@brucelawson Sigh. This is going to make firing up a Windows VM for browser testing even more tedious.
It's bad enough that it's essentially impossible to test Safari in a VM in Linux without giving macOS a separate graphics card and monitor.
@emu : given a domain name (*) for a website with an APPARENT owner, DV certs do not provide ANY security because users have no reasonable way to determine whether said domain name DOES NOT belong to the apparent owner.
Phishing is wreaking havoc on the internet. There are lots of people like you who DO NOT provide ANY solutions.
(*) In some message (email, SMS, chatapp, DM, ...), found by Googling, out of a QR-code, in a paper letter or on social media.
A DV cert may be fine for your home NAS, but not for your bank. Unfortunately big tech does not want users to see the difference between a fake and a real bank (or any other critical website) in their browsers.
If you're worried about fingerprinting above all else, vanilla Firefox is probably better than something like Arkenfox.
I'm dead serious. 
Fingerprinting is one of the most counter-intuitive things in digital privacy.
In most cases the more you try to prevent it by yourself, the worse it gets. 
TL;DR the best thing you can do is to use your browser like a normal person. 
What’s New in WebGPU (Chrome 135), by @developers:
Web portals! Circa 2000, you found them everywhere. I'm looking for a modern one.
Or maybe you'd call it a dashboard. I want a visual, drag-and-drop bookmark manager. You know, the sort of thing that lets me cluster my blog links in one section, news sites in another, etc. Maybe with color-coding. Maybe with images or page previews. FOSS preferred but I'd consider anything.
EDIT: Looks like Vivaldi's Dashborad might be close to what I'm looking for.
India launches competition to build a homegrown web browser
—@theregister
「 An indigenous browser could be more troublesome for market leaders Google, Microsoft, Apple, and Mozilla. India's colossal population, and its ardor for local products, could propel a local browser to a user base in the hundreds of millions – perhaps even a billion 」
https://www.theregister.com/2023/08/10/indian_web_browser_development_challenge
A smarter VPN experience: Introducing the Mozilla VPN extension for Windows.
https://blog.mozilla.org/en/products/firefox/extensions-addons/mozilla-vpn-for-firefox/
Ah. I think I see what's happening now:
Someone from or representing Br@ve is reporting any mention of this article on Threads. Everytime it gets posted, it gets 'reported' & Facebook/Threads is dumb enough to take it down.
Thank you for the incentive, Br@ve.
Why I recommend against Br@ve
https://bit.ly/4j7WAr6
#browsers #privacy
Anyone with ADHD (not diagnosed but on waiting list): I kinda need you lot's help with browsers. How do you cull the tab hoarding? I use Vivaldi and I keep hoarding tabs and it's getting annoying lol.
gonna tag both browser types for maximum reach.
@lewiray : phishing can and should be mitigated.
See https://infosec.exchange/@ErikvanStraten/114222237036021070 and (I just wrote this) https://infosec.exchange/@ErikvanStraten/114224682101772569.
![Screenshot I made this afternoon (13:15 UTC) of https://cancel-google[.]com/captcha .
It is a phishing website not owned by Google (although some time ago it was even hosted on a Google cloud server).
It asks the visitor to confirm that they're human.
Criminals add that to prevent virus scanners from automatically accessing parts of the website that would trigger warnings for malicious content.](https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/224/711/100/925/045/original/1e156af3270d91fa.jpeg "Screenshot I made this afternoon (13:15 UTC) of https://cancel-google[.]com/captcha .
It is a phishing website not owned by Google (although some time ago it was even hosted on a Google cloud server).
It asks the visitor to confirm that they're human.
Criminals add that to prevent virus scanners from automatically accessing parts of the website that would trigger warnings for malicious content.")
@rohare : thank you! Of course the feature list could be expanded, but many things can also be implemented using browser extensions / plug-ins.
IMO implementing my proposal using extrensions will not work, because we need a revolution, all combined:
1) Trustworthy certificates containing *human readable* (+) information identifying the responsible entity for "risky" websites (DV is fine for your home-NAS because you *know* when a given domain name is *not* yours);
2) Browsers showing that information upon first visit (using that browser, optionally synced cross devices) or when anything changes (website owner in particular);
3) User education. Browsers should contain or point to easy to understand tutorials.
Again, full details in https://infosec.exchange/@ErikvanStraten/113079966331873386.
(+) The cert that Chrome on Android shows for https://stripe.com is NOT human readable, and incomplete as well (see https://crt.sh/?id=17223459392).
NOTE: Apart from the domain name "stripe.com", the only additional identifying information in the cert below is the name of the organization: "Stripe, inc". The information that is *NOT* shown is *EXACTLY* the reason why Google killed EV (and OV) certificates, assisted by (notably) Troy Hunt: https://www.troyhunt.com/extended-validation-certificates-are-really-really-dead/.
@rohare : phishing can and should be mitigated.
See https://infosec.exchange/@ErikvanStraten/114222237036021070.
![Screenshot I made this afternoon (13:15 UTC) of https://cancel-google[.]com/captcha .
It is a phishing website not owned by Google (although some time ago it was even hosted on a Google cloud server).
It asks the visitor to confirm that they're human.
Criminals add that to prevent virus scanners from automatically accessing parts of the website that would trigger warnings for malicious content.](https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/224/244/300/256/867/original/f772c26157e8abd0.jpeg "Screenshot I made this afternoon (13:15 UTC) of https://cancel-google[.]com/captcha .
It is a phishing website not owned by Google (although some time ago it was even hosted on a Google cloud server).
It asks the visitor to confirm that they're human.
Criminals add that to prevent virus scanners from automatically accessing parts of the website that would trigger warnings for malicious content.")
Another User Support gem:
"""
We currently don't support Linux and every other OS except Windows and Mac for desktop and iOS and Android on mobile. Since we don't officially support Linux we cannot guarantee that our website will work consistently there or troubleshoot any issues.
So it is suggested, to use our website on the above supported OSs, if available.
"""
Honestly. It's a damn cross-platform browser. Get over it already.
Ⓐ