Quail4789

I've looked through Obtainium source code a while back and there seems to be no hash verification whatsoever. Looks too susceptible to supply chain attacks to me.

I don't like that Aurora Store sends a list of installed applications to Google and the only way to stop it is to blacklist.

Is there an option that combines multiple sources together like Obtainium but contains automatic hash verification for added security (I am aware updates are protected by Android)? Something I can use to download non-FOSS apps from a mirror but make sure it's the APK from the Play Store?

I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.

I don't get why that's more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user's home directory (/var/lib/transmission-daemon on Debian)?

I'm seeing thepiratebay org is discouraged because it has lots of viruses due to lack of moderation. I was wondering how could an mp4 or an mkv etc. could be harmful? Are people talking about executable stuff?

I'm looking into self-hosting a SearXNG instance for my own use. One thing I don't get is how the results are aggregated if I'm using a local instance. Is it just going to all the configured search engines and making requests? If that's the case, what's the benefit of using SearXNG instead of just going to that search engine myself from a privacy perspective?

There was a cover of Hollywood's Bleeding by VUKOVI as an Amazon Original. For some reason, it's been removed from Amazon. I've been looking for some other way to listen to it but the only thing I can find is their Tweet announcing the song a while back. Nothing about why the song is removed. Given this wasn't a popular song, I also can't find any torrents or anything. Where should I look?

I have recently realized that I will occasionally hear notification sounds from applications that I had previously opened but no longer has any active tabs (email client, discord, etc.). I'm assuming this means they are allowed to keep some sort of connection in the background until I close all Firefox windows. Is this a bug or a "feature"? How do I turn it off? I don't want any application running at any capacity except when I have tab(s) open for them.

Solution:

Hm, Discord didn't have anything registered there. After some digging, I found about:debugging#workers which does list Discord stuff under "Other Workers". It's unsettling to see there's no way to force confirmation and/or disable these stuff. I use Discord when I have to every once in a while. I don't want their code running all the time in my browser..

edit: you can disable service workers with dom.serviceWorkers.enabled = false but this has no effect on Other Workers.

edit2: uBlock can disable Other Workers by setting the filter ||$csp=worker-src 'none' in My Filters and enabling Suspend network activity until all filter lists are loaded in Filter lists. It funny how this "trick" is written for Chromium-based browsers with the note that Firefox allows global disabling of service workers when the sites can just register a different type of worker with no way of disabling them. I am sure the api is less powerful than service workers bla bla bla, let me decide what runs on my browser without needing third party tools, please.

If I globally disable filesystem access to home (i.e. filesystems=!home;), and an app declared that it needs home/some-dir, do I need to explicitly prevent access or do my global settings take precedence?

I am on a shared network. I'd like to self host services and access them from all my devices but I do not want these exposed to other people in my network. I've noticed that I can just change the port mapping in Docker to <Tailscale IP>:<port>:<port> from <port>:<port> and it just works. Works as in the service is accessible from my Tailnet, inaccessible from the local network or the internet. Is it really this easy or am I missing something? Just sounds too good to be true so I am suspicious it might somehow be insecure.