Linked by Thom Holwerda on Thu 23rd Sep 2010 21:36 UTC, submitted by google_ninja
Internet & Networking Now this is a subject sure to cause some discussion among all of you. LifeHacker's Adam Pash is arguing that Chrome has overtaken Firefox as the browser of choice for what he calls 'power users'; polls among LifeHacker's readership indeed seem to confirm just that. He also gives a number of reasons as to why this is the case.
Permalink for comment 442595
To read all comments associated with this story, please click here.
RE[7]: I need NoScript
by google_ninja on Fri 24th Sep 2010 21:18 UTC in reply to "RE[6]: I need NoScript"
google_ninja
Member since:
2006-02-05

you are talking about CSRF and XSS. Any site that gets you with XSS you are probably going to whitelist anyways (like google or facebook), and if you are blocking authentication cookies already, CSRF completely goes away.

As for tracking cookies, unless you release your ip every time you visit a site, who cares if they cookie you? It is not like cookies magically break privacy, all that data is available server side. The only difference is they are able to tell that you are the same person if your ip changes, that is it.

You are right that javascript is a part of CSRF and XSS attacks, but not checking "keep me signed in" on sites you actually care about completely eliminates CSRF, and like I said before, if it is a good site to do an XSS attack on, it is probably a site you have whitelisted anyways.

Extensions like what you are talking about basically play on the fears of people who know just enough to realize the implecations, but not enough to fully understand the concerns.

Reply Parent Score: 2