Browser extensions are fraught with danger — which is why I rarely use them — especially those extensions that request your permission to:
- Access your data for all websites
- Access browser tabs
- Access recently closed tabs
- Read and modify bookmarks
- Download files and read and modify the browser’s download history
- Input data to the clipboard
- Display notifications to you
- Read and modify browser settings.
I mean…seriously!?! There is not a snowballs-chance-in-Hell that I would ever give permission to a browser extension to rummage around in my browser and change things, possibly add malware code in to my computer or device’s memory (i.e., the clipboard), as well as essentially look over my shoulder while I use that browser!
As you may have already guessed, I’ve been wary of browser extensions for a long time. I wrote about how dangerous browser extensions are back in 2011: Why We Need a Google Condom for Chrome Extensions and again in 2017: Why Browser Extensions Are Dangerous but there are an increasing number of security experts now recommending caution on your use of browser extensions. One such expert is the cyber investigator Brian Krebs who writes the excellent Krebs on Security blog. His latest post was just published on March 3, 2020 and gives great advice and reasoning behind limiting the browser extensions you install: The Case for Limiting Your Browser Extensions.
Add to that my specific intention to limit (or completely stop) tracking as best I can — which is why I’ve moved from Google’s Chrome to Firefox as my default browser — is why I am not just concerned about malware and rogue extensions, I’m more concerned about third-party trackers and the companies that enable them to flourish to our detriment.
A CRACKDOWN ON EXTENSIONS
Fortunately there is a move by major browser companies (i.e., Google with Chrome and Mozilla with Firefox) to crack down on rogue and dangerous extensions. Ars Technica had this article published January 30, 2020: More than 200 browser extensions ejected from Firefox and Chrome stores:
The crackdowns highlight a problem that has existed for years with extensions available from both Mozilla and Google. While the vast majority are safe, a small but statistically significant sample engage in click fraud, steal user credentials and install currency miners, and spy on end users—in at least one case, millions of users, some of whom were inside large companies and other data-sensitive networks.
WHAT IF THE EXTENSION IS FROM A TRUSTED COMPANY?
“When you use the Websites or Products, we automatically gather information made available by your web browser (such as Microsoft Edge or Google Chrome), Internet service provider (such as Comcast or Time Warner), and device (such as your computer, phone, or tablet), depending on your settings for each. For example, we may collect your IP address, information about the operating system or type of device you use, the date and time you access the Websites or Products, and the location of your device.
Generally, the information addressed under this section is anonymous and does not, standing alone, directly identify you; however, it could possibly identify you when associated with other information. For example, if a third party were to see your IP address, they would not automatically know your name—yet your name could be associated with your IP address by your Internet service provider if you are the named accountholder.“
You could argue that the above is boilerplate and all organizations do some form of this type of data aggregation. But when that data is has specific intents like the following, it shows how they intend to use your data AND allow it to be shared by third parties:
“What about Third Party practices?
Third Party Cookies and Web Beacons: Advertising agencies, advertising networks, and other companies (together, “Third Parties”) who place advertisements on the Websites and on the Internet generally may use their own cookies, web beacons, and other technology to collect information about individuals. Except as expressly provided herein, we do not control Third Parties’ use of such technology and we have no responsibility for the use of such technology to gather information about individuals. It is up to you to familiarize yourself with the privacy practices of such Third Parties.”
Remember this quote when something like this useful extension is free, “You are not the customer. You are the product.”
WHAT EXTENSIONS CAN YOU SAFELY INSTALL?
“…a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared.“
Though Firefox’s new privacy and anti-tracking capabilities are excellent, Privacy Badger completes the capability I seek to make tracking and surveillance even harder for the hundreds of third-party trackers out there. Firefox’s creation organization, Mozilla, also has a rigorous vetting process for extensions and has a short list of verified extensions that do not violate their Recommended Extensions program guidelines.
Here is the best article from Mozilla that I’ve seen yet on how to determine whether or not a browser extension is worthy of (and safe to) install. but if you already know these tips (or have read Brian Krebs’ article above), at least pay attention to wise advice like this from Dan Goodin, the writer of the previously linked-to article from Ars Technica:
“There’s no sure-fire way to know if an extension is safe. One general rule is that there’s safety in numbers. An app with millions of installs is likely to receive more scrutiny from researchers than one with only a few thousand. Another guideline: apps from known developers are less likely to engage in malicious or abusive behavior. The best rule is to install extensions only when they truly provide value. Installed extensions that are used rarely or not at all should always be removed.”
As I take steps to extract myself from Google (and others) ubiquitous tracking, I’ve been paying attention to anything related to Google’s Chrome browser. In my news feed yesterday, I came across this threaded discussion in Hacker News: Google tracks individual users per Chrome installation ID.
I was stunned to learn that every install of Chrome generates a unique ID just for you and it’s possible that Google is using this install ID to track us. As soon as you log in to any Google account with that new installation of Chrome, it’s also likely linked directly to your individual Google profile.
Not only is this completely “evil” on Google’s part if true and they’re using this ID for browser fingerprinting, but it also means it is a complete violation of Europe’s General Data Protection Regulation (GPDR) and would result in massive fines for the company.
In order to get a deeper sense of what was going on, I went out and did a bunch of online searching (using my now preferred search engine, DuckDuckGo, of course). There are dozens of developer and tech site articles and posts that helped me fully understand what is going on, and why developers (and those of us who care about security and privacy) are so upset, concerned, and making a huge fuss to get an answer out of Google.
“On Tuesday, Arnaud Granal, a software developer involved with a Chromium-based browser called Kiwi, challenged a Google engineer in a GitHub Issues post about the privacy implications of request header data that gets transmitted by Chrome. Granal called it a unique identifier and suggesting it can be used, by Google at least, for tracking people across the web.”
“Each and every install of Chrome, since version 54, have generated a unique ID. Depending upon which settings you configure, the unique ID may be longer or shorter.
Irrespective, when used in combination with other configuration features, Google now generates and retains a unique ID in each Chrome installation. The ID represents your particular Chrome install, and as soon as you log into any Google account, is likely also linked directly to your individual Google profile.
The evil next step is that this unique ID is then sent (in the “x-client-data” field of a Chrome web request) to Google every time the browser accesses a Google web property. This ID is not sent to any non-Google web requests; thereby restricting the tracking capability to Google itself.”
Google needs to address this and quickly. Just about every developer I know has abandoned Chrome and are using Firefox exclusively (as am I).
The Transportation Research Center at Argonne National Laboratory recently published this U.S. Plug-in Electric Vehicle Sales by Model analysis. It turns out the Honda Clarity PHEV is not selling well at all.
Introduced in the fall of 2017, the Honda Clarity PHEV sales for that year were only 903 vehicles. In 2018, sales leapt to 18,602 and, as of the end of 2019, have fallen back to 10,728.
Perhaps radically slowing sales are due to people have so many issues with the car and telling anyone who will listen not to buy it. Or maybe it's because cars like the Tesla Model 3 (with 50% of the EV market as of now) has turned out to be the smarter investment. Or perhaps it's because Honda has pulled back sales to California only, and will likely soon discontinue the car.
Thought you'd enjoy seeing this spreadsheet of sales, by model, in order of market introduction:
To view more details, notes, and acronyms, please download the Excel spreadsheet.
Below are two screenshots of the Excel spreadsheet I downloaded and then highlighted the Honda Clarity Plugin sales in red:
- The left one is sorted by sales from model introduction.
- The right one is sorted by total sales. Note that the Tesla Model 3 was shipping at the same time the Honda Clarity was in 2017.
Click on either of them to see a larger view:
It’s been years since I’ve gone to the Consumer Electronics Show (CES) in Las Vegas, so had considered doing so this year as I could grab a cheap airfare or would likely just drive there as I’m only 4.5 hours away! With other commitments I found myself unable to go to CES, so this morning I went on the hunt for good videos from the show, and came across ones from CNET at their dedicated CES website.
As much as I was delighted to find that site and it is filled with excellent videos from the tens of thousands of products at CES, I must admit that I’ve got a love-hate relationship with CNET though, even though I fully realize they (like most media companies) are struggling to find the sweet-spot on making money vs. pissing off their visitors to the point they’ll stop visiting:
- Their websites are a nightmare of popups, snarly ads, and visual noise which are especially bad when reading on my iPad.
- For years their “CNET Downloads” site saw near-malware installation on PCs and Macs and I spent many hours cleaning (or helping clean) people’s systems who inadvertently trusted them.
So even though their dedicated CES website is organized very well and it’s easy to find specifically what might interest you, instead of the website you might want to go to CNET TV channel on YouTube instead.
If you don’t want to go poke around their site, embedded below is their “Best of CES 2020” recap you’ll likely find interesting:
Today is Saturday, November 16, 2019 and my wife, son and I were going to take off for a family luncheon event. I went in to the garage to move the Honda Clarity so they could climb in easily, and I was stunned to discover…
…that for THE FOURTH TIME SINCE JUNE the Clarity would NOT START!
The dealer, Rancho Santa Margarita Honda, has had the car for a total of 15 days at their facility since I purchased it, they’ve gone through the car at length, and cannot determine what’s wrong.
After the last time it didn’t start at the end of October, the Service Drive Manager, Doug Jezowski, promised me he’d contact Honda and have a field service engineer (FSE) come out to examine the car. I dropped it off on Tuesday, November 5th so they could perform the 10,000 mile service a bit early, and so the FSE would have time to do his magic diagnosis.
After having the car for four days, Doug called me on Saturday the 9th to tell me that “the FSE can’t come out just yet and it might be another two weeks or so” and that I could come over and pick up the car.
To say I am filled with rage is an understatement!!!!!!
I don’t trust the car. Can’t count on it starting or, after this happened three days after I bought the car, my wife won’t drive it and I’m leery of the car and its performance. But the car not starting is a fucking joke for a car that retails for nearly $38,000.
Here is what happened each time my car won’t start:
Lemon Law Attorneys
On Monday I’m going to pull together all paperwork and formally engage with a Los Angeles law firm that specializes in California lemon law. At this point I just want Honda to buy the car back since they do not seem to give a shit about whether or not they fix the car.
Other Honda Clarity Complaints
Here are others having the same issues:
- National Highway Transportation Safety Administration complaints about the 2018 and 2019 Honda Clarity PHEV
- InsideEV forum on Honda Clarity problems
- Honda Clarity forum on problems
My Own Fault for Trusting Honda
Then there’s this old clip from the movie Animal House which sums up how I’m feeling … and identifying with Flounder as fraternity rush chairman, “Otter” (played by Tim Matheson), puts his arm around him and says this:
This was amusing and thought you’d like to watch it … especially if you get flummoxed with technology!
Last Friday afternoon I hopped in to my car to run errands after not having driven the car for two days (I’m heads-down on a project so didn’t go anywhere). Pushing the Power On button did … nothing. “Oh shit!” I thought, “the Clarity is dead again!”
So for the second time in the month of September, I contacted Honda Roadside Assistance and they dispatched a tow truck to give me a jump. As it was nearly 5pm the dealer, Rancho Santa Margarita Honda, couldn’t see the car until Monday. It is now Tuesday afternoon and they need to order a part (the “battery charge monitoring system”) and will keep the vehicle until Wednesday.
This is getting ridiculous. My wife won’t drive the car after our first incident, and now I don’t trust the car being able to start if it sits for more than a day. Also, my confidence in the dealership is low, as-is my belief in American Honda doing the right thing and fixing this car.
I’m doing three things to go forward:
- Working with Honda Customer Support who has assigned a Regional Case Manager so we’ll see if that individual can finally be effective and take some action.
- Contacted Tesla to see what they’d give me for a trade-in on the Clarity for a Model 3 Long Range.
- Contacted the Ana Brown, Customer Relations Manager at American Honda Motor Company, Inc.
So we’ll see what happens next.
Admittedly I’m a technology snob. I’ve always purchased relatively good DSLR cameras, high end computers and devices, excellent microphones and sound editing gear, and have tried to find the sweet-spot of best quality vs. price.
When it comes to cameras, however, I’m always torn about taking a bag with the camera, two lenses, and a tripod with me to shoot photos. It’s too much bother and fuss, even though the images I can capture are outstanding!
A few years ago we went, as a family, to Italy. I wanted to enjoy the trip and knew that it would be hot and I would not want to carry a big bag with lenses, or even a single, big DSLR camera with one “walking around lens,” an 18-200mm one that would cover what I’d likely need on our trip.
Instead I purchased the best small travel camera on the market at the time (and arguably still the best travel camera as Sony just released version 7), the Sony RX100 M2. While the “reach” of this camera’s lense was not what I wanted, the photo quality was unbelievably good and I got some good photos on the trip.
So with upcoming trips in 2020 — and no desire to carry my big Nikon on any of them — I decided to purchase the Sony RX100 M7 which now does have a better lense, microphone input and other great features. I even had it in my Amazon cart with all of its accessories and the cart total was close to $2,200.
THE IPHONE 11 PRO MAX
Then I watched the Apple September 2019 keynote where the new iPhone 11 series was introduced and I made my decision: I would preorder the iPhone 11 Pro Max with 512GB of storage and NOT buy the Sony RX100M7.
Wait just a dang second Borsch … what!?!
For quite some time I’ve been watching the acceleration of computational photography and have realized we are at (or very close to) the tipping point where smartphones will supplant every kind of photo capture device except for truly high-end, professional cameras.
In fact, check out this paper and the video on this page about 3D rendering and creating a “Ken Burns effect” from *a single image* as it shows what’s possible computationally with photography.
One could argue we are already there, what with camera company sales down trending dramatically, according to a brilliant tech analyst and writer Om Malik. Om wrote this post about the down trending of camera sales and included this graph:
One of Om’s reasons for this decline is the acceleration in smartphone sales and the “good enough” quality of images shot on these devices. While I recoil at the thought of millions of muddy, not sharp, bad color photos being shot by hundreds of millions of us around the world, this is the future of photography whether we “prosumers” or “pros” want it or not.
Having heard this (possibly apocryphal) response by a professional photographer to a novice who had asked, “What’s the best camera I should buy?” and the pro’s response was, “The one you have with you” have made me realize how many times I’ve been somewhere when a great photo opportunity has presented itself.
Yes, this is a glib response to a legitimate question, but one thing is clear: If you don’t have your camera with you, you are unable to take any kind of photo and almost all of us have our smartphones with us all the time. I know I do.
So when I saw the computational photography capability of the new iPhone 11 Pro Max, I knew that I’d have to buy it and not buy the Sony RX100 M7.
By the way, I still often go out with my sole intention of taking photographs and schlep all of my gear with me. But now that I have tripods and a gimbal for my iPhone (and have had them for some time), now that I will be able to take better quality photographs I’ll use these accessories even more.
Food for thought…
Thought I’d write a quick update as a full post, rather than update yesterday’s post here.
Since the battery was dead in my Clarity so I couldn’t start the car, I called Honda Roadside Assistance. The tow truck driver did jump the car and it started, but there was something obviously wrong so I had the car towed to my dealer, Rancho Santa Margarita Honda, on Tuesday in the early afternoon.
Finally, after TWO DAYS of repeated calling and talking to several of the service advisors to find out what was going on with my car (there were seemingly multiple advisors on my car and no one returned my phone calls promptly or had answers) I picked up the car late yesterday after calling-in to talk to the general manager of the store to get some action.
The punchline? Is the car fixed? I have no idea but suspect it is not. Why? Because there is NO explanation as to why the battery was completely dead. Or why the check-engine light was on four times in July and August with the same error codes. Forget about any explanation on all the other issues I’ve had like this dangerous one after only a few days with the car.
The fix? Basically the service tech “reset” the car by clearing the codes, reset the steering and braking sensor system, but apparently did not identify any root problems with the control systems in the car. There were no software updates required (or performed) and apparently no aberrations or issues uncovered, even though there were several error codes and all of them show that there is some issue with the car’s internal communications system (likely bugs in the software and/or problems in the communication bus within the car itself):
- P1D00 – All CAN Malfunction Battery Condition Monitor Module – CAN is the bus and it talks over the powertrain control module (PCM). My guess all along is that there was some kind of fundamental bug in the software control system which is spawning errors.
- U0100 – Lost Communication with ECM/PCM “A” – More of those “lost” communication problems.
- U1204 – Invalid or Missing Data for Steering Column – The Transmission Range Sensor (also referred to as the PRNDL input an/or neutral safety switch) tells the transmission control module (TCM) an the engine control module (PCM) that the transmission is in park, reverse, neutral, drive, low, 2nd, 3rd etc.
- U1600 Reverse Input Circuit – The reason for a U1600 error is to cause the service tech to check system wiring, connectors, or other electrical components which are subject to failure. Another reason why I think there is a computer system malfunction within the car itself.
In my printed receipt, here is what they gave me showing what they found and the action they took to “fix” my problems:
After reading this Inside EV forum thread about others with goofy Clarity electronic issues, my level of confidence in the Clarity is at an all-time low, after only three months with the car and 4,600 miles.
I’m going to give it two weeks and, if there are continued problems, I’ll ask Honda to buy back the car or I’ll sell it on the secondary market (or likely trade it in on a Tesla Model 3).
To be continued…
My Honda Clarity is dead.
No, this is not a post about the fact that Honda has pulled back the Clarity PHEV from multiple states to only California. It’s also not because my confidence in the Clarity is low after owning this car for only a few days and then this happened. Or that my wife says, “Just so you know, I am NEVER driving that car!”
Instead the reason I’m saying the Clarity is dead is because, after a long Labor Day weekend with it parked in the garage, I went out two hours ago to run errands in the car and NOTHING on the car worked!
Sigh…I verified it has a fully charged 17kw battery from being plugged in while we were away but I couldn’t get anything on the car to work. Once I unplugged the car and shut the plugin’s door, even THAT would not open. The 4-way flashers were dead. I couldn’t even put the car in neutral to move it out of the garage. There was no charge in the car at all and, like a desktop computer with a bad power supply, the car was not going to “boot up.”
Called Honda’s Roadside Assistance and they arranged to have it towed to the dealership from where I bought the car. That gave me time to read several forum posts about others who have had this same issue, but people said it’s due to dealers not keeping the 12V battery charged up on their lots caused the battery to drain and die. My car had just come in days before I bought it, so that’s highly doubtful.
Adding to my frustrations with this car is that the check engine light comes on frequently and the dealer sees no error codes or anything wrong when I have them look at it. My only conclusion is that this is one poorly engineered automobile.
First car I’ve owned in all my decades on this earth that I haven’t been able to just get in and drive, all while ensuring I maintain it properly. I’m constantly fretting over the Clarity and am wondering when the next issue will appear … but I didn’t expect this on a brand new car with just over 4,000 miles on it.
Unfortunately American Honda’s escalated customer service folks have been no help at all with any of these issues (and are likely instructed to ‘admit nothing’ to ensure Honda isn’t opened-up to any liability). The dealer is great, but they just shrug and say, “Ah…we don’t see anything wrong.”
Guess I should have bought that Tesla Model 3 after all.