Am Donnerstag, 29. März 2018 schrieb Tomasz Torcz 👁️: > On Wed, Mar 28, 2018 at 02:42:53AM +0200, Adam Borowski wrote: > > On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote: > > > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/ > > > > > > Mozilla sucks these days - they pay zero attention to the issue of > > > browser fingerprinting and keep sending users data to other parties via > > > bogus "opt out" "research" studies. > > > > > > "Oh but you can opt-out" > > > Assuming you even know about it in the first place - and what? you need > > > to opt-out of probably thousands of bad things in your life which makes > > > such a policy absolute bullshit. > > > > The only saving grace is that they do this tracking on a test group. On the > > other hand, Chromium saves both the URL and refer[r]er of every downloaded > > file using an user-namespace xattr, a little-known feature implemented by > > most filesystems (not tmpfs, if you use /tmp for testing :p). Even in its > > "incognito mode" that's not supposed to log anything. > > I though most popular download tools do that? Chromium for at least > six years: https://bugs.chromium.org/p/chromium/issues/detail?id=45903 > > Curl for 8 years: > https://github.com/curl/curl/blob/master/src/tool_xattr.c#L55 > > Wget: https://fossies.org/linux/wget/src/xattr.c#60 > > Plasma desktop: > > https://api.kde.org/frameworks/kfilemetadata/html/usermetadata_8cpp_source.html#127 > > Even Fedora already obsoleted Yum: > > http://yum.baseurl.org/gitweb?p=urlgrabber.git;a=blob;f=urlgrabber/grabber.py#l1775 > > And, according to this, Microsoft Skype: > http://blog.manton.im/2017/02/working-with-extended-attributes-in.html > > Firefox is lagging: > https://bugzilla.mozilla.org/show_bug.cgi?id=665531 > > I consider it standard in GNU/Linux (for years!), so why bring it up now? >
Well, I did not know about the misuse of xattr to do stuff like that (but I always ensure xattr are disabled). In times of "lawful inspection" this is an absolute no-go. Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
