Technology

37712 readers

538 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

Los@beehaw.org

coldredlight@beehaw.org

remington@beehaw.org

New GitHub user and extension developer claims Twitch’s website has malware (github.com)

submitted 11 months ago* (last edited 11 months ago) by Aatube@kbin.social to c/technology@beehaw.org

12 comments fedilink hide all child comments

https://github.com/uBlockOrigin/uAssets/issues/5184#issuecomment-1829172308

Twitch is a dangerous website, the extension probably won't be back. They could still easily target you at any time and you are just lucky they are sending ads. After some time of using the extension twitch will react and become even more toxic.

Twitch even has a network sniffer in its source code (among other things), its so much worse than just ads, some of these experiments are basically malware/pup that no-one would install on their device willingly, these instances aren't just left over code from some library they are deliberately crafted experiments that are present in the active code path.

you are viewing a single comment's thread
view the rest of the comments

[–] h3ndrik@feddit.de 10 points 11 months ago (3 children)

And, is that true?

[–] BlackEco@lemmy.blackeco.com 15 points 11 months ago* (last edited 11 months ago) (1 children)

MostlyJustBored's account is 3 weeks old with no history. We should take whatever they say with a grain of salt.

[–] SnotFlickerman@lemmy.blahaj.zone 12 points 11 months ago* (last edited 11 months ago) (3 children)

Or we could take a look at the javascript ourselves, like they say to do?

Everyone's asking for a writeup, but like... there's not any other JS programmers who could take a look and verify?

Nobody wants to trust this guy, but also nobody wants to do the legwork to verify it.

[–] BlackEco@lemmy.blackeco.com 16 points 11 months ago (1 children)

Most JS shipping on the web is minified, with variables renamed to random names, you can't just open it and search for maliciousFunction.

Also their claim of Twitch doing network sniffing in a browser should be impossible unless Twitch has found and is actively exploiting a security flaw in modern web browsers.

[–] Moonrise2473@feddit.it 5 points 11 months ago

Technically, twitch could sniff all the traffic exchanged with their user. It would be pointless as they already know the content of the transmission, though

[–] i_ben_fine@lemmy.one 10 points 11 months ago

They want the writeup, because the claims are too vague to falsify.

[–] h3ndrik@feddit.de 2 points 11 months ago* (last edited 11 months ago)

Yeah, that's why I asked in the first place. I'm zero interested in the credibility of that person. Just somebody check if it's factual. I'm not a Javascript-person but I bet there are debugging-tools and de-minifiers available. Or just someone press Ctrl+Shift+I and look at the inspector.

Edit: Nevermind. Maybe the credibility of an account sometimes is enough.

[–] PonyOfWar@pawb.social 14 points 11 months ago

Their reason for not going into any details or provide any evidence is that it might be a government plot and they'd get into trouble for sharing it. Sounds like bullshit to me TBH. Just someone looking for attention.

[–] Aatube@kbin.social 2 points 11 months ago

No idea.