Content
@
https://ethereum.org
0 reply
0 recast
0 reaction
polymutex
@polymutex.eth
You use Chrome. Imagine for a moment that Chrome sent šš«šš§š® ššš š®š¤šŖ š«ššØšš©šš to Google. That would be outrageous, right? web3 is about doing better than this. Well, what if your wallet did the very same thing? š
3 replies
5 recasts
42 reactions
polymutex
@polymutex.eth
The above screenshot is a network capture of a popular browser extension wallet. Which wallet is in the screenshot? That's not important.š£šæš²ššš šŗšš°šµ š®š¹š¹ šš²šÆšÆ šš®š¹š¹š²šš šš¼šæšø ššµš¶š šš®š. That needs to change.
1 reply
1 recast
12 reactions
polymutex
@polymutex.eth
ššš® š¬š¤šŖš”š š¬šš”š”šš©šØ šš¤ š©šššØ? UX. Wallets need to fetch token balances etc. This leaks your Ethereum address. But... why also leak the site you are visiting? Wallets want to check if the URL you are on is a known scam site. They snitch the URL by doing so.
1 reply
0 recast
5 reactions
polymutex
@polymutex.eth
ššØ š©ššš§š š ššš©š©šš§ š¬šš®? Yes. Chrome warns you when you are about to visit a scam website as well (a feature called "Safe Browsing"), yet does not leak every URL you visit to Google.
1 reply
0 recast
5 reactions
polymutex
@polymutex.eth
šš¤š¬ šš¤ššØ šš© šš¤ š©šššØ? It hashes the domain part of the URL, pick the first few bytes, and retrieves a list of domains whose first few bytes are the same. It retrieves this list through an anonymizing proxy. Google doesn't learn your IP, nor the site you visited.
1 reply
0 recast
8 reactions
polymutex
@polymutex.eth
(Caveat: Chrome has an alternative feature called "Enhanced Safe Browsing" which š±š¼š²š leak the full URL you are visiting to Google.) (Don't use it.)
1 reply
0 recast
5 reactions
polymutex
@polymutex.eth
ššš”š”šš©šØ ššš£ šš¤ š©šš šØšš¢š. A wallet should š£š¤š© leak more than one of the following at once: 1ļøā£ Your IP addres. 2ļøā£ Your Ethereum address 3ļøā£ The URL you are visiting The technology to avoid leaking this exists. Just a matter of execution.
1 reply
0 recast
9 reactions
