My thoughts on Slackware, life and everything

Tag: privacy

Chromium 118 (also ungoogled) is a security update

I uploaded new 64bit packages for Chromium 118.0.5993.70 (also the un-googled variant) for which the sources were released a few days ago. This first release in the 118 series addresses a critical vulnerability (CVE-2023-5218) so it’s wise to upgrade.
As mentioned in a previous blog post, future 32bit package updates will have a lower frequency: one update per month. Google has increased the frequency of its Chromium releases dramatically (one per week) and I just cannot keep up. If you need that 32bit package badly now, you can of course grab the sources and my SlackBuild and build it yourself.

Looking at this 118 major release, one thing you need to be aware of is the changed behavior of “Enhanced Safe Browsing” which you can enable in the browser’s security settings (chrome://settings/security). Probably most of you already have this enabled. This is what changed:

Google will be able to disable an installed browser extension remotely if it determines the extension is labeled as ‘malicious’ and the extension was not installed via the Chrome Web Store.
The browser’s security checks of downloaded online content have been enhanced with so-called ‘deep scanning’ meaning the browser may now ask you for a password to open a protected archive you just downloaded. Note that the scanning occurs in Google’s datacenter – when you enable ‘enhanced safe browsing’ you consent to uploading some of your data to Google for the specific purpose of scanning and analyzing it for malicious content.
Also with ‘enhanced safe browsing’ enabled, the browser will send telemetry data about installed browser extensions using the chrome.tabs API to Google’s servers for analysis. This is meant to improve the “detection of malicious and policy violating extensions”.

It is up to you to decide which way the tradeoff between enhanced security and sharing data with Google works for you. If you don’t feel comfortable with this and you value your privacy, then you need to disable (or not enable) ‘Enhanced Safe Browsing’ in the settings.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Reset The Net – 05 june 2014

ResetTheNet_05jun2014

Did I make you jump by showing the intrusive banner?

Today marks the start of a campaign, called Reset the Net, sponsored by digital rights groups and well-known Internet companies. It is meant to encourage both users of the Internet and companies with an active presence there, to take measures to prevent getting their data snooped by surveillance agencies. The campaign focuses on the promotion of privacy-enhancing tools.

Today’s launch of the campaign is not coïncidentally linked to the first anniversary of the publication of the leaked NSA documents through news articles online and on paper.

Last month saw the HeartBleed bug, today we are confronted with yet another bloody serious leak in OpenSSL., only a few days after the disclosiure of another serious leak in GnuTLS, the OpenSSL alternative. The Internet is never a safe place. Slackware is a fairly sane OS security-wise but the highest risk always comes from the user of that OS.

When you are on-line, act consciously, and think before you do. Guard your privacy and respect that of others. No, Edward Snowden is not a traitor. He sacrificed a lot in order to get the truth out there, and we should have respect for that, too.

Eric

© 2024 Alien Pastures

Theme by Anders NorenUp ↑