A real innovation from the Bitcoin world! There are several physical password store systems that they have suggested for this kind of use case. The simplest is basically using a nail to punch out a password onto a piece of sheet metal.
Nothing says you cannot trivially encode the paper password. Those in the know understand that you need to append “BoomShakalaka”, replace “A” with “Q”, or some other super simple modification to what is recorded.
Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.
I've thought about making a "word search" and embedding the passphrase in it using a pattern (e.g., a subset of a Knight's tour, a space-filling curve overlay, or some other sampling algorithm).
If you add an explicit reminder to check the email where you explained the modification, then the idea seems solid. Tough at that point put half the password on paper and send the other half to a whole bunch of trusted people.
No. Firefox always randomizes the extension ID used for URLs to web accessible resources on each restart [1]. Apparently, manifest v3 extensions on Chromium can now opt into similar behavior [2].
That's a different form of defense. The original claim in this thread was that LinkedIn's fingerprinting implementation was making cross-site requests to Chrome Web Store, and that they were reading back the response of those requests.
Firefox isn't susceptible to that, because that's not how Firefox and addons.mozilla.org work. Chrome, as it turns out, isn't susceptible to it, either, because that's also not how Chrome and the Chrome Web Store work. (And that's not what LinkedIn's fingerprinting technique does.)
(Those randomized IDs for content-accessible resources, however, do explain why the technique that LinkedIn actually uses is is a non-starter for Firefox.)
An additional improvement added in manifest v3 in both Chromium and Firefox is that extensions can choose to expose web accessible resources to only certain websites. Previously, exposing a web accessible resource always made that resource accessible to all websites.
It doesn't work. The person who posted the comment you're responding to has absolutely no idea what he's talking about. He confabulated the entire explanation based on a single misunderstood block of code that contains the comment «Remove " - Chrome Web Store" suffix if present» in the (local, NodeJS-powered) scraper that the person who's publishing this data themselves used to fetch extension names.
From memory from working with these a couple of years ago:
Firefox extension asset URLs are random and long (there's a UUID in there iirc). The extension itself can discover its randomized base so that it can output its asset URLs, but webpage code can't.
It probably also costs nothing to make. The CIA maintains dedicated analysts monitoring the world. Have those guys kick out a public report every once in a while sounds like the cheapest possible program.
AFAIK, you can tell someone today, “Get out” without prior notice, but then you have to continue to pay them for the duration of the WARN period.
Regarding this story, this situation only exists because companies have gotten so secretive about layoffs. I have been through multiple rounds in the past few years and management loves to dance around the issue. No hard numbers on people cut, the teams, or even the dates when it will be effective. No surprise that those with the ability sought to get hard data on the scope of the action.
I also enjoy how the company framed this as practically hacking people’s PII, but I can believe it just took querying the internal company directory for some key metadata. Recently added to the “TO-BE-CUT” OU or something.
This is what every company I've been at does. They fire and give severance during the WARN period. Nobody will ever give you a list of who was laid off at any company I've worked at. You would just have to.. figure it out
What I meant was that I thought this information was required to be sent to the government and public via something like a FOIA request, so this was always available to anyone motivated.
My experience with how companies administer the layoffs has been the same as yours.
It was a somewhat recent discovery that there were animal reservoirs escaping detection. Carter had hoped to outlive the worm, but it was thought that the animal pools were going to make full eradication take an additional 20 years.
reply