Nadim Kobeissi

Surely all Facebook has to do is rename a function to get around this?

It could also be possible to selectively disable OTR based on different users being served different pages. If a warrant is served for a particular user, they are served the...

As it stands, it's less of a targeted DoS and more of a targeted compromise of confidentiality. How can you implement, with high assurance, the detection of Facebook serving a...

Facebook can not only break the hooks, they can do so while still misleading the extension into believing that the hooks are actually working.

I've been developing Chrome extensions for three years. I think you don't understand the danger I'm trying to outline here. Even though the internal state of the Chrome extension may...

Facebook may not be able to replicate your interface cues, but they can trick your extension into replicating them even while nipping out its encryption functions.

If I have time I'll create a testbed DOM page which activates the extension by making it detect a supposed Facebook chat interface. Then I'll demonstrate how by modifying the...

Please merge this!

Please merge this!

Any help on this would be appreciated.