Ask HN: How to disable right-click blocking in the browser
My bank’s website has this maddening “security” feature which prevents me from copy/pasting things like account numbers and avoid fat finger errors.
I would love this block to go die in a server fire.
65 comments
[ 4.4 ms ] story [ 149 ms ] threadAbove comes with disclaimer, I personally don't allow any extensions in browser I use for banking. A little bit paranoid but I prefer to reduce plain of attack when accessing my bank (of course there are other threats that may bring more severe risk, remove them one at a time :) ).
I'd go with a bookmarklet style approach suggested by other top-level comments.
Extension permissions still can't block an extension from making network requests if they have access to a site, right?
(Not implying this extension does something nefarious, but more the general risk of such extensions especially when we hear that sometimes extensions get sold or their authors accounts get compromised...)
Even if it is benign now, there is no telling when it might be sold and new owners may have more nefarious intentions.
I'll never betray the trust of my users, and anyway it's not going to be sold. Nobody has ever made me an offer, and it's unlikely that anyone could afford to acquire it. The extension is worth more to me as an indie dev than it would be worth to anyone else.
This is your thoughts right now. If a real tangible offer came through for 10s of millions of dollars, would you still feel that way? What about when you die or become permanently offline for some other reason? Will your family sell it to the lowest bidder, delist it, or just leave it to bit rot?
These are things everyone has to/should consider when granting software unfettered access to their machine.
You could just ask me questions without associating yourself with Satan. ;-)
> If a real tangible offer came through for 10s of millions of dollars, would you still feel that way?
I would definitely sell for 10s of millions of dollars! Indeed, I would sell for 1 million dollars. But nobody is going to offer me that LOL.
> Will your family sell it to the lowest bidder, delist it, or just leave it to bit rot?
They would have to leave it to "bit rot", because my source code is encrypted, and nobody else has my passwords. (The extension has no server component and should continue working fine indefinitely with no updates.)
This is exactly the kind of thing people are worried about.
Which extension?
Was this in the news? There aren't actually that many really big extensions.
FWIW, they put it up for sale as a lark, not intending to actually sell it, on some business sales/acquisitions/mergers site and got more than their asking price.
Asked by whom? Your (hopefully former?) friend who sold out millions of people for malware? Are those millions of people aware that they were infected with malware? Not sure how this can be a secret.
> It wasn’t a big extension though, only a few million installs.
That's big!
Apparently there are only 300some Chrome extensions with over a million users. https://www.debugbear.com/blog/counting-chrome-extensions
My user base is orders of magnitude less, so I wouldn't worry about my selling out for $millions.
Well, assuming they can transfer money out of people's accounts and get away with it, which obviously requires additional effort.
I would sell to [known BigCo] for a million dollars. But BigCos aren't interested in my software, so that's a non-issue.
If a criminal offered me millions of dollars, I would report them to the FBI. And I think this whole discussion is just ultra-paranoia.
withinboredom claims but refuses to name a supposed malware extension with millions of users. Not sure I believe this astounding story.
I don't even aspire to be rich, or even to retire. That sounds pretty boring to me. I'd rather work on something socially useful. But financial security would be nice.
I find it very sad that there are fewer software reviews in the news media now than there used to be. This makes it much more difficult for developers to get discovered.
I don't trust MacRumors or PC World to vet...anything.
I do sorta trust...I dunno...EFF. Bunnie. yadda yadda.
Anyway, I feel you're feeling some negative emotion here that's really just people interested in the security and privacy of their machine.
I asked what part do you distrust exactly. "The...press" seems very hand-wavey and non-specific. When the argument starts with the premise that nothing the press says can ever be trusted, that's the route to denial of all facts and creation of your own reality. Did the stock market go up or down yesterday? Who can really say... because you can't trust the press!
> Anyway, I feel you're feeling some negative emotion here that's really just people interested in the security and privacy of their machine.
I'm very interested in security and privacy. In fact, StopTheMadness is designed to help protect your privacy. I use other 3rd party software to protect my privacy too, such as Little Snitch on the Mac (which incidentally is closed source, but the developers have earned their trust). I just think there's a distinction between prudence and paranoia, and I think it's counterproductive to fall into the latter, almost shooting oneself in the foot out of fear.
Depending on which stocks are doing well and which aren't, and why, you'll absolutely get the news framed differently publication to publication.
Corporate press has proven itself unreliable and bought.
I use a dedicated browser for all types of banking as you can't be too careful. Also, I don't run any extension on it for this same reason of being careful.
I think you actually can. ;-) There's a difference between being prudent and living in fear. The former is of course good, but the latter can make someone miss out on a lot of good things in life. Including good software.
For ins.tance you can shift right click a video to use picture in picture on Youtube
Same for sites that override ctrl + left click (to open link in new tab - some sites will treat it like you simply clicked the link and open it in the same tab - super annoying).
To do so:
- Open about:config
- Find or create permissions.default.shortcuts
- Set the value to 2 (BLOCKED) or 3 (PROMPT, not sure if that even works)
The changes should take effect immediately. If they don't, try restarting your browser.
You can then go into the page information dialogue (ctrl+I) and turn it back on for individual sites that need shortcuts to work well (like Google docs, maybe Discord).
Note that this might also affect shortcuts that do not conflict with your browser's shortcuts.
https://www.reddit.com/r/AnalogCommunity/comments/uw9fne/spe...
https://www.techdirt.com/2010/03/03/japanese-collection-soci...
Making it difficult to inspect element+replace value might actually be worth the effort. I've seen a Kitboga video where a simple transparent div covering the entire page had the scammed stumped for minutes because they didn't actually understand HTML.
It certainly doesn't prevent viruses, but for scams it may just be enough to save some people.
I suppose low level hindrances are sufficient to block low-level intruders...
It's a tricky trade-off. I don't think it's worth the effort and inconvenience to block the right click menu, but in the fight against scammers I can see why someone would see otherwise.
Code is also on github if you want to learn from it: https://github.com/lunu-bounir/allow-right-click
if you go back to the first few commits you see it started similar to some of the small JS snippets people have suggested here. It is interesting to see how it has evolved
Don't have an exemple of when it would have failed :-)
You can try, but you can't. The only people you'll stop are non-tech users, and the others will shame your business for playing this game.
If you need an analogy, think of it as trying to disable screenshots in an environment where users carry a camera in the other hand...