, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
[-] k3ym0@infosec.exchange 3 points 2 weeks ago

@TheTechnician27 “colossal fuckmuppet” is doing a LOT of heavy lifting for someone claiming the moral high ground on precise language usage.

, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
[-] k3ym0@infosec.exchange 1 points 2 weeks ago

@Feyd Fair corrections, thank you. The hover thing was sloppy on my part -- it's a long-press/context menu, not passive. And the key points feature does run a local model, not cloud inference. I'll edit the post.

The default-on nag UX is still bullshit but you're right that mixing valid complaints with inaccurate claims just gives people a reason to dismiss the whole thing.

, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
[-] k3ym0@infosec.exchange 3 points 2 weeks ago

@TheTechnician27 you're technically making a point about language inflation, but you picked maybe the worst possible example to die on that hill because "we said it's opt-in but it's actually opt-out" is genuinely closer to gaslighting than 95% of the times people use that word online.

, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
[-] k3ym0@infosec.exchange 3 points 2 weeks ago

@jbowen @firefox @librewolf this honestly makes me so sad inside. i think i developed somewhat of an emotional connection with mozilla over the years, clinging to them as the one last shining light amidst the vast sea of enshittification.

feelsbad.jpg

, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. by k3ym0 in c/firefox@lemmy.world
[-] k3ym0@infosec.exchange 5 points 2 weeks ago

@firefox @librewolf OH MY GOD.

The Firefox mastodon account automatically boosts your post when you tag them.

lmaooooo

88
, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links. (media.infosec.exchange)
submitted 2 weeks ago* (last edited 2 weeks ago) by k3ym0@infosec.exchange to c/firefox@lemmy.world
26 comments fedilink

@firefox, the “last privacy-respecting browser” now nags you with in-browser pop-ups to let AI generate “key points” when you long-press links.

Mozilla CEO: “AI should always be a choice – something people can easily turn off”

Then why the fuck is it off by default? Why the fuck am I getting pop-ups asking me to try features I didn’t ask for? That’s not a choice. That’s opt-out with a fucking marketing budget.

What the fuck happened to you, Mozilla.

They spent WEEKS in damage control promising an "AI kill switch" and then shipped it fucking disabled. That is the most gaslit UX I have ever seen in my life.

"Help me @librewolf - you're my only hope."

Settings > AI Controls > Block AI enhancements. Do it now, because they won't do it for you.

Edit: a few corrections thanks to @Feyd:

“Hover over links”

  • It’s a long-press / context menu action, not a passive hover. That’s a meaningful distinction because hover implies it’s happening constantly without intent, which is way more invasive than what’s actually happening.

“Sending page content to ML models”

  • the default link preview (before you enable key points) just reads the Open Graph meta tags – the same og:title / og:description metadata that generates link cards in Slack, Discord, iMessage, etc. That’s not AI, that’s just HTML parsing.
  • even when you DO opt into the AI key points feature, it runs a local on-device model, not shipping your page content off to some cloud endpoint.

#Firefox #Mozilla #AI #InfoSec #Privacy #Fediverse #OpenWeb

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee. by k3ym0 in c/ublockorigin@lemmy.ml
[-] k3ym0@infosec.exchange 3 points 1 month ago* (last edited 1 month ago)

@finallymadeanaccount i am indeed very passionate about data privacy :)

this is less about which AI is "safe to use," and more about the fact that these AI websites track us in the exact same way 99% of the internet does.

whether or not that is "safe" for you depends entirely on your personal identity. these third parties that collect and aggregate data on you can sell that data to anyone - including government institutions. The US CBP (Border Patrol) has notoriously used this method of data collection to track peoples' movements

(shout-out to @josephcox and @404mediaco for the incredible reporting - i <3 you)

regardless of whether or not it is dangerous for someone, I personally don't believe it is ethical to abuse peoples' privacy like this.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."

-- Edward Snoden

86
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee. (infosec.exchange)
submitted 1 month ago* (last edited 1 month ago) by k3ym0@infosec.exchange to c/ublockorigin@lemmy.ml
18 comments fedilink

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

  • Six parallel telemetry pipelines.
  • A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
  • Intercom running a persistent WebSocket whether you use it or not.
  • Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

  • proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
  • uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
  • Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
  • Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

  • play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
  • Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance

I just started caring about my own privacy. What apps should i get rid of, why and what can i replace it with? by k3ym0 in c/privacy@lemmy.ml
[-] k3ym0@infosec.exchange 34 points 2 years ago

@prousername here’s a good starting place: https://www.privacytools.io

k3ym0

joined 3 years ago