Don't take me wrong: I understand security, I have the knowledge
to see why rewriting APIs can be good, I can see why replacing a bad
internal structure with a decent, state-of-the-art one is good.
There is a difference, however, between forcing the developers to
change to the new set of internal functions, and therefore force
people to replace the old add-ons with the new ones -- versus removing
old function calls when new ones aren't yet written and not available,
alienating add-on developers with mediocre communication and inflexibility.
It is not helping that by replacing the old with the new the
browser incidentally loses the flexibility of manipulations the add-ons
have enjoyed, which resulted rich funcionality available from the outside
developers and the core browser was not forced to accumulate millions of
interesting functions which is used by some percent of the users, but
they are indeed very important for that few percent.
So what Mozilla does right now? They are rewriting the internals
to be faster and more secure. While doing it they create new internal
access (API) for addons to be able to do their magical work within the
browser; except, they haven't created all of the old APIs and
recreated some (well, due to the new structure some say many)
APIs with much less functionality. They started to remove the old APIs.
When plugin developers complained that their old code stop working and
it's not possible to write new one since there is no API for that the
mozilla developers said "your problem, not mine" (well, often they
simply said "fuck off" in various forms, but it's just the difference of
style, really, same thing). So some developers of really important, or some really well
written plugins said "sorry, there's no happy feeling to write this
stuff anymore, I'm gone". Since, you have to see, these developers
wrote code for good feeling, not money. No good feeling, no code.
Let me show you an example. There was a feature in mozilla which
grouped the various tabs in tab groups, then was able to display a
quick overview of tabs to pick from; it's essential when you work
with large amounts of tabs. Then the core developers said "well we don't
use it so you shouldn't either" and removed the feature and said "well
this is Firefox, so if you need it code an addon!". And so that is exactly
what happened, and Tab Groups addon was created with the same
functionality. Happyness. Then comes new Firefox and all the APIs
required for Tab Groups are either removed or changed to the extent that
it's not possible to do it anymore. And the developer calls out to
Mozilla to make it possible to have it rewritten. "It's not a good way
to do things", says Mozilla, "we don't need that addon." Nice.
I see the Firefox Nightly channel, this is where
the latest development version can be checked, tried. Eventually Nightly
become Beta, then Release, then ESR (Extended Support Release), which is
what most everyone uses. Right now Nightly rejects 95% of the addons I
have been using. It takes half a year until Nightly become ESR. You have
6 months to get away.
Let me just show some:
Tab Groups - with 570 tabs it's not possible to live without this
Auto unload tab - free memory used by a tab without losing its state
DownThemAll - download manager with brains
Master Password Timeout - essential security when a strong master password protects
lots of not that important passwords
Saved password editor - what the name says, this is essential when someone uses the
PasswordMaker - create passwords with a strong master and the hash of the website address
(good for some kind of use)
Session manager - I hate to lose browser state; firefox by itself loses it every few restarts,
session manager never have lost any.
YouTube video and audio downloader - obviously
HttpFox - tracing the web traffic to hunt bugs
Lazarus form recovery - do you like to lose the feedback form you typed for 35 minutes? Firefox does.
Calomel SSL validation - TLS security checker, for the security geek
HTTP2 / SPDY indicator - I like to know
Tab memory usage - firefox can't say which tab eats memory
Stylish - when I want CSS to do what I want
UAcontrol - for some really braindead sites
And some small stuff not important even to me.
All of these are going to be trashed.
That's… um… not a long list.
Some addon developers still hope to kick some sense into
Mozilla developers and try to create tickets to have the missing
API coded by the time the new WebExtension based addons
(well, those few) will
trump over the old ones. Some people are creating tickets to
tell mozilla about their addon usage and the loss they will
experience when the shit will hit the fan. Some Mozilla developers
try to help.
But in general Mozilla core developers reply that "this
feature need 4th level security review so it has been delegated
to committe no. 44 and it's been planned to be discussed in some
future non-specific date." Which means in human language that "we
do not oppose your request but we don't support it either, we
put it into the TODO pile and let's hope someone's picking it up;
you may code an API for it and you may even use it but you should
expect us to notice and remove or change it any time". (This
is what's happening to most of the security related APIs.)
For some feature they said "we don't like this feature, so we
try to remove everything related to it", which means that they
don't just remove the API but they remove the whole feature
(this may well happen to one of the most important thing Firefox
have: the integrated, secure password storage).
So I expect either they delay the release of Beta, Release and
whatever (until the required APIs going to be discussed and designed
and accepted and coded and verified and hopefully after addon
developers had some time to actually incorporate them into
their code, which seems rathat unlikely) or they release it in
its current crippled form, which
kills off lots of addons and alienate lots of addon developers
and people actually start looking for better alternatives.
And the inconvenient thing is that if Firefox addons
can do exactly the same as
addons then there's no
point to pick Firefox; or at least out of 100 reasons to do
it there are some 20 left.
But either way, the users going to lose the functionality
of the old addons. So it's going to be worse for them.
…except that I know these kind of addons are only
used by geeks and hackers and coders, and the average
people use addons which make buttons look like
yawning cats, addons which animate the background and addons
which play a merry tune when the page have loaded. Those people
will not notice much. They going to write their passwords into
a text file, they will click on the phishing sites' fake
buttons, their memory use will be compensated by buying
more RAM, and they don't give a fuck about who and how
figure out what the bugs are and how to fix them.
It's the hard life of the intelligent minority
versus the happily ignorant masses.
While we have "civilisation" and "freedom" and "democracy",
we also happen to have corrupted politicians, governmental secret
services, industrial and business spying, and generally various
violations of privacy and personal space.
have created PGP
it wasn't because he was spied on -- it was because anyone of us could
have been spied on and we wouldn't be able to protect ourselves; usually
it doesn't quite matter but at the point when it started to matter
it'd be already too late to start doing something about it. Prevention.
Back then the Government have considered a person "suspicious" if s/he
encrypted the communication; when everyone encrypts their communication
it wouldn't be "suspicious" anymore, and wouldn't be possible to single
out peope just because they're using secure means to communicate.
And by "secure" I mean secure against even the skilled criminals,
including governmental ones. Todays' encryption is usually "unbreakable"
even for the three-letter U.S. and Russian agencies (and the similar ones
with undescribable name in China).
Since then time have forwarded fast, and not just PGP became legal but
there are plethoras of programs promising secure communication, protection
of one's identity, untraceability or deniability of messages,
self-destructing or timing out messages and alike. This have happened
due to the governmental and industrial criminals becaming more and more
aggressive in their invasion of our privacy, storing and analysing
personal private communication, using and abusing it to their purpose
They often say: the terrorists use the technology, so we
have to make it illegal. Obviosuly, since if we make it illegal the
terrorists will stop using it, unlike the citizens protecting their
own private life from the government?
"When privacy is outlawed only outlaws have privacy."
But that's a theoretical problem; in reality we have to protect
ourselves from political and business oriented criminals in high
positions, attacking our communication infrastructure wherever they
have learned the hard way that even their internal traffic
could be unlawfully tapped by the agencies and they're hard working
preventing that and hoping that they're protecting faster than the
government infiltrates it. Everyone have to protect themselves
as good as they can since we cannot put all the trust in the
companies running the stuff in faraway places. I trust best
what I protect for myself.
So let us see the practice. I try to summarise you some of the
best and most secure, widely available communication programs
for mobile phones (or at least Androids). We do not talk about
the security of the devices here: that's a different and quite
lengthy topic, but let's assume that at least the devices are
not readily tapped. If the stakes are that high then
don't use industrial devices; use self-built open-source
computers with professionally crafted protection. It is not
hard, but we don't need it right now - we don't want to kill
JFK after all, just prevent agents to blackmail people for
whatever random reason, to prevent our email and phone
addresses from spamming and analysing, to prevent agents
and businesses to build personality profiles of us and alike.
We're not the criminals - they are.
Conversations (XMPP + OMEMO / OTR) - public protocol
Telegram secret chat
SIP + encryption
ToX (and AnTox) - public protocol
These often encrypt the communication between you and the
server of the provider, but without
they can read everything you do.
Telegram normal / group chat
Hangouts / Google Talk - TLS
Apart from using insecure means of communication these
programs often leak private data to their parent companies or
agencies. Some of them gather completely unrelated private
data on purpose.
Viber - insecure and known illegal transfer of private
Facebook chat - insecure
Facetime - pretty secure but no identity verification
Skype - insecure, known privacy problems
Snapchat - insecure and misleading
Never heard of
These show up in my searches but never have used them, listing
them in case someone's wondering.
Threema - non-free
Gliph - looks like some kind of bitcoin based business,
with non-published security architecture and high claims
Wickr (possibly pretty good,
with end-to-end encryption and have been audited but the protocol
isn't public and the code is not open; it have a stupid idea of
destroying every message after at most a week or so;
and I've been told that Wickr
shuts down accounts not used for half a year without warning.)
Ricochet - runs on TOR network,
no group chat (yet) and its security isn't that great. Rather simplistic.
Streembit - "a network
service for humans and machines"; p2p, dht, ecdsa sign, aes256 crypt
Let me briefly tell you about some crypo stuff to make it
easier to feel what's that fuss about. For those who are professionals on
the crypto field I offer my sincerest apologies for oversimplifications.
Attackers and assurances
An "attack" means that someone gets to know information they have
no business to know. Attackers could be anyone: governments, businesses,
spammers, rogue internet providers, spooks, and even the person you're
talking to. Let's see first what could go bad, and
to do about it:
1. Compromise messages
2. Change messages
3. Inject false messages
4. Identify as another person
Authentication of partners
5. Block communication
No single point of blocking
6. Learn metadata
7. Prove content of messages
Deniability of content
8. Prove that persons communicated
Deniability of conversation
9. Learn past communication after compromise
10. One attack compromises all future communication
That's a lot indeed.
There is also one property which is very important to consider: being
open source. OS means that the program code is published
for anyone to read, and to be able to verify the (security and other) claims
the program authors make. Closed source often means code nobody ever looked
at and never verified, so the authors can claim whatever they please without
doing anything about it. Some closed source code were, however, externally
audited, and if you trust the professionality of the auditor these (claims)
should be reasonably trusted.
From the security protocol viewpoint (eg. "how good is the encryption technology a
program uses") number 5 and 6 are not part of the problem, while in reality
these are very important.
Metadata (#6) means the attacker can reveal who communicated
to whom, when, how many times, how long the messages were, as well as the possible
identity of the parties; in a hostile communication environment (like that between
ukrainian people vs. Russian government) these are very sensitive (and potentially
life threatening) informations. Metadata protection usually means that anonimity
of the parties are ensured while there's some methods to assure #3 and #4.
Protecting from #5 is not meaningless as well. While obviously there is no
protection against switching off the whole internet for someone, there exist
protection against shutting down one or some central servers by force.
Distributed, serverless channels are just for that.
You have to see that from the programs above very few offers you protection
against #5, because it means you have to be a member of a distributed network.
the not very much used Bleep offers you that, in exchange
for higher network traffic, since you have to be a member of a distributed
network of nodes, basically you're one server of the many. To be honest it
is important that these assurances are only true if there are plenty
of users using the given method, since a distributed network
is only good if there are at least a few hundred well distributed users
around (preferably way more). Tox does seem to have such userbase, Bleep
To protect against #6 is not convenient for you either, since to protect
from #4 both parties have to verify each others' anonymous
identity. It's compulsory to be sure that what you verify is true, so the
verification has to happen on a channel (preferably in live conversations or
phone conversation) which is strongly identifying the partner. It usually
involves reading up lots of numbers. :-) Conversations,
Tox, Bleep offers you such protection.
Another way of #6 (metadata protection) is that the provider is reasonably
trusted not to collect metadata, usually by using open source to prove it
or to have an external auditor to prove it (but in that case it only stands
for the audited software version and not for any other versions).
Signal is probably on of these: while they collect
real-world metadata (phone numbers) and store it on a central server they
don't collect converstional metadata, which is fairly safe while having
a simplified partner identification and partner directory. The counterexample
is WhatsApp which provides the same way of message security and
confidentality as Signal but syphons your metadata to Facebook to sell
for advertisers or else.
Most program I suggested protects you against all other problems, which means
Conversations, Wire, Tox, Bleep, Signal, Telegram secret chats, and possibly
others which cannot be verified due to their closed source nature.
I would draw the line here, and insert summary in the middle to screw
up those who read only the beginning and the end of a long post:
To use full security use Tox
The others (from "questionable" to "bad") often only protect the path
between the device and the central server of the provider, and you have to
fully trust the provider not to, well, act like an
attacker. They can do whatever they want, including faking messages and
reveal all content to third parties. If you do trust the provider, your
messages may be safe from 3rd party adversaries listening to your
There are an interesting group of programs which claim to have a
cryptographical technology to protect you (mostly only for #1 - #3),
while their very technology is questionable. Such problems were identified
in Telegram, and possibly others in the "bad" bunch which I didn't check
We are kind of over the period of more than two months of the Hungarian
Fidesz government orchestrated hatred campaign, where the ruling
Party have burnt more than 20 billion HUF (72.8 million USD) on
all kinds of media places to tell the people what to think and vote
about the referendum they have initiated. It's been already said
that this was probably the most evil campaign ever in the history
of Hungary since World War II, full of outright lies, violations of
local (and most probably international) laws and unbelievable
amounts of intervention in the life of public institutions from
elementary schools to the law enforcement.
This has already been mentioned about this refrendum, and it surely
help to understand the results. The average citizen get the news from
the now completely Party-controlled public media, where they have acquired,
taken or forced to have released to them most of the nationwide TV channels, they
force providers to put these channels in the first programmed places,
if you can imagine such a thing, so they use 7 TV and at least 2 radio
channels to reflect their own view and provide selected and filtered
news to the ignorant masses, so it may not come as a surprise that
the government dictated results came out in majority. In fact this
has been known well before the actual results, there was zero doubt
However international, and even national news failed to show the
much more relevant points to help understand what the results really
show. Let me provide you some insight.
There are many objective analysis of the referendum from non government
controlled institutions, and many agree in that the referendum possibly
violates the national election laws (since there is no possibility to
start a referendum in a topic where the National Assembly have no power),
that the hate campaign of the government violated many local
laws (since the government must not take sides in a referendum and
the FIDESZ party [which technically a spearate legal entity but in
reality spends the public founds as they were the government] are not
in the position to use public funds to do a public campaign) and
the referendum was completely pointless for many reasons, including
the absence of information about what the government want to do with
These have been the reasons that many parties, NGOs and politically active
and even many not really active organisations called people not to
engage in the voting process since it's illegitimate and illicit,
and other entities (like the originally joke purpose Hungarian
Two-tailed Dog Party, who now became the "neither of them" choice
of some more informed voters) suggested the people to boycott the
referendum by casting deliberately invalid votes.
People have been debated about these: should I stay home to boycott
or should I go and cast an invalid vote? It is kind of surreal when
one realises that in 2016, in Europe, it is a completely believable and
natural thing that we have to calculate how to counter-measure the
voting fraud of the government; whether it is easier for Them to
fake your signature and vote when you stay home or whether it's
easier to use a fake vote when you have signed your presence; how you
should take care to make your invalid in a way that they cannot
"interpret" it as a valid one (since there was an official guide
how to interpret invalid votes as valid unless it's absolutely
not posisble to misinterpret); how could the people somehow check
whether the results were reflecting the reality. It did not help
that most of the voting booths were validated only by governing party
Therefore it is very important to see how many people have actually
stayed away and how many invalid votes were cast.
There are always invalid votes, that's normal. However, let me show you
a comparison of the elections and referendums of the past decade:
This graph shows that we have almost ten times higher invalid
votes than we ever had (this is true for the older referendums as
well but their available data is not easy to automatically compare).
Based on some statistical data additionally to this 6.27% invalid votes
many of the absent votes have been part of the boycott, which results
10%, or more possibly more close to 20% of the population who deliberately
rejected the referendum.
When you only see that there were almost no "support for refugees" you must
know that those more than 1.5 million of Hungarians (possibly many more)
did show their support by not being a puppet in this evil, hateful, dark comedy.
Also, regexps are highly geeky because they are an absolutely
unreadable mix of all kinds of punctiation. Simple regexes are
easy to write and easy to understand, however there are some
whose complexity requires more understanding than one can spare
for an average human lifetime.
Here come the RegEx debuggers. Funny, I almost have used none
so far, maybe I like to break my brain on them. Anyway, there was
one which was full of "meta matches" (?:) and recursive
groups (eek), and I was looking for the easy way and googled
"regex debugger". Found a lot of interesting but not that useful
one, but then…