Well, I am sticking this here for now even though it likely will be evicted at some point.
There's alot of evil browser extensions out there. Alot.
Stuff like this:
I've begun capturing snapshots of them in the github.com/cryptostorm/fishycode repository, for now.
Is there someone out there who specialises in reporting and/or investigating these things? Are there best practices for doing so? They do some seriously, seriously evil shit - watch the events in your browser, and the .js console. You'll see.
The worst ones, by far, are "privacy" related. User-agent switchers, "free" proxy services, etc. I am pretty sure some are doing #superfish-style ssl kneecapping although I've had not time to confirm for certain. I do see them pulling certs in, and doing... things with them.
I suspect alot of crytostorm members have shitware extensions in their browsers that are causing serious security issues, currently. Time to clean that crap out.
Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo 〰 #cleanVPN
1 post • Page 1 of 1