←back to thread

Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)
645 points helloplanets | 2 comments | 24 Aug 25 15:14 UTC | HN request time: 0.566s | source
Show context
theideaofcoffee ◴[24 Aug 25 15:32 UTC] No.45004998[source]
Beyond being a warning about AI, which is helpful, you really should be taking proper security precautions anyway. Personally, I have a separate browser that runs no extensions set aside that's solely dedicated to doing finance- and other PII-type things. It's set to start on private browsing mode, clear all cookies on quit and I use it only for that. There may be more things that I could do but that meets my threat threshold for now. I go through this for exactly the reason in the tweet.
replies(8): >>45005107 #>>45005112 #>>45005240 #>>45005242 #>>45005255 #>>45005338 #>>45005378 #>>45005931 #
netsharc ◴[24 Aug 25 15:44 UTC] No.45005112[source]
Gee, I really haven't considered your approach.. considering extensions can really be trojan horses for malware, that's a good idea..

It's interesting how old phone OSes like BlackBerry had a great security model (fine-grained permissions) but when the unicorns showed up they just said "Trust us, it'll be fine..", and some of these companies provide browsers too..

replies(1): >>45005172 #
1. delusional ◴[24 Aug 25 15:50 UTC] No.45005172[source]
> Trust us, it'll be fine..

That's because their product is the malware. Anything they did to block malware would also block their products. If they white listed their products, competition laws would step in to force them to consider other providers too.

replies(1): >>45011749 #
2. dns_snek ◴[25 Aug 25 08:54 UTC] No.45011749[source]
> If they white listed their products, competition laws would step in to force them to consider other providers too.

Uh, you're describing SafetyNet and at least a dozen similar anti-competitive measures by big tech. They've been doing this for years and regulators have basically been ignoring it. DMA over on the EU side hints at this changing but it's too little too late.