this post was submitted on 12 Dec 2023
93 points (87.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54574 readers
499 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I've never seen any website cause a firewall permission request

all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 98 points 11 months ago* (last edited 11 months ago) (3 children)

Word of caution, if you have been browsing successfully until now, it could be a malicious javascript app or malware loaded from that website that is attempting to scan your network or do other things. In other words if this is a new firewall request above and beyond the standard one librewolf needs to function, proceed with cation.

[–] [email protected] 12 points 11 months ago (1 children)

Could you also proceed with anion?

[–] [email protected] 6 points 11 months ago
[–] [email protected] 7 points 11 months ago (2 children)

In theory, that shouldn't even be possible with JavaScript. There's such a thing as same-origin policy for that exact reason...

[–] [email protected] 8 points 11 months ago

Have you really never heard of malware from JavaScript? Buffer overflows and sandbox escapes are almost all JavaScript, still, hasn't changed in the last decade. Sometimes it's a random font parser library or something, but almost always it's JavaScript. And now that browsers are auto-updating and they have fully staffed security teams behind them that get word of a vulnerability being secretly exploited before the general public, most people don't get hit just because they browsed to a random website. But it's still possible, and especially likely that a shady torrent site could be hosting malware or get ""hacked"".

[–] [email protected] 4 points 11 months ago* (last edited 11 months ago) (1 children)

Malicious javascript seeks to bypass security controls. It’s one of the reasons NoScript is a thing. It could be a malware loaded from an ad. Biggest reason for adblockers imo.

Check out this link for learning about this stuff.

https://heimdalsecurity.com/blog/javascript-malware-explained/

[–] [email protected] 7 points 11 months ago (1 children)

I've read that article. It is complete garbage and doesn't explain anything at all. It's just standard cookie cutter fear mongering to sell some random antivirus software.

[–] [email protected] 4 points 11 months ago

That article is for lay-persons and really an awareness article I surmise. If you’re technical you are likely already aware of the security concerns with jacascript.

[–] [email protected] 3 points 11 months ago

That’s what I’m thinking, it happened when i tried to load their streaming player for the first time which historically have pop unders on streaming websites

[–] [email protected] 44 points 11 months ago (4 children)

This isn't a website asking for permission. It's the browser exe itself.

This seems like the bare minimum permissions for a web browser.

[–] [email protected] 77 points 11 months ago (1 children)

Windows asks for this permission when a program needs to accept unsolicited incoming network requests. Not something a browser normally requires.

[–] [email protected] 5 points 11 months ago

Unless you're doing a P2P video/voice call.

[–] [email protected] 8 points 11 months ago

Too bad this windows firewall dialog is really sparse on details. We really have no way have telling whether that is normal permissions or not.

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago)

Ive never gotten this request before though and ive been browsing for a while. I didn’t accept it and the browser continues working fine. Doesnt seem standard

[–] [email protected] 6 points 11 months ago

when my browser asks me for a firewall pass and i haven't directly and intentionally prompted that to happen i click "no"

[–] [email protected] 33 points 11 months ago (1 children)

Assuming you've gotten LibreWolf from a proper, verified source (GitHub, package manager like chocolatey), then there shouldn't be any issues.

But, to be on the safe side, check out your extensions and also plugins to verify nothing untowards has snuck it's way on to your system.

You could of course go into the Windows firewall, note what permissions LibreWolf has, then allow it and check again to see what was added.

But, chances are, LibreWolf (don't use it myself) asked to access either magnet links or other ports other than 443 or 80. If LibreWolf has built-in torrent support or you've installed an extension that does, it will require some other ports to function.

[–] [email protected] 2 points 11 months ago (1 children)

I got it from chocolately.

Wait why accept the permission? I don’t really want to risk it installing something I don’t notice

[–] [email protected] 0 points 11 months ago* (last edited 11 months ago)

It's a firewall access prompt. In true MS fashion it won't tell you what ports it is opening.

So by accepting you're not giving the app any permissions like say read-write permission or administrative access, but if the app should have access to a port on the network.

Standard ports for the web are 443 (HTTPS, TCP) and 80 (HTTP, TCP). Torrents use other ports and a combination of TCP and UDP packets.

Search for "firewall" in the start menu. The firewall manager shows you all the ports an IPs that are allowed or blocked, along with ports and protocols.

[–] [email protected] 4 points 11 months ago (1 children)

Do the dev tools show anything interesting? Networking calls, etc?

[–] [email protected] 4 points 11 months ago

Im not really knowledgeable enough to be able to spot whats interesting.

Although something strange about it is if I try to stream something on ext.to with Inspect Element open it automatically closes the stream player and refreshes the page every time. So its impossible to view the networking tab and see what the player causes to show up