Beyond being a warning about AI, which is helpful, you really should be taking proper security precautions anyway. Personally, I have a separate browser that runs no extensions set aside that's solely dedicated to doing finance- and other PII-type things. It's set to start on private browsing mode, clear all cookies on quit and I use it only for that. There may be more things that I could do but that meets my threat threshold for now. I go through this for exactly the reason in the tweet.
Gee, I really haven't considered your approach.. considering extensions can really be trojan horses for malware, that's a good idea..
It's interesting how old phone OSes like BlackBerry had a great security model (fine-grained permissions) but when the unicorns showed up they just said "Trust us, it'll be fine..", and some of these companies provide browsers too..
> Trust us, it'll be fine..
That's because their product is the malware. Anything they did to block malware would also block their products. If they white listed their products, competition laws would step in to force them to consider other providers too.
> If they white listed their products, competition laws would step in to force them to consider other providers too.
Uh, you're describing SafetyNet and at least a dozen similar anti-competitive measures by big tech. They've been doing this for years and regulators have basically been ignoring it. DMA over on the EU side hints at this changing but it's too little too late.
I thought that incognito mode in Chrome[0] and private mode in Firefox[1] already disables extensions by default.
[0] https://support.google.com/chrome_webstore/answer/2664769?hl...
[1] https://support.mozilla.org/en-US/kb/extensions-private-brow...
Absolutely, except for extensions you explicitly want to have in private mode, which is opt-in.
So? Extensions are opt-in in regular mode too.
I'm agreeing with my parent comment, to which I'm adding some precision.
Personally, I only use websites like that on mobile/tablet devices with more closed-down/sandboxed operating systems (I’d expect both iOS and Android from reputable brands to be just fine for that), and recommend the same to any relatives.
My bank assumes private browsing = hack attempt and makes login incredibly onerous, sadly.
I even have a separate user login for such things, a separate user for hobby things and a separate user for other things.
... Your bank's site works in private browsing mode?
You can use a different profile for banking and limit the extensions to be just your password manager.