Software developer and security researcher, browser extensions expert. / searchable
#infosec #cybersecurty #cryptography #privacy
| Website | https://palant.info/ |
| Pronouns | He/him |
Looks like the Karma connection I’ve been writing about is still quite busy, and Google is still far too inconsistent with taking down their extensions: https://www.xda-developers.com/google-featuring-chrome-extension-months-malicious/
And once again this article shows: people expect that “Featured” badge on extensions to mean something. But it really doesn’t.
Gotta love it how the Internet Archive managed to capture the state of the internet so perfectly, here the Netscape Bug Report Form from 1999: https://web.archive.org/web/19990222143253/http://help.netscape.com/forms/bug-client.html
You would put your email address into the form in the ad frame, right?
This is just to say that Meta/Instagram are wrong in deprecating encrypted direct messages. This change is setting a dangerous precedent. DMs need to be private (and therefore encrypted).
We should not let them get away with it, otherwise more apps and platforms will follow.
So two months ago I’ve published this nice analysis, comparing hundreds of VStarcam firmware versions: https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/. And now I find a firmware dump somebody posted online, and it is version 20.x.x.x?! In all my research I’ve never seen anybody mention version 20.x.x.x, only different variants of 10.x.x.x, 48.x.x.x, 66.x.x.x. I didn’t even know these existed. Worse yet: this firmware dump looks like the one weird outlier than I didn’t even put on the chart because it was so different from everything else. So maybe it wasn’t an outlier but the only instance I found of their newest firmware generation? Ouch, I’m not redoing that analysis… 😓
On a semi-related note: I’ve also seen somebody question the legality of posting firmware dumps online. Which makes sense of course, technically this being unauthorized software distribution. Except: these firmware dumps are invariably Linux-based, meaning that they are subject to GPL even though the vendors tend ignore this fact. With the GPL explicitly giving everybody permission to distribute the software, I wonder how a court would rule in such a case (not that I expect this to ever land in front of a judge).
RE: https://phire.place/@phire/116167753188355563
A few days ago I’ve been asked about Meta’s privacy policy. I’ve summed it up with: “All your data is private unless we can make money from it. And we are very good at finding ways to profit from just about anything.”
So: no, not surprising. If anything, it’s sad that there are still people who expect Meta to respect their privacy.
Chimera Linux
Frederik Braun �
𝒜𝓁𝒾⋆ ♡⃛
