A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Google Enables "Site Isolation" Feature for 99% of Chrome DesktopUsers



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 13th 18, 11:26 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
SilverSlimer
external usenet poster
 
Posts: 56
Default Google Enables "Site Isolation" Feature for 99% of Chrome DesktopUsers

On 2018-07-12 05:37 PM, Anonymous wrote:
*(Don't worry, google is concerned for our privacy.)

https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/


To be honest, it seems like a good idea security-wise.


--
SilverSlimer
Highly recommended: https://kek.gg/u/Tyrm
Ads
  #2  
Old July 14th 18, 03:20 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Anonymous
external usenet poster
 
Posts: 10
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

on 7/13/2018, SilverSlimer supposed :
On 2018-07-12 05:37 PM, Anonymous wrote:
*(Don't worry, google is concerned for our privacy.)

https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/


To be honest, it seems like a good idea security-wise.


I will never trust google to not be somehow spying on us. Anything
produced by google/amazon/facebook that is supposed to be protecting
us, even if it is legitimate, is always going to be just a disingenuous
sop to mask their underlying goal to assuage us into to trusting them
and to get us continue to use their spyware.
  #3  
Old July 14th 18, 05:02 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Wouter Verhelst
external usenet poster
 
Posts: 2
Default Google Enables "Site Isolation" Feature for 99% of Chrome DesktopUsers

On 14-07-18 16:20, Anonymous wrote:
on 7/13/2018, SilverSlimer supposed :
On 2018-07-12 05:37 PM, Anonymous wrote:
*(Don't worry, google is concerned for our privacy.)

https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/


To be honest, it seems like a good idea security-wise.


*I will never trust google to not be somehow spying on us.


That is indeed their business model, yes.

Anything
produced by google/amazon/facebook that is supposed to be protecting us,
even if it is legitimate, is always going to be just a disingenuous sop


I don't think that's correct though.

Yes, Google's business model is "gather as much data as possible on
everyone on this planet". They do not care about your privacy; they'd
rather you didn't either (indeed, that is why I don't use many of their
products, though I do need the phone).

However, they *do* genuinely care about computer security. This site
isolation feature of theirs is something that I think is a good idea in
the face of spectre and meltdown (and friends), and I hope that other
browsers will follow suit (I suspect firefox will, not so sure about others)

That doesn't mean I'll use chrome, though
  #4  
Old July 14th 18, 10:27 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
ayruehfnmduh
external usenet poster
 
Posts: 1
Default Google Enables "Site Isolation" Feature for 99% of ChromeDesktop Users

Anonymous Wrote in message:

I will never trust google to not be somehow spying on us. Anything
produced by google/amazon/facebook that is supposed to be protecting
us, even if it is legitimate, is always going to be just a disingenuous
sop to mask their underlying goal to assuage us into to trusting them
and to get us continue to use their spyware.


Warning! Warning! Warning! This post was generated on a device
using the Chrome OS. Oh damn, did you open it? Now you're
screwed... 8-O
--
  #5  
Old July 15th 18, 04:07 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Anonymous
external usenet poster
 
Posts: 10
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

Nomen Nescio submitted this idea :
In article
SilverSlimer wrote:

On 2018-07-12 05:37 PM, Anonymous wrote:
*(Don't worry, google is concerned for our privacy.)

https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/


To be honest, it seems like a good idea security-wise.


Ditto.

I use google products and services, but I do not use them for
anything that is not already public record.


Like your entire life already!
  #6  
Old July 15th 18, 04:43 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 4,464
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

"Wouter Verhelst" wrote

| However, they *do* genuinely care about computer security. This site
| isolation feature of theirs is something that I think is a good idea in
| the face of spectre and meltdown (and friends), and I hope that other
| browsers will follow suit (I suspect firefox will, not so sure about
others)
|

Sounds fine, but it uses more RAM. (+10-13%
according to Google.
https://security.googleblog.com/2018...isolation.html

)

And how much value does it actually have? What's
the real risk of an attacker getting same-process
(or cross-process) exploitable data from a separate
loaded webpage? Especially if you don't keep numerous
windows/tabs open when you enter a credit card
number online.

Then compare that to a typical webpage where
within that one process are connections to numerous,
shady 3rd parties. Acme.com is not usually the problem.
Rather, the problem is likely to be cross-site scripting
or malicious attacks done through buying ads on the
acme.com page you're visiting. That kind of direct attack
is a far greater risk than malware coming through acme.com
that manages to fish your credit card number out of RAM.
(And even more mitigated for those of us using AMD.)
With something like an ad-based attack someone can
read your credit card number from within that page and
process.

Anyone who cares at all about security (not
to mention privacy) should at least be limiting
script as much as possible and blocking ad servers
in their HOSTS file, as well as blocking 3rd-parties
where possible. The fears of spectre, meltdown
and shared memory exploits in general have been
grossly overdone. It's like worrying that someone
walking by your house might use a telescope to read
your bankbook in a mirror on your wall, while you've
left your front door ajar.

Then of course there's the fact that most attacks
are carried out by even more pedestrian methods.
I read the other day that the hacking of Hillary Clinton's
email was accomplished, at least in part, by the kind
of thing that any office worker should know to look
out for: attachments with names like
clinton-campaign.xlsx.com.



  #7  
Old July 15th 18, 06:02 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Anonymous
external usenet poster
 
Posts: 10
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

I read the other day that the hacking of Hillary Clinton's
email was accomplished, at least in part, by the kind
of thing that any office worker should know to look
out for: attachments with names like
clinton-campaign.xlsx.com.


You also need to remember that this woman is so full of herself that
she is going to automatically click on anything that contains her name.
  #8  
Old July 15th 18, 06:24 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 4,464
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

"Anonymous" wrote

| clinton-campaign.xlsx.com.
|
| You also need to remember that this woman is so full of herself that
| she is going to automatically click on anything that contains her name.

Hillary Clinton? I very much doubt that she
actually clicked on anything. She has staff
for that. And I guess the staff should have
had IT people.


  #9  
Old July 15th 18, 06:41 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
The Natural Philosopher[_2_]
external usenet poster
 
Posts: 22
Default Google Enables "Site Isolation" Feature for 99% of Chrome DesktopUsers

On 15/07/18 18:24, Mayayana wrote:
"Anonymous" wrote

| clinton-campaign.xlsx.com.
|
| You also need to remember that this woman is so full of herself that
| she is going to automatically click on anything that contains her name.

Hillary Clinton? I very much doubt that she
actually clicked on anything. She has staff
for that. And I guess the staff should have
had IT people.


Ah the Clitorall Hinny!

What will we do without that chalk scraping on blackboard voice, and her
high opinion of Democrat voters?

https://vps.templar.co.uk/Cartoons%2...all_hinny.jpeg



--
The lifetime of any political organisation is about three years before
its been subverted by the people it tried to warn you about.

Anon.
  #10  
Old July 15th 18, 09:22 PM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Anonymous
external usenet poster
 
Posts: 10
Default Google Enables "Site Isolation" Feature for 99% of Chrome Desktop Users

The Natural Philosopher brought next idea :
On 15/07/18 18:24, Mayayana wrote:
"Anonymous" wrote

| clinton-campaign.xlsx.com.
|
| You also need to remember that this woman is so full of herself
that
| she is going to automatically click on anything that contains her
name.

Hillary Clinton? I very much doubt that she
actually clicked on anything. She has staff
for that. And I guess the staff should have
had IT people.


Ah the Clitorall Hinny!

What will we do without that chalk scraping on blackboard voice, and
her high opinion of Democrat voters?

https://vps.templar.co.uk/Cartoons%2...all_hinny.jpeg


Hillary begins speech: ‘I’m so tired, I can barely stand’

http://www.theamericanmirror.com/hillary-starts-speech-im-so-tired-i-can-barely-stand/
  #11  
Old Yesterday, 08:05 AM posted to alt.privacy.anon-server,comp.os.linux.advocacy,comp.os.linux.misc,alt.comp.os.windows-10
Wouter Verhelst
external usenet poster
 
Posts: 2
Default Google Enables "Site Isolation" Feature for 99% of Chrome DesktopUsers

On 15-07-18 17:43, Mayayana wrote:
"Wouter Verhelst" wrote

| However, they *do* genuinely care about computer security. This site
| isolation feature of theirs is something that I think is a good idea in
| the face of spectre and meltdown (and friends), and I hope that other
| browsers will follow suit (I suspect firefox will, not so sure about
others)
|

Sounds fine, but it uses more RAM. (+10-13%
according to Google.
https://security.googleblog.com/2018...isolation.html

)


There's always some cost to extra features. I think 10 to 13% is a bit
much, but not surprisingly so.

And how much value does it actually have? What's
the real risk of an attacker getting same-process
(or cross-process) exploitable data from a separate
loaded webpage? Especially if you don't keep numerous
windows/tabs open when you enter a credit card
number online.


Sure, but regular users may not have the background to realize that that
isn't necessarily a good idea.

Then compare that to a typical webpage where
within that one process are connections to numerous,
shady 3rd parties. Acme.com is not usually the problem.
Rather, the problem is likely to be cross-site scripting
or malicious attacks done through buying ads on the
acme.com page you're visiting. That kind of direct attack
is a far greater risk than malware coming through acme.com
that manages to fish your credit card number out of RAM.


The fact that there are other attacks that are more likely does not
negate the fact that site isolation is a good defense against *this*
attack. Are you saying that a browser with defenses against cross-site
scripting *and* the site isolation feature is a worse idea than a
browser with just the defenses against cross-site scripting, in theory?

I agree that there are many holes for cross-site scripting still open,
and that getting those plugged would be great; however, plugging those
holes is not as easy to do as plugging the meltdown/spectre issues.

(And even more mitigated for those of us using AMD.)
With something like an ad-based attack someone can
read your credit card number from within that page and
process.

Anyone who cares at all about security (not
to mention privacy) should at least be limiting
script as much as possible and blocking ad servers
in their HOSTS file, as well as blocking 3rd-parties
where possible.


Well, yes, but that's not something a browser maker can do.

The fears of spectre, meltdown
and shared memory exploits in general have been
grossly overdone.


I agree with that, to some extent, but they are not entirely unfounded
either.

It's like worrying that someone
walking by your house might use a telescope to read
your bankbook in a mirror on your wall, while you've
left your front door ajar.


Not quite.

A malicious site could just start some javascript code that targets one
or more banking sites with a meltdown or spectre-based attack. In more
than 99% of cases it won't find any useful data, but that's the thing
about malicious code; you don't need a huge success rate for it to be
beneficial to the attacker.

The site could start a ServiceWorker[1] if it wanted to be able to
continue the attack even after the user closed the tab in question.

[1] https://developer.mozilla.org/en-US/...ice_Worker_API

Then of course there's the fact that most attacks
are carried out by even more pedestrian methods.
I read the other day that the hacking of Hillary Clinton's
email was accomplished, at least in part, by the kind
of thing that any office worker should know to look
out for: attachments with names like
clinton-campaign.xlsx.com.


For atargetted attack on a specific subject, you would do it that way, yes.

If you just want to get in as many people's bank accounts as possible,
you wouldn't.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 10:23 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2004-2018 PCbanter.
The comments are property of their posters.