[oS-EN] Firefox profile contamination - security or data contamination issue.
Hi, I separate different tasks by using independent profiles in firefox. For example with my normal profile I never login to Google, and I use a special FF profile to login to Google. That way, when I search something google can not associate with my mail. Well, something is very wrong today. Using my normal profile, not logged in to google: https://paste.opensuse.org/pastes/43477dee9ff5 This is a youtube opened days ago. You can see the "sign in" prompt at the top right. This is the normal state of things. But today, opening the same site in youtube (or any site), I get this: https://paste.opensuse.org/pastes/d164bf9defd5 Notice the icon at the top right, that's my avatar. Also, there is the notification icon, and the menu at the top left opens with my subscriptions listed (there should be no subscriptions if I am not logged in). However, the avatar or the bell icons do not respond to click. "Subscriptions" menu does respond. In fact, this moment I don't have any FF window open with the google profile. There is one open on another computer. Seems that google is collating all firefoxes open on the same IP, the house router IP. Or firefox fails to separate profiles on disk since the last update. This is scary. -- Cheers / Saludos, Carlos E. R. (from Telcontar, using openSUSE Leap 15.5)
Oh, yes, right on their primary page they tout themselves as "Firefox Browsers; Get the browser that puts your privacy first — and always has"; but then there's Mozilla Privacy Policy<https://www.mozilla.org/en-US/privacy/> where their real policy is obfuscated. Leslie On 2024-05-09 12:11:01 Carlos E. R. wrote:
Hi,
I separate different tasks by using independent profiles in firefox. For example with my normal profile I never login to Google, and I use a special FF profile to login to Google. That way, when I search something google can not associate with my mail.
Well, something is very wrong today. Using my normal profile, not logged in to google:
https://paste.opensuse.org/pastes/43477dee9ff5
This is a youtube opened days ago. You can see the "sign in" prompt at the top right. This is the normal state of things. But today, opening the same site in youtube (or any site), I get this:
https://paste.opensuse.org/pastes/d164bf9defd5
Notice the icon at the top right, that's my avatar. Also, there is the notification icon, and the menu at the top left opens with my subscriptions listed (there should be no subscriptions if I am not logged in).
However, the avatar or the bell icons do not respond to click. "Subscriptions" menu does respond.
In fact, this moment I don't have any FF window open with the google profile. There is one open on another computer.
Seems that google is collating all firefoxes open on the same IP, the house router IP. Or firefox fails to separate profiles on disk since the last update.
This is scary. -- Platform: Linux Distribution: openSUSE Leap 15.5 - x86_64
Thu, 9 May 2024 15:58:53 -0500 J Leslie Turriff via openSUSE Users <users@lists.opensuse.org> :
Oh, yes, right on their primary page they tout themselves as "Firefox Browsers; Get the browser that puts your privacy first — and always has"; but then there's Mozilla Privacy Policy<https://www.mozilla.org/en-US/privacy/> where their real policy is obfuscated.
Leslie
Before Google bought it Youtube allowed one to have several unlinked accounts (which is a must nowadays) but as soon as Google bought them out they put an end to that. Mozila is doing the same for similar if not identical reasons and IMO the entire 'unwielding' (read not EASILY managable in a file manager) profile circus is a part of it.
On 2024-05-09 17:10:41 bent fender wrote:
Thu, 9 May 2024 15:58:53 -0500
J Leslie Turriff via openSUSE Users <users@lists.opensuse.org> :
Oh, yes, right on their primary page they tout themselves as "Firefox Browsers; Get the browser that puts your privacy first — and always has"; but then there's Mozilla Privacy Policy<https://www.mozilla.org/en-US/privacy/> where their real policy is obfuscated.
Leslie
Before Google bought it Youtube allowed one to have several unlinked accounts (which is a must nowadays) but as soon as Google bought them out they put an end to that. Mozila is doing the same for similar if not identical reasons and IMO the entire 'unwielding' (read not EASILY managable in a file manager) profile circus is a part of it.
Yes. I never use any of the social media sites as login credentials for other sites. I still have a Facebook account, but hardly ever use it because it's so user unfriendly. I use both privacy-badger and privacy-possum in Firefox, and privoxy as an external adblocker. If you look through the about:config entries in Firefox there are an amazing number of URLs to be disabled in pursuit of privacy. I strongly resent Mozilla's practice of hiding configuration controls there, giving them nonsensical names, and refusing to document their meanings; this is the way to make a user-friendly software package? Leslie -- Platform: Linux Distribution: openSUSE Leap 15.5 - x86_64
Am 09.05.24 um 19:11 schrieb Carlos E. R.:
Hi,
I separate different tasks by using independent profiles in firefox. For example with my normal profile I never login to Google, and I use a special FF profile to login to Google. That way, when I search something google can not associate with my mail.
Well, something is very wrong today. Using my normal profile, not logged in to google:
https://paste.opensuse.org/pastes/43477dee9ff5
This is a youtube opened days ago. You can see the "sign in" prompt at the top right. This is the normal state of things. But today, opening the same site in youtube (or any site), I get this:
https://paste.opensuse.org/pastes/d164bf9defd5
Notice the icon at the top right, that's my avatar. Also, there is the notification icon, and the menu at the top left opens with my subscriptions listed (there should be no subscriptions if I am not logged in).
However, the avatar or the bell icons do not respond to click. "Subscriptions" menu does respond.
In fact, this moment I don't have any FF window open with the google profile. There is one open on another computer.
Seems that google is collating all firefoxes open on the same IP, the house router IP. Or firefox fails to separate profiles on disk since the last update.
This is scary.
I use different browsers for different groups of tasks. Anyway there is no safe place. Remember "1984" where the supposed safe place was the most controlled. [conspiracy bs but..] I sometimes ask myself what our OS must offer to US-american surveillants to be able to continue to exist. [/conspiracy bs but..] -- Daniel Bauer photographer Basel Málaga Twitter: @Marsfotografo (often explicit nudes) https://www.patreon.com/danielbauer https://www.daniel-bauer.com (nudes)
On 2024-05-10 14:35, Daniel Bauer wrote:
Am 09.05.24 um 19:11 schrieb Carlos E. R.:
Hi,
I separate different tasks by using independent profiles in firefox. For example with my normal profile I never login to Google, and I use a special FF profile to login to Google. That way, when I search something google can not associate with my mail.
Well, something is very wrong today. Using my normal profile, not logged in to google:
https://paste.opensuse.org/pastes/43477dee9ff5
This is a youtube opened days ago. You can see the "sign in" prompt at the top right. This is the normal state of things. But today, opening the same site in youtube (or any site), I get this:
https://paste.opensuse.org/pastes/d164bf9defd5
Notice the icon at the top right, that's my avatar. Also, there is the notification icon, and the menu at the top left opens with my subscriptions listed (there should be no subscriptions if I am not logged in).
However, the avatar or the bell icons do not respond to click. "Subscriptions" menu does respond.
In fact, this moment I don't have any FF window open with the google profile. There is one open on another computer.
Seems that google is collating all firefoxes open on the same IP, the house router IP. Or firefox fails to separate profiles on disk since the last update.
This is scary.
I use different browsers for different groups of tasks.
Anyway there is no safe place. Remember "1984" where the supposed safe place was the most controlled.
The thing is, it has worked for many years. Anyway, I cleaned cookies and it is working again... -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective?
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective? To get people who should know better to reply to the message, thus
On 2024-05-29 15:40, bent fender wrote: perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
On 2024-05-30 00:21, Darryl Gregorash wrote:
On 2024-05-29 15:40, bent fender wrote:
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective?
Possibly they get paid for success in posting.
To get people who should know better to reply to the message, thus perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
No, the address must be real to pass the hyperkitty auth. Soon discarded. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
On 2024-05-29 19:13, Carlos E. R. wrote:
On 2024-05-30 00:21, Darryl Gregorash wrote:
To get people who should know better to reply to the message, thus perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
No, the address must be real to pass the hyperkitty auth. Soon discarded.
I think that meets the definition of a throwaway, does it not?
On 2024-05-30 00:21, Darryl Gregorash wrote:
On 2024-05-29 15:40, bent fender wrote:
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective?
Possibly they get paid for success in posting.
To get people who should know better to reply to the message, thus perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
No, the address must be real to pass the hyperkitty auth. Soon discarded. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
Wed, 29 May 2024 16:21:53 -0600 Darryl Gregorash <raven@accesscomm.ca> :
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective? To get people who should know better to reply to the message, thus
On 2024-05-29 15:40, bent fender wrote: perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
I sent out a reply with words to this effect yesterday but it seems to have vanished. Sylpheed gives me options to send to - All - Sender - Mailing-List On this list I always select the last one but very often it ends up not being the actual "To;". I mostly catch in in the act when I notice that the destination is not users@lists.opensuse.org but when I see that it is in fact users@lists.opensuse.org then I don't always look for a cc addressee as well.
Thu, 30 May 2024 07:22:02 -0400 bent fender <slowroller@trixtar.org> :
Wed, 29 May 2024 16:21:53 -0600 Darryl Gregorash <raven@accesscomm.ca> :
Wed, 29 May 2024 21:24:34 -0000 Alex Northrop via openSUSE Users <users@lists.opensuse.org> :
Academic essay help is crucial https://speedypaper.com/blog/how-to-make-an-essay-longer for students. For inspiration, explore many excellent process papers ideas. Effective writing content creation involves planning, organizing, and revising to ensure clarity and coherence in your essays.
I suspect not only that there isn't a single list addressee who will bite on this spam bait but also that the spammer knows this full well. That leaves what as a possible objective? To get people who should know better to reply to the message, thus
On 2024-05-29 15:40, bent fender wrote: perpetuating it and giving it more exposure. I'm curious as to why you cc'ed the sender. It's most likely a throwaway address, and its purpose is what -- perhaps to harvest active email addresses for various nefarious purposes?
I sent out a reply with words to this effect yesterday but it seems to have vanished. Sylpheed gives me options to send to
- All - Sender - Mailing-List
On this list I always select the last one but very often it ends up not being the actual "To;". I mostly catch in in the act when I notice that the destination is not users@lists.opensuse.org but when I see that it is in fact users@lists.opensuse.org then I don't always look for a cc addressee as well.
As I looked deeper I just saw that the missing reply actually went out to Patrick only although I had clicked Mailing-List; similarly THIS message which I also initiated the same way was actually addresed to myself only so I edited it to users@lists.opensuse.org
On 2024-05-30 13:57, bent fender wrote:
Thu, 30 May 2024 07:22:02 -0400 bent fender <slowroller@trixtar.org> :
I sent out a reply with words to this effect yesterday but it seems to have vanished. Sylpheed gives me options to send to
- All - Sender - Mailing-List
On this list I always select the last one but very often it ends up not being the actual "To;". I mostly catch in in the act when I notice that the destination is not users@lists.opensuse.org but when I see that it is in fact users@lists.opensuse.org then I don't always look for a cc addressee as well.
typo? not users@lists.opensuse.org but users@lists.opensuse.org?
As I looked deeper I just saw that the missing reply actually went out to Patrick only although I had clicked Mailing-List; similarly THIS message which I also initiated the same way was actually addresed to myself only so I edited it to users@lists.opensuse.org
-- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
participants (6)
-
Alex Northrop -
bent fender -
Carlos E. R. -
Daniel Bauer -
Darryl Gregorash -
J Leslie Turriff