Regulations on Custom Browsers made for work, productivity, etc.

4 points by sachinjain ↗ HN
I have been using SideKick browser to manage multiple accounts in one place otherwise switching between Chrome profiles was a pain but recently I figured out SideKick automatically changes my WhatsApp status to "Available (via SideKick browser). Not only this, they also change the status on Discord, Slack, Telegram and many other apps.

This is a Growth Hack for them but this was very frustrating for me to know and especially they don't have any authority over my WhatsApp Status.

When I did some reverse engineering, I found SideKick is adding an extension that injects content script on web.whatsapp.com and it changes the WhatsApp status automatically every 3 days or so and then they also send the analytics events to their servers.

They may/may not be doing anything with my data but the bigger question is when people over Internet are using browsers like these, they get full access to what you browse and everything else like Cookies, Passwords, etc.

Even they can stitch your sessions in Incognito if they want in the backend \_(~_~)_/. Who knows.

Browser extensions are still vetted by respective vendors like Google & Mozilla but how do we ensure we are browsing the Internet safely?

2 comments

[ 0.70 ms ] story [ 10.7 ms ] thread
Never heard of SideKick before reading this but after some cursory googling, it sounds like a thing I wouldn't touch with a 10-foot pole.

> switching between Chrome profiles

You don't _have_ to switch between Chrome profiles, as in close one to open another... you can just have one or more separate windows open for each.

> Browser extensions are still vetted by respective vendors like Google & Mozilla

No, that is a common misconception. And it's what the browsers and smartphone app stores have somehow gotten everyone to believe. The truth is that anyone can upload whatever they like to all of these. The uploaded software might be run against various scanners to check for commonly-known exploits and API rule-breaking but they can't check for everything that an attacker can think up, so "real" threats are basically never discovered until some critical mass of users complain about it.

But I digress. Anyway, it sounds like what you want is Firefox and the Multi-Account Containers extension: https://addons.mozilla.org/en-US/firefox/addon/multi-account...

Nobody is going to protect you from stuff like that. You just gotta practice good online hygiene and don't run random software or extensions. Much of it is adware or malware. If they don't have a paid plan or are sponsored by a huge company, you are the product and spying is their business plan.