• StryderNotavi@infosec.pub
    link
    fedilink
    arrow-up
    8
    ·
    5 months ago

    He also seems to be throwing in unrelated concerns and just glossing over the details that bring their relevance into question - consider this paragraph

    Browser extensions, mobile, and desktop apps also implement logic to attack users by regions and based on their political views. Nowadays, there are many teams who buy popular apps and browser extensions to inject malware. I have a blog post about it.

    You’re not going to be able to identify whether a developer might do a deal that compromises a library you use based on their political stance - it’s an entirely unrelated threat vector to his core thesis (and even his own related blog post recognises this, discussing how developers of browser extensions are sometimes tricked into including malicious code - something that is even less related to their political beliefs than their willingness to take a bribe or payout.