Comment by b3lvedere
4 days ago
"Since looking into it, I noticed that uBlock Origin already has the default list "Block Outsider Intrusion into LAN" but it wasn't enabled."
Never knew that this existed. Thank you!
4 days ago
"Since looking into it, I noticed that uBlock Origin already has the default list "Block Outsider Intrusion into LAN" but it wasn't enabled."
Never knew that this existed. Thank you!
Checking out the initial request on github for this feature I wonder why is this necessary? What access to the local network does the browser provide, or need to provide, and why isn't this something developers are more concerned about? I had a feeling this was possible as I see lots of mdns requests when I connect to certain things running sockets.
https://github.com/uBlockOrigin/uAssets/issues/4318
There are certainly use cases, but whether they’re warranted is a good question.
One popular router maker offers a ‘magic URL’ (domain name) that scans your network for the gateway management page, and redirects. It’s not necessary, but it certainly helps novice users. Having worked in IT support,
I’ve also purchased hardware devices that have a web management UI; which connects directly instead of proxying through a cloud.
Ultimately this is probably one thing that should be behind a permission request (like webcam access), but it’s not a feature without value.
It's being looked at.
https://bugzilla.mozilla.org/show_bug.cgi?id=1481298
7 year old ticket updated and prioritized because of https://localmess.github.io/
1 reply →
I’m flabbergasted that this is even allowed. Who thought it was a good idea to allow any web page you visit to access your local network?
Internal apps on non-private IP addresses occasionally use this. There is a standard called Private Network Access[1] that requires these requests to have preflights like CORS requests. Only Chrome has implemented it so far.
[1]: https://wicg.github.io/private-network-access/
Why though? What is the use case that demands this? It'd better be a real pressing need because the security risks are immense and obvious. This is a backdoor to every network firewall.
7 replies →
Massively improved my security posture with this. Thanks all!
Likewise I didn't know it existed, but it was enabled on my laptop and mobile browsers.
Is that available in lite version too? Now that the origin js being phased out
… or you can instead phase out those browsers who try to force blocker restrictions i.e. spyware on you (e.g. chrome and such), and use one of the browsers where you can use the full-featured (not "lite") uBlock Origin instead, e.g. Firefox.
Firefox might be an okay browser, but that would imply supporting Mozilla.
I've been meaning to switch to Vivaldi. Just as soon as the onboarding dialog stops crashing.
4 replies →
It’s only being phased out on Chrome, by Google.
Yes, to make us safer, now you enable developer mode and disable signature checking to install it locally, thanks Google
5 replies →
You can't change browser? Or is there something bigger happening?
Not everyone wants to change browsers.
1 reply →
Just checked, and it seems like it is. Not enabled by default for some reason.
It is not being phased out for Firefox.