And your worried about Pale Moon Security???

[Thehandyman1957]

Popular Mac app pulled by Apple after revelation it 'acts like spyware'

https://www.dailymail.co.uk/sciencetech ... story.html

This is not a new thing I realize, but think about it for a minute. This was a top Apple app
that cost money to use, it was not free. On top of that, it was shown to do this a month
before Apple even decided to remove it.

On top of that is Apple's app review process, kinda outlined here.

What is Apple's App Store approval process?

https://www.quora.com/What-is-Apples-Ap ... al-process

And the funniest part of this is this, since this type of reviewing was brought up before.

The use of automated tools by Apple helps in scanning the apps for
viruses and “DON’TS” of app development. Most of the manual reviews
are handled by automated system without human involvement.

And this is just a very small issue in a bigger failure of the app world.

350 new Android malware apps every hour

https://www.gdata-software.com/news/201 ... every-hour

And from what I can tell, this comes mostly down to "permissions" that the app gets
and how it uses those "permissions" while in use.

This is why I don't use my phone for anything important. So in the end, we have the two most used
types of software, hardware in the world not able to stop that kind of junk, mostly due to the way the
apps are allowed to run on those respective systems.

On the other hand, we have Pale Moon here, not the most used browser for sure. But holy moly...
I'll take Pale Moon over any mobile garbage any day.

[New Tobin Paradigm]

I don't blame you, I wouldn't want a Phone made by a Chinese state-run company like Apple who gave all the keys to a hostile and communist global power. I'll stick with my android phone, Google is only colluding with China's government to impliment thier agenda but Google still holds all the keys and might one day turn back.

[Night Wing]

I don't own a smartphone. Just an old fashioned clam shell type flip cell phone which is 8 years old now. And it is never turned on with the only exception, when I turn it on, it is to make a call. After the call is made, then I turn it off. The monthly usage minutes from my August billing statement was "zero minutes". BTW, when I do turn the cell phone on, it is never connected to the internet either so no need for any texting.

As for the question of; "do I worry about security when I'm using Pale Moon", the answer is..........."no".

[gepus]

The story is easy knitted so even a child can understand it.
We all know the narratives from storybooks about the bad guys and the good guys.
Too bad that in real life things might become more complicated and one should be cautious whatever the narrative tells.

A server in China doesn't tell much. It can be operated by anybody worldwide to begin with (even under a false identity ...).
Therefore it would be interesting to know if the operator of the server was identified.
You don't simply go with such a story public until you gather enough information to get the villain except your only goal is to make a story.
An ex co-worker of the NSA should know better.

But there is more:

The developer of this app is one that we at Malwarebytes have had our eye on since 2015. At that time, we discovered an app on the App Store named Adware Medic — a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac. We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.

We’ve continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple’s review process, is always replaced by a new version before long.

source

[Thehandyman1957]

A server in China doesn't tell much. It can be operated by anybody worldwide to begin with (even under a false identity ...).

I think your missing the point. It should not be sending out that information in the
first place under any circumstances.

But my main point in posting this was to show that Pale Moon is not
even on the same playing field of security issues as something most
folks take no thought about, I.E. their "smart" phone.

[New Tobin Paradigm]

But my main point in posting this was to show that Pale Moon is not
even on the same playing field of security issues as something most
folks take no thought about, I.E. their "smart" phone.

Exactly!

[gepus]

A server in China doesn't tell much. It can be operated by anybody worldwide to begin with (even under a false identity ...).

I think your missing the point. It should not be sending out that information in the
first place under any circumstances.

My post wasn't intended as a replay to yours but to this: "a hostile and communist global power".
Sorry if it wasn't self-evident.

[New Tobin Paradigm]

Hey, just because we are in a sad state of history with insanity all around us with threats to true freedom from every direction doesn't mean the humor is lost on me.. I say, have fun AND try and save the world. It doesn't have to be mutually exclusive you know.

[gepus]

Hey, just because we are in a sad state of history with insanity all around us with threats to true freedom from every direction doesn't mean the humor is lost on me..

[therube]

The entire Mozilla webextension ecosystem is essentially in the same boat.

Nothing in the way of extension "review".

Everyone & their uncle can submit any extension - & have it "approved" (which is meaningless), be given Mozilla's "blessing" (again meaningless, except for the fact that it then has a legitimate hash [I'm saying that incorrectly], such that it will install).

Once "approved", the extension can be hosted on AMO, & users can install it.
Or an extension can be hosted on a foreign site, & users can install it.

And the most Mozilla does about this, is to block said extensions - after the fact - assuming it even comes to light.

https://blocked.cdn.mozilla.net/

[Moonchild]

The entire Mozilla webextension ecosystem is essentially in the same boat.

Ah but that's been the idea all along, don't you know? Replace existing tech with a technology that can be "sandboxed", so you no longer have to do the work to see if what's made is actually malicious, and instead just put all your eggs into the sandbox basket. After all, in that line of thinking, if something is sandboxed it can never be harmful (which is a massive fallacy in thinking -- even if something doesn't try to escape the sandbox it can still be harmful by design).
Bottom line of that approach is that "reviews" can be automated by checking for behavior that would attack the sandbox - and ignoring all other malicious behavior that an actual review would easily bring to light -- why? Margins. Less work to be done means more profit.

[gepus]

Apple's Mac App Store is the most secure




source