Hacker News: kovariantenkak

New comment by kovariantenkak in "uBlock Origin Lite now available for Safari"

kovariantenkak — Wed, 06 Aug 2025 13:35:11 +0000

Thank you for the explanation! That makes sense now.

I'm still confused about what level of access is given to the extension and what using the extension means. Clicking on the extension asks for access to the current website, so I'm assuming that without giving access there or clicking "Always Allow on Every Website..." in the Safari settings, the extension does not have access to the web page contents.

Basic filtering claims to not require permission to read the web page data. But the extension is still used and does content filtering right?

Maybe this is more of a comment on Safaris weird terminology in the permission settings.

New comment by kovariantenkak in "uBlock Origin Lite now available for Safari"

kovariantenkak — Tue, 05 Aug 2025 09:31:09 +0000

That does not answer the question in any way. Especially, since it claims to use zero CPU when active and because iOS ad blocking works differently.

New comment by kovariantenkak in "uBlock Origin Lite now available for Safari"

kovariantenkak — Tue, 05 Aug 2025 09:30:29 +0000

And then am I using it if I'm loading the extension by interacting with it? Because simply enabling it will not give it access to the webpage.

New comment by kovariantenkak in "uBlock Origin Lite now available for Safari"

kovariantenkak — Tue, 05 Aug 2025 09:20:45 +0000

From the permissions in Safari:

> Web Page Contents and Browsing History - Can read and alter sensitive information on web pages, including passwords, phone numbers and credit cards, and see your browsing history on the current tab's web page when you use the extension.

What does it mean for me to use the extension? Am I using it if it is installed?

New comment by kovariantenkak in "WhatsApp introduces ads in its app"

kovariantenkak — Mon, 16 Jun 2025 20:41:01 +0000

Fun fact: For the first few years WhatsApp didn't have any encryption whatsoever. It took public pressure for them to even add TLS.

A massive oversight on the authors part and completely missing the point of early WhatsApp as first status update application and then SMS replacement.

New comment by kovariantenkak in "0-click deanonymization attack targeting Signal, Discord, other platforms"

kovariantenkak — Tue, 21 Jan 2025 18:21:12 +0000

Looking at the locations where Cloudflare has their servers [1] in the middle of Europe. With Geneva, Zurich and Munich there is definitely the possibility that this attack on Signal will leak whether someone is at home or not.

I don't understand how Signal could dismiss this so easily. I'm starting get a bad feeling about their responses to these "low" stakes attacks. They already missed the ball on the database encryption mishap on desktop.

[1]: https://www.cloudflare.com/network/

New comment by kovariantenkak in "MLAT order from Luxembourg for Signal user data"

kovariantenkak — Mon, 08 Nov 2021 18:24:58 +0000

Signal has access to more data than they would like you to believe. Each account at Signal is identified by a phone number or an UUID. This account also contains a [list of devices](https://github.com/signalapp/Signal-Server/blob/c21eb6aa5098...). Each of the devices has some uinteresting metadata assigned to it, but more importantly it links to a specific Android or iOS device through the [push token](https://github.com/signalapp/Signal-Server/blob/c21eb6aa5098...). This gives the authorities a link to an account at Google or Apple which then of course contains much more data.