Ok, so far it seems that the technical changes in Firefox are limited to a consent page. If you disagree the extension won't do anything and suggest that you uninstall. If you agree the same data is transmitted as before (minus page title).
Somehow my quick and dirty tool to make minified JS code readable turned into a pretty versatile pattern matching framework. At this point it can undo quite a bit of readability damage already, and adding new patterns is fairly easy.
Sometimes I almost regret not collecting IP addresses of blog commenters, this comment was likely sent from Avast headquarters. Seems to be the kind of logic a company would use to justify going behind users' back. They are fighting for data freedom!
Any hints on how to report McAfee security vulnerabilities? I tried the official process documented under https://www.mcafee.com/enterprise/en-us/threat-center/product-security-bulletins.html but my mail to firstname.lastname@example.org didn't trigger the automated response. And email@example.com bounces.
There is a redirect set up for security.txt on http://mcafee.com domain but it points to a non-existent file of course...
In case anybody considered Amazon Echo an exception: no, Google Assistant sends audio recording to the "cloud" and now we know for sure that Google employees can listen in: https://twitter.com/mikko/status/1149025136173113344. Big surprise.
If you ask me...
After some iterating, things look somewhat better now, in particular less cluttered - access keys are indicated by underlining the letter wherever possible. This is how the same screen looks now when pressing the Alt key.
Actually, combining Unicode property escapes with the heuristic above as fallback is easy enough. So in current Chrome my isLetter() function will use the more correct approach while in Firefox it will be the simple but not quite correct fallback code.
I think that I'll use the function below - a letter is something that is modified by toUpperCase() or toLowerCase(). This excludes some more exotic letter variants, and it just won't work on scripts like Hebrew or Arabic, but it should do for my use case for now.
And PfP options are part of the pop-up now. You can still get to them the way your browser lets you configure extensions. But quite frankly, how many people managed to find them there?
Selecting a site got its own tab now, so it's visually different from choosing an alias for a site and should no longer confuse anybody.
A big one: no more "Easy Passwords 1.x compatible password" here, weaker password generation is gone for good. If you still had any legacy passwords these will be converted to stored passwords now, same happens when importing backups with legacy passwords.
Previous screenshot shows a minor improvement: website name is a link now. Here is one more: you can copy the user name from the password menu. Oh, and you can navigate both the password list and the password menu with arrow keys: https://pfp.works/documentation/keyboard-navigation/
Wladimir Palant, software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.