Privacy

33192 readers

668 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Chrome will limit access to private networks, citing security reasons (therecord.media)

submitted 3 years ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

all 6 comments

sorted by: hot top controversial new old

[–] [email protected] 8 points 3 years ago* (last edited 3 years ago)

Being a network security specialist, I'll ask these basic questions:

what's the universal definition of a private network?
does this measure make sense in IPv6 within the global scope?
is it the responsibility of the browser to secure against DNS rebinding?

My answers to these questions are:

there is no universal definition, so this approach is doomed by design
no
heck, no; that's the job of the webserver, by avoiding the so-called default virtual host. The Host/:authority header should always be verified, and this is sufficient to counter all forms of DNS rebinding.

[–] [email protected] 5 points 3 years ago

It's about time, attackers can extract quite a bit of data about the local network via the browser. It's pretty easy to identify appliances and home routers given someone stays on a site long enough.

[–] [email protected] 5 points 3 years ago

There is pretty much no legitimate reason that a site from the internet should access the local network.

The only exception I've seen to this is Synology having a NAS finder webapp where it searches your local network for a Synology device and tells you the IP address. But that's a tiny niche use case and there are other ways of finding it that doesn't involve a website (the device broadcasts its identity and has a hostname FFS). Any open source IP scanner will find it instantly, or in many networks you can just type in the hostname into your browser like a domain.

[–] [email protected] 2 points 3 years ago

I thought this was something that they already patched. Good on Google this time

[–] [email protected] 0 points 3 years ago

Hmm. Will this affect say a web3 wallet talking to hardware wallet?