You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.86K Posts
- 71.9K Comments
- Modlog
I’m not going to tell you what to use instead, but how you make the judgement for yourself: audit the code yourself
The source code is linked right there, and you don’t need trusting someone to make the call. You’re making the call. Mind you, the actual add-on installed from Mozilla Add-Ons might contains different code then what shown in the repo. I never release any add-ons so that is just a wild guess and a hint possibility this could happen.
To give you an head start: look for URLs and any encoded strings in all files, be it Base64 or something else. And follow them to find out why there it is there, how is it triggered, etc. Same goes for encoded strings with the added question: what was encoded within.
Still, that is just the basic, and I’m not too into JavaScript but there could be other ways of hiding information, like in an image file via steganography.
@umami_wasbi @Alb087 auditing code is complicated, not everyone will know how to do that, and even the people who do can miss a lot
Yes, but we are not auditing security or cryptography implementation.
Instead, the goal is get a sense how it works, and look for suspicious codes or have if parts hidden (encoded) and doesn’t want people to know. That’s relatively way easier than a serious audit.
I think you greatly overestimate the average person’s ability to understand even the most basic code. Let alone in multiple languages.
Really? Maybe I got too used to it.