sachinjain

cURL request might contain sensitive data like Auth headers, exact request payload. Also sometimes cURL requests are obtained from logs of a user session.

And, devs need to share cURL requests in order to reproduce an issue and communicate context to another dev.

I know of a platform called Zerobin to share secure messages. I am thinking to host an internal server of Zerobin and use that to share cURL & other secrets within the company.

How are you dealing with this?

I was going through one of my StackOverflow Posts - https://stackoverflow.com/questions/18310484/modify-http-responses-from-a-chrome-extension/71250307, A notification caught my attention - "We do not currently allow content pasted from ChatGPT on Stack Overflow; read our policy here." Policy here - https://stackoverflow.com/help/gpt-policy

If the reference is not sited, Isn't it going to be very tricky for StackOverflow to identify if the content is humanly generated or artificially generated? Is ChatGPT a potential threat to StackOverflow?

Given that most of the new companies adopt modern frameworks like React, Angular, Vue which are quite stable across browsers unlike jQuery, Backbone days when the same code worked in Chrome but not Firefox for various reasons.

Just wanted to pick your brains on what do you think how relevant is cross-browser testing. Do we really need to test our code on 50ish Chrome versions, 25is Firefox versions and so on.

I have been using SideKick browser to manage multiple accounts in one place otherwise switching between Chrome profiles was a pain but recently I figured out SideKick automatically changes my WhatsApp status to "Available (via SideKick browser). Not only this, they also change the status on Discord, Slack, Telegram and many other apps.

This is a Growth Hack for them but this was very frustrating for me to know and especially they don't have any authority over my WhatsApp Status.

When I did some reverse engineering, I found SideKick is adding an extension that injects content script on web.whatsapp.com and it changes the WhatsApp status automatically every 3 days or so and then they also send the analytics events to their servers.

They may/may not be doing anything with my data but the bigger question is when people over Internet are using browsers like these, they get full access to what you browse and everything else like Cookies, Passwords, etc.

Even they can stitch your sessions in Incognito if they want in the backend \_(~_~)_/. Who knows.

Browser extensions are still vetted by respective vendors like Google & Mozilla but how do we ensure we are browsing the Internet safely?

I was debugging something & searched for jquery in the Network tab and stumbled upon an API call to pro.ip-api.com and when I found the response for the API, I was shell shocked to see the detailed being captured.

Here are the things that I found pro.ip-api.com was capturing about my location

{ "as": "My ISP Pvt Ltd", "city": "My City", "country": "My Country Name", "countryCode": "My Country Code", "isp": "My ISP", "lat": my.lat, "lon": my.long, "org": "Something", "query": "My.Actual.IP", "region": "Quite Close Region Code", "regionName": "Quite Close Region Name", "status": "success", "timezone": "Accurate/Timezone", "zip": "Accurate ZIP" }

PS - The data UberSuggest captures is very scary. I use UberSuggest for SEO purposes. For the time being, I have blocked this API end point with the following Requestly Rule - https://app.requestly.io/rules/#sharedList/1664432223477-Block-Pro-IP-API

More Importantly, UberSuggest fires this on every page/domain. I assume every analytics tool captures Country & City so that'd have been fine but tracking information till region, ISP & ZIP code is unacceptable.

Should I try contacting Neil Patel and tell him about this before dropping a review on Chrome Store.