matusfaro

Hi HN community,

Today is Color Blind Awareness Day, a day dedicated to raising awareness about color vision deficiency, which affects approximately 350 million people worldwide.

To better understand the challenges faced by those with color blindness, I encourage everyone to set their monitors to grayscale for the day. By doing this, we can gain insight into how color is used in our own products and websites, and identify any potential accessibility issues that might not be apparent to those with normal color vision.

Please share your observations and any issues you encounter. Let's use this opportunity to enhance our understanding and improve accessibility for everyone. For those interested in learning more about color blindness, remember that most people with this condition do not see the world in black and white, but rather have difficulty distinguishing certain colors, particularly reds and greens.

Looking forward to your feedback and insights!

---

Windows: "Settings" -> "Color filters" -> "Turn on color filters" -> "Grayscale"

macOS: "System Preferences" -> "Accessibility" -> "Display" -> "Color Filters" -> "Grayscale"

Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data

I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that.

It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container.

Use Cases:

* Parse a live JWT token

* Convert a Base64 Authorization header

* Hash a password

* Parse a Protobuf message

* Submit my name and birthdate to estimate my date of death

Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about:

1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"?

2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one!

3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository.

1. https://github.com/matusfaro/quarantab

2. https://addons.mozilla.org/en-US/firefox/addon/quarantab/

3. https://github.com/matusfaro/quarantab#bug-bounty

Hi,

I find myself wanting to quickly parse/decode/unescape sensitive data via randomly found sites but cannot. I wonder if there is an existing solution to making sure a random base64 encoder site will not phone home with my data.

Specific use cases:

- Parse a JWT using jwt.io

- Encode/unescape/parse data from a specific format (base64, protobuf, ...)

- Hashing a password

- Generating Bitcoin wallet using bitaddress.org

The solutions I end up doing:

- Finding a way to do it offline (in a terminal) or using/writing a script I can safely audit.

- Load up a VM, load the site, cut it from network, make use of the site and throw away the VM.

I am debating on creating a Browser extension to solve this problem, but wanted to get ideas from you to see if I am missing something that already exists.

The extension would have an isolate functionality that would:

- Cut off network access for a tab

- Cut off access to other tabs (Not sure how to do this, temporary containers in Firefox?)

- Listen for tab close event and clear all browser data for that site (cookies, storage, workers, history etc...)

What do you think?

In last two days, my friend had her CC stolen and Instagram taken over which she accessed from her Mac. Although a rootkit is possible, her browser had three extensions: ublock origin, Google Drive, and "WebChatGPT" [1].

Looking into WebChatGPT:

- It has full access to all sites

- Extension was recently sold by owner [2]

- Latest release [3] doesn't match any new commits in the open-source repo [4].

- The last change in the repo removes sponsor link for buy me a coffee

- Someone opened an issue on the repo calling out spyware [5]

What is the best course of action here? Where can we report this? I am going to try to download the extension and follow where the data is sent.

* 1 https://tools.zmo.ai/webchatgpt

* 2 https://www.buymeacoffee.com/anzorq

* 3 https://addons.mozilla.org/en-US/firefox/addon/web-chatgpt/versions/

* 4 https://github.com/interstellard/chatgpt-advanced

* 5 https://github.com/interstellard/chatgpt-advanced/issues/203