https://github.com/uBlockOrigin/uAssets/issues/5184#issuecomment-1829172308

Twitch is a dangerous website, the extension probably won’t be back. They could still easily target you at any time and you are just lucky they are sending ads. After some time of using the extension twitch will react and become even more toxic.

Twitch even has a network sniffer in its source code (among other things), its so much worse than just ads, some of these experiments are basically malware/pup that no-one would install on their device willingly, these instances aren’t just left over code from some library they are deliberately crafted experiments that are present in the active code path.

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      1 year ago

      Or we could take a look at the javascript ourselves, like they say to do?

      Everyone’s asking for a writeup, but like… there’s not any other JS programmers who could take a look and verify?

      Nobody wants to trust this guy, but also nobody wants to do the legwork to verify it.

      • BlackEco@lemmy.blackeco.com
        link
        fedilink
        arrow-up
        16
        ·
        1 year ago

        Most JS shipping on the web is minified, with variables renamed to random names, you can’t just open it and search for maliciousFunction.

        Also their claim of Twitch doing network sniffing in a browser should be impossible unless Twitch has found and is actively exploiting a security flaw in modern web browsers.

        • Moonrise2473@feddit.it
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          Technically, twitch could sniff all the traffic exchanged with their user. It would be pointless as they already know the content of the transmission, though

      • h3ndrik@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yeah, that’s why I asked in the first place. I’m zero interested in the credibility of that person. Just somebody check if it’s factual. I’m not a Javascript-person but I bet there are debugging-tools and de-minifiers available. Or just someone press Ctrl+Shift+I and look at the inspector.

        Edit: Nevermind. Maybe the credibility of an account sometimes is enough.