Lots of developers and power users make a good chunk of Arc's use base. If you're after some interesting credentials then "every Arc user" is a perfect group with little noise.
If I had to guess, the typical Arc user is a Mac user in tech. It doesn't run on Linux, most windows users wouldn't run it, and non-tech people haven't heard of it.
Then most engineering IC people will most likely run Firefox or Chrome, so you're probably looking at designers/founders/managers as your target.
Probably some interesting targets there, but not the type that the NSA cares about. Just pure conjecture on my part of course ;).
I've seen quite a few. In one of my clients's Slack there are at least a couple people advocating for it all the time. They're mostly DLs or in similar roles. I also know at least one developer who uses it.
I used it for a while for a very limited use case. Some interesting concepts. Mostly I found it annoying though. I also didn't like the sign-in thing but still wanted to experiment. I have dropped it altogether and kept Firefox as main browser (as it's been for many years) and Safari as a secondary. Both work much better overall for my needs.
my brother uses arc browser , he is a developer .
I think he saw it from somebody using it (maybe theo t3 or some other creator he watches) , and he found it cool (plus there were lot of videos flooded with saying arc is really great IDK)
If someone finds something cool on the internet. They are going to try it , given that they are capable to do so.
He had a mac so he was able to do so , Even I tried to run arc on windows once when it was really beta and only available to mac (I think now it supports windows not sure)
I just kindly want to state that if the nsa could've bought this exploit , they could've simply waited and maybe even promote arc themselves (seems unlikely)
Maybe they could've tried to promote the numbers of arc users by trying to force google and microsoft search engine through some secret shady company advertising / writing blog posts for arc / giving arch funding or like how we know that there are secret courts in america
( and since these search engines basically constitutes for a high percentage of discovery of stuff by search engine by users)
People could've credited the success to arc in that case for getting more users but the real winner would've been NSA.
Everyone else at work likes it, so I signed up with my work e-mail address and use it for work. All of my complicated browsing needs are done for work, so there's a good fit there.
no I meant that
though you need to login , i think arc isn't available on linux , only mac (or maybe windows though not sure , I see some issues + the security issue)
Ye it required login and my brother logged in (just see ! , the amount of friction to login etc. yet my brother , whom I would consider to be a little conscious of security still gave to try it in the first place)
Firestore rules are in "lock mode" (no read or write allowed) by default since a long time. Then, everything is ultra well explained in the docs.
I was already aware of it when being a noob dev 10 years ago, and could easily write a rule to enforce auth + ownership in the rules. No way, seasoned devs can miss that.
yes. I feel sad that now we have created an incentive where selling to the govt.'s is often much lucrative than telling to the vulnerable party (arc in this case)
(just imagine , this author was great for telling the company , this is also a cross platform exploit with very serious issues (I think arc is available on ios as well))
how many of such huge vulnerabilities exist but we just don't know about it , because the author hasn't disclosed it to the public or vulnerable party but rather nsa or some govt. agency
Also, shame on firebase for not making this a bit more idiot proof.
And really? $2500? That’s it? You could’ve owned literally every user of Arc… The NSA would’ve paid a couple more zeros on that.