Was he on in between Ivermectin and DMT enthusiasts? Not that MDMA treatments are definitely bunk, but Doblin seems like he's promoting himself as much as he's interested in helping people.
Thanks! This sort of "deno"-fies Node, but in my opinion it's a bit smarter. With Deno, it's an all or nothing approach where 3rd party libraries still have the same access as the main application.
Hagana is still not at the stage where it's fully ready to block all attacks, there's still work to be done, but I do want to be transparent about the approach taken so that the open source community can create issues that show sandbox breakouts (as someone already has).
Eventually it'll get to the point where the security will be tight enough that having it open source won't make a difference.
Additionally, even having this rudimentary protection is still more effective at blocking generic supply chain attacks than not having any protection at all.
I've given this exact question some thought. I think that the only real way to make sure this doesn't happen is by not allowing any 3rd party packages into the codebase. That means any package I want to install will have to be manually copied over. Granted, that this isn't the state now in the repo since I wanted to get to a POC phase as quickly as possible, but it's something I'm going to do.
The problem with a lot of these attempts at fingerprinting prevention is that they cause additional data which can be used to more accurately fingerprint users.
getImageData() is blocked - datapoint
Any detectable difference from what a “regular” browser would return is another point of entropy.
However, the accuracy of device fingerprinting with `getImageData()` is as far as I can tell a lot higher than the accuracy from trying to fingerprint people based on whether they're returning blank data from that call.
If turning off a feature reveals a new 3 bits of information, but leaving it on would have revealed 5 bits, then it's still probably a good idea to turn it off.
Again, not to say that people shouldn't care about those 3 bits, they should. But it's not necessarily a waste of time even if a site tries to use anti-fingerprinting as its own metric. It only becomes a waste of time if the anti-fingerprinting is more unique than leaving the holes open.
Yup, I agree with you about this. It’d be interesting to do a deep dive into a library like FingerprintJS and see what has the most weight in terms of uniqueness. Maybe getImageData is worthwhile blocking, but perhaps other APIs will increase the amount of entropy.
At the moment it’s not the default though. So people who enable this feature will, ironically be more unique and therefore more accurately fingerprintable.
There are sects (like the ultra orthodox) who don't use Sabbath mode specifically for this reason. They say that the added weight causes the elevator's motor to work harder thereby desecrating the Sabbath.
A prohibition on "creation" is over-broad. Any action taken purposefully can be considered an act of creation. That would include choosing to adhere to the law (thus creating a world where there is more compliance with the law) even if that takes the form of deliberately doing nothing.
The only way I can think of to completely avoid creating anything would be to remain unconscious the entire time, thus preventing yourself from making any choices.
Yes, that is understood. My point was that if the intention was to prohibit "acts of creation" then the official list is woefully incomplete, and rather arbitrary; other acts which could equally well be considered "creation" under the same reasoning are not prohibited. (Mostly IMHO because if said reasoning were applied consistently it would be impossible to follow the law, regardless of what one did or did not do.) It leaves the impression that "creation" is merely an excuse or after-the-fact rationalization, not the actual reason for the prohibition.
