Vivaldi's biggest security vulnerability: the Chrome store

  • @purgat0ri said in Vivaldi's biggest security vulnerability: the Chrome store:

    but I personally don't think it would be too great a loss if 90% of the cruft currently occupying the store were to disappear.

    And yet, this exact scenario would still have played out. That's the point. Even when you've significantly reduced users choices, and put up barriers to entry, the exact same problem exists, and you still haven't taken away the burden from the user needing to do their own research and determine whom they want to trust. Being open source, being developed by formerly trustworthy developers, etc. malware still creeps in, even in the absence of a change in ownership (see NoScript). Your 90% reduced store being safe is an illusion. The same risks still exist, and users still have to do the same work.

    @luetage said in Vivaldi's biggest security vulnerability: the Chrome store:

    Even if someone audits the code, you can never be sure they made a good enough job and didn’t overlook something. The only way to make sure an extension is 100% safe is to audit every bit of code yourself – initially and after every update. Don’t know whether you are capable of that. Anyhow, the only realistic option remaining is to forego the use of extensions and being content with the inbuilt tools Vivaldi provides.

    Exactly. And nobody is, certainly not while keeping up-to-date. It will always be on users to keep themselves aware of the third-party tools they use and determine their own level of risk vs reward, no matter what controls are put in place. Security & privacy cannot be offloaded.

  • I've been sufficiently inspired by this thread that i finally got up off my lazy big fat donkey & conducted a fastidious audit of my devices here. I'm proud to be able to state that:

    1. I removed all the red beads from my abacus -- always thought they might have been suss.
    2. Ripped out, shredded & burnt the natural-log pages from my log-tables book -- they're not fooling me any more with their claims that what they got up to when i wasn't looking was natural.
    3. Permanently removed the K-scale from my slide-rule. It fooled me once, but will never again pull the wool over my eyes; i know it was passing on secrets to the D-scale.

  • I already made my point about making the perfect the enemy of the good. It's pointless to wear a seatbelt because you could get hit by a train or spontaneously combust. Adios.

  • And I'm saying, it's not even good. There's no benefit but the warm fuzzy feeling, users still have to do the exact same work. This exact scenario would still happen. The difference is less choice for users, and more barriers for authors. Hasta luego.

  • @BoneTone Are you deaf? I said ADIOS

  • @purgat0ri said in Vivaldi's biggest security vulnerability: the Chrome store:

    What is the way forward for Vivaldi?

    Short term: Just give the user a warning about the dangers of extensions, and the Chrome store's lack of vetting, when he brings up the Chrome store. Or something. Long term: Get a Vivaldi extension store, or collaborate with other browsers (such as Brave and Edge) to make an extension store.

  • @Eggcorn Would the advice differ in the exceptionally unlikely possibility of a female user?


  • @Steffie I say "he" not "he or she". Much as I say "actor" not "actor or actress". And "doctor" not "doctor or doctress".

    And no, I'm not making the word "doctress" up. That's actuality the feminine form of the masculine "doctor". But in English, the masculine form usually doubles as the gender-neutral form.

  • @Eggcorn said in Vivaldi's biggest security vulnerability: the Chrome store:

    But in English, the masculine form usually doubles as the gender-neutral form

    Yep, ask any fine member of the =< 20th century patriarchy, & they'll affirm that view. Now ask 21st century women what we want.

  • @Steffie I guess you're right, I really should get with the 21st century. Time I started saying "he or she", "actor or actress", etc.

    But come to think of it, even that's problematic. "or" is the masculine suffix, and "ess" is the feminine. So I'm being inclusive of both men and women that way. But I'm still excluding agender people (along with the aporagender, androgyne, maverique, etc.). What's the suffix for that?

    In case it isn't obvious: I'm joking (though those are all real gender identities, if Healthline is to be believed). But seriously: I think we're just going to have to agree to disagree here.

  • @Eggcorn Use "they", it's simple. Yes, of course the strict Olde Worlde grammar rules mandated that exclusively a plural pronoun, but for the past two decades [hence i don't understand why this is news to you] it has been repurposed as a respectful gender-neutral pronoun as well. Similarly when one is communicating with someone unknown to them, whose self-declared gender identity is unknown to the interlocutor, it is respectful not to presume their gender, so again "they, their" etc is used... until & unless the other party declares their hand.


  • @Steffie We could continue this talk in PM, if you'd like. We do have PMs here, right? I'm new here.

  • @Eggcorn The forum software supports PMs of a kind, but IMO it's quite inferior compared to eg the Discourse s/w used on some other fora.

    That said, atm i'd prefer not doing one with you, as it's pointless. Via my own words + the conversation in the link i gave you [+ ample references in the general internet] i've said my piece. You either now understand & accept it, or you don't. If the former, then that's cool & "case closed". If the latter, then clearly nothing else i could say would change your mind, in which case i prefer distance from such people.

    Best wishes either way.

  • - Ambassador -

    @Steffie , language is what it is and the genre of words has nothing to do with machism nor discrimination, but only people's actions and how they use this words (hemoglobin/shemoglobin?)
    OT off

Log in to reply

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.