I've done this exact approach before. It's a good way to exfiltrate data. Post the software on GitHub pages, or a popular CDN that co-hosts other shared libraries and you've got a very difficult to block method.
Really goes to show that it's very difficult to stop a motivated and informed actor.
skinfaxi 6 hours ago||
If you can connect to Github pages couldn't you exfil that way? This takes 2 mins for 100KB.
thedougd 4 hours ago||
Not quietly. Uploads are commonly monitored by data loss prevention (DLP) solutions, especially when MITM is being used for corporate proxy.
Downloading a tiny JS from a CDN, or accessing a GitHub page is mostly noise, especially if obfuscated well.
skeptic_ai 5 hours ago||
Npm install qr-made-up-name
Can show qr in console. How do you stop that?
thedougd 3 hours ago||
I'm likely being overly specific, but blocking npm downloads, installation on corporate devices, etc is trivial in a restrictive corporate environment.
acrophiliac 5 hours ago||
What's the length limit? I tried pasting some text and got this message: code length overflow. (85700>18672)
alex_suzuki 7 hours ago||
Cool stuff. I’m fond of the “single HTML file” deployment option.
jaysyrk 3 hours ago||
I created a file optimizer, one single file. I was wondering if i could work with you to integrate that into your project. Lmk!!
Aleesha_hacker 4 hours ago||
Let Ai help you research not write keeps the content human and original
encom 3 hours ago||
We used to be able to send arbitrary files between phones using Bluetooth. Where did that go? We had a bit of a music piracy ring going at school for a time. Good times.
villgax 8 hours ago||
What would make this truly portable is being able to generate this consistently with a short prompt and generate with a local LLM. That way no network calls or file hash can prevent this