filled operation professionals would need, and they are far less discerning than me.
This person had Adobe Acrobat Pro, and forgot. Such extensions have real potential to IOC (indicators of compromise), but only very expensive next-generation malware detection knows that when it sees traffic out.
But what if there is no traffic out? Or it does a more professional job with exfil?
Most modern software inventory has no intelligence into plugins. That is terrifying. Per-user javascript directories? Enumerating just the obvious ones can be a full-time job?
What about dupes? I am the only one I know in my department who uses uBlock ... Origin. And I know there is a fork. Others are intended to have a similar logo and fool busy professionals.
I love FF, but also use Chromium. I am worried that the freedom afforded to me by the beauty of things like Keysnail, like the generally abstracted trend of vendor lockdown, forces me to voluntarily suck it up and deal with crap software defaults and workflows, and doubly recommend the same to people in my environment. I will increasingly have to part with each of the limited extensions I like, all while people here push Electron apps. I like them (who am I to be arrogant and judge the work of these people half my age; at least they put out code while I bitch all day), but the browser base is not discernibly updated or managed unless some developers coordinate. I am sure that came or is coming down the line, but currently populars apps will play catch up while people like me are forced to preemptively yet again restrict use of likeable tech because security was an afterthought.
Qubes increasingly looks like the future. It is sad, but I must every few years consume more resources of my computer for useful, but wasteful, separation of software from its self, because, well, queue the recently retracted Theo de Raadt "x86 virtualization being secure is a waste of time" trope rescinded because even his OpenBSD crew will bite the bullet and work on OpenBSD virt technology.
I just depressed myself.
Sincerely, Guy running multiple browsers in Firejail in a VM
EDIT: I do not the difference between have and half apparently; probably a sign of my age, haha!