Hearing a lot of concerns about changing UI. I get it. You like how URLs are now. But we're in a sad state for security: hard to enter correctly, people don't check when they should, and easy to make convincing spoofs. We shouldn't accept the status quo just bc change feels hard.https://twitter.com/__apf__/status/1037057121961967616 …
-
-
that covers a lot of tracking/analytics for sure, but not all of it
-
Well (aside from styling with a malicious font, which has different mitigations), it covers all ways to get a user to enter a password and grab it without the browser "seeing" that the site is asking for a password.
-
when you say "malicious font" are you referring to something like a VM bug (UAF or BoF or something) in a font parser? or something else
-
No, a font where all characters look like ••••••• for a hunter2 effect, to trick the user into entering a password into a form field the browser doesn't realize is a password field. Also used to break password managers.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.