Follow

Trans Internet Security Risk Show more

Β· Web Β· 27 Β· 196 Β· 149

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Re: Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

@mxsiege hmmm at least they're using something called a "bloom filter" so that even if i download the extension, there's literally no way for me to see what's been flagged - i can check if a given page is flagged or not, but it's mathematically impossible to extract a list.

the big issue is that everything submitted as flagged goes to this person's server! otherwise they actually did an admirable amount of work to hide the actual lists from potential bad actors that just download the extension and look at the internals.

@er1n Does the filter stop a bot from being able to just scrawl through facebook and save accounts of anyone who is tagged green?

@mxsiege it would be possible, but to extract a full list you'd have to feed the URL of every account on facebook into the bloom filter. it might be feasible to brute-force, but my suspicion is that the usage of this extension is so small that it would take forever to find actual positive results

@mxsiege again i'm much more concerned with all the flags being submitted to the extension developer's server

trans internet security risk Show more

@er1n @mxsiege realistically you'd need to have a huge list of profile URLs from any sites targeted by this extension

that's the kind of thing security researchers do when they're bored and then throw up on Bittorrent https://www.pcworld.com/article/202126/100M_Facebook_Profiles_Now_Available_For_Download.html (for example, likely too old to be much use now)

https://www.reddit.com/r/datasets/ is one good place to start looking

re: Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

re: Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Trans Internet Security Risk Show more

Sign in to participate in the conversation
Octodon

Octodon is a nice general purpose instance. more