Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

- works on X, the terminal and Android (yeah, that's a tall order, but it sure would be nice to have the same keystrokes available in X and on the terminal, and the same information available everywhere)

- securely shares passwords across multiple hosts (emphasis on 'securely,' unlike Chrome and Firefox)

- blocks ads

- blocks JavaScript, but makes it very easy to selectively enable it

- supports <script type="text/python">, <script type="text/common-lisp"> and <script type="text/smalltalk"> (hey, you did ask for ideal!)

- written and extensible in Common Lisp (elisp or Python would be minimally acceptable): the goal here is to be able to have 'the emacs of web browsers'



Isn't emacs the 'emacs of web browsers'?


Yeah, if emacs supported a terminal-aware WebKit then that would pretty much be my ideal browser; I could add everything else.


Wait, what's insecure about Chrome password syncing?


Find a chrome users unattended computer

open a tab to chrome://settings/passwords

Click on a saved password and click "show"

Write down their site / password info. They'll never know you have their login data, no access logs or warnings.

Note that the people freaking out the most about this are incredibly uncreative, because they think this is the only way an unattended computer can be powned, usually combined with weird beliefs about "Security" being a boolean value. Obviously, if you have physical access, you stick a keylogger on there, steal the whole DB of passwords at the binary file level, take over the whole operating system, etc. Also for extra comedy the people most likely to be outraged stereotypically have the same password for all saved sites (LOL) so you really only need to write down one password for that user, and also stereotypically its a variation of "1Password" or their kids name, etc.


I didn't know that the chrome://settings/passwords page existed until I read your comment. I actually just checked it out, and when I clicked the "Show" button on the password box, Chrome made me re-authenticate with my Windows password before it would show the password.

I don't know if this is a new feature, only available on Windows, etc., but it seems like this may be less of a concern now.

I did find it weird that I had to re-authenticate with my Windows password and not the password that Chrome is syncing passwords with, but it's better than nothing.


Just tried it and it asked for my admin password (Mac OSX).


It may vary depending on version.

Sites that are heavily automated / packaged / locked down will not be up to date.

I can verify it works fine on linux 44.0.2403.107.

I have access to a 41.0.2272.101 on windows that is extremely heavily locked down and centrally distributed but I don't use that out on the internet, it would be non-trivial to test.


I use firefox, but if I remember correctly the passwords are stored in plain text? And there is no global password to protect the saved password.


How exactly is any browser supposed to autofill passwords without storing them in plaintext? If you want them encrypted, you need to put in a password on every startup, which can be easily done by using truecrypt containers or fde.


Firefox supports said password-protection out-of-the-box, IIRC.


Chrome has a master password that protects your passwords and saved forms, if you set one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: