<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (jm)</title>
    <link>https://pinboard.in/u:jm/public/</link>
    <description>recent bookmarks from jm</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-the-test-they-clicked-they-paid-they-failed"/>
	<rdf:li rdf:resource="https://www.oblomovka.com/wp/2025/03/12/llms-and-humans-unite-you-have-nothing-to-lose-but-your-chores/"/>
	<rdf:li rdf:resource="https://blog.zgp.org/google-chrome-checklist/"/>
	<rdf:li rdf:resource="http://daringfireball.net/2014/04/rethinking_what_we_mean_by_mobile_web"/>
	<rdf:li rdf:resource="http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/"/>
	<rdf:li rdf:resource="http://cyberlaw.stanford.edu/node/6695"/>
	<rdf:li rdf:resource="https://chrome.google.com/extensions/detail/ppoadiihggafnhokfkpphojggcdigllp#"/>
	<rdf:li rdf:resource="http://www.thegibson.org/blog/archives/689"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-the-test-they-clicked-they-paid-they-failed">
    <title>&quot;Scamlexity&quot;</title>
    <dc:date>2025-08-25T16:15:30+00:00</dc:date>
    <link>https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-the-test-they-clicked-they-paid-they-failed</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Terrible name, but a serious issue all the same; "Agentic" AI browsers are happily vulnerable to scams and phishing --

<blockquote>
All we did was fake a simple email from a fresh new ProtonMail address (so it’s clearly not from a bank) posing as a message from a Wells Fargo investment manager. Inside was a link to a genuine phishing page, active in the wild for several days, and still unflagged by Google Safe Browsing.

When Comet received the email, it confidently marked it as a to-do item from the bank and clicked the link without any verification. There was no URL check, no pre-navigation warning -just a direct pass to the attacker’s page. Once the fake Wells Fargo login loaded, Comet treated it as legitimate. It prompted the user to enter credentials, even helping fill in the form.

The result: a perfect trust chain gone rogue. By handling the entire interaction from email to website, Comet effectively vouched for the phishing page. The human never saw the suspicious sender address, never hovered over the link, and never had the chance to question the domain.
</blockquote>]]></description>
<dc:subject>browsers ai security infosec scams phishing comet</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:9f7ed8c4aa06/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:scams"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:phishing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:comet"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.oblomovka.com/wp/2025/03/12/llms-and-humans-unite-you-have-nothing-to-lose-but-your-chores/">
    <title>llms and humans unite, you have nothing to lose but your chores</title>
    <dc:date>2025-03-12T11:54:40+00:00</dc:date>
    <link>https://www.oblomovka.com/wp/2025/03/12/llms-and-humans-unite-you-have-nothing-to-lose-but-your-chores/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Danny O'Brien posts a nice little automation script co-written with Claude.AI which has a couple of noteworthy angles; (1) instead of scraping the Uber site directly, it co-drives a browser using the Chrome DevTool Protocol and the `playwright` Python package; and (2) it has inline requirements.txt specifications using `uv` comments at the top of the script, which I hadn't seen before.

I like the co-driving idea; it's a nice way to automate clicky-clicky boring tasks without using a standalone browser or a scraper client, while being easy to keep an eye on and possibly debug when it breaks.  Also good to keep an eye on what LLM-authored code is up to.

In the past I've used Browserflow as a no-code app builder for one-off automations of clicky-clicky web flows like this, but next time I might give the vibe-coding+CDP approach a go.]]></description>
<dc:subject>vibe-coding tools automation one-offs scripting web cdp google-chrome playwright claude hacks llms ai browsers</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:dc01fa4629b8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vibe-coding"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tools"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:automation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:one-offs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:scripting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cdp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google-chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:playwright"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:claude"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hacks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:llms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.zgp.org/google-chrome-checklist/">
    <title>Google Chrome ad features checklist</title>
    <dc:date>2023-10-04T16:40:20+00:00</dc:date>
    <link>https://blog.zgp.org/google-chrome-checklist/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[a list of ad-surveillance and AI-training features to turn off, both on our personal browsing and on your websites, courtesy of Don Marti]]></description>
<dc:subject>browsers chrome privacy data-privacy google</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b8a9db5ae318/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://daringfireball.net/2014/04/rethinking_what_we_mean_by_mobile_web">
    <title>Daring Fireball: Rethinking What We Mean by 'Mobile Web'</title>
    <dc:date>2014-04-09T14:22:49+00:00</dc:date>
    <link>http://daringfireball.net/2014/04/rethinking_what_we_mean_by_mobile_web</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>We shouldn’t think of “the web” as only what renders in web browsers. We should think of the web as anything transmitted using HTTP and HTTPS. Apps and websites are peers, not competitors. They’re all just clients to the same services.</blockquote>

+1.  Finally, a Daring Fireball post I agree with.]]></description>
<dc:subject>daring-fireball apps web http https mobile apple android browsers</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:4a495e79e6e2/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:daring-fireball"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:http"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:https"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/">
    <title>GCHQ report on 'MULLENIZE' program to 'stain' anonymous electronic traffic</title>
    <dc:date>2013-10-04T21:25:33+00:00</dc:date>
    <link>http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[By modifying the User-Agent: header string, each HTTP transaction is "stained" to allow tracking.  huh]]></description>
<dc:subject>gchq nsa snooping sniffing surveillance user-agent http browsers leaks</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:1836ffc3861d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gchq"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:snooping"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sniffing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:user-agent"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:http"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:leaks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://cyberlaw.stanford.edu/node/6695">
    <title>Tracking the Trackers: To Catch a History Thief | Stanford Center for Internet and Society</title>
    <dc:date>2011-07-19T16:50:22+00:00</dc:date>
    <link>http://cyberlaw.stanford.edu/node/6695</link>
    <dc:creator>jm</dc:creator><description><![CDATA[jaysus.  the Epic Marketplace online ad network performs a history stealing attack to determine if the viewer has recently visited 'pages about getting pregnant and fertility, including at the Mayo Clinic'.  very very scummy -- massive privacy violation (via Adam Shostack)

]]></description>
<dc:subject>privacy history browsers history-stealing css attacks security via:adamshostack epic-marketplace nai ads</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:40079b87a2c8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:history"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:history-stealing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:css"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:attacks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:adamshostack"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:epic-marketplace"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ads"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://chrome.google.com/extensions/detail/ppoadiihggafnhokfkpphojggcdigllp#">
    <title>TextAid - Google Chrome extension</title>
    <dc:date>2011-05-04T10:10:19+00:00</dc:date>
    <link>https://chrome.google.com/extensions/detail/ppoadiihggafnhokfkpphojggcdigllp#</link>
    <dc:creator>jm</dc:creator><description><![CDATA["It's All Text" for Chrome.  annoyingly, Chrome blocks forking of processes by extensions, so a daemon process (provided) needs to be running separately, but otherwise it works nicely.  Particularly nice is that the daemon is just written in dependency-hell-free perl rather than Node.JS ;)]]></description>
<dc:subject>text editing chrome extensions add-ons browsers web</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:632390b14f78/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:text"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:editing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:extensions"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:add-ons"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.thegibson.org/blog/archives/689">
    <title>Chrome extension: edit textarea in an external editor</title>
    <dc:date>2009-12-10T22:30:41+00:00</dc:date>
    <link>http://www.thegibson.org/blog/archives/689</link>
    <dc:creator>jm</dc:creator><description><![CDATA[very new, but heading in the right direction (although the idea of using a browser action is probably not correct).  This is the last hold-up for me to switch]]></description>
<dc:subject>chrome web browsers google editing external editors vim emacs</dc:subject>
<dc:identifier>https://pinboard.in/u:jm/b:62e69286b35d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:editing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:external"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:editors"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vim"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:emacs"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>