<!DOCTYPE html>

<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <br>

    <blockquote type="cite"

cite="mid:CA+TuoW2TGswQW+B64v8Zz=SkJ+Y-PFcq43UwC8o1ss-Nyab5ow@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div>

          <div style="font-size:small" class="gmail_default">We

            discussed snap and its pitfalls on this mailing list

            before. </div>

          <div style="font-size:small" class="gmail_default"><br>

          </div>

          <div style="font-size:small" class="gmail_default">It is being

            targeted more and more by malware peddlers </div>

          <div style="font-size:small" class="gmail_default"><br>

          </div>

          <div style="font-size:small" class="gmail_default"><a

href="https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/"

              moz-do-not-send="true" class="moz-txt-link-freetext">https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/</a></div>

          <div style="font-size:small" class="gmail_default"><br>

          </div>

          <div style="font-size:small" class="gmail_default">Again,

            depending on which variant of Ubuntu you use, and what

            software you need, you can uninstall snap completelylike I

            do.</div>

          <div style="font-size:small" class="gmail_default">(e.g.

            Xubuntu, no need for lxd, install Firefox from PPA, ...)</div>

        </div>

      </div>

    </blockquote>

    <p>Looking into details of article, potentially through my own lens,

      article contains story about two points: (a) trust 3rd party

      distributor, (b) "Why flashlight needs to send email".</p>

    <p><br>

    </p>

    <p>(a)</p>

    <p>From tldr;<br>

      .. [scammers] now registering expired domains belonging to

      legitimate snap publishers, taking over their accounts, and

      pushing malicious updates to previously trustworthy applications.</p>

    <p>This is a problem with everyone. ... we ask users to be vigilant.

      ... or users encouraged to trust that store has done vetting.

      Where did "ask a friend" go?</p>

    <p>In old times, pretending to be someone else has carried

      non-trivial penalty, if I am not mistaken. It ain't new attack.</p>

    <p><br>

    </p>

    <p>(b)</p>

    <p>If it is in a snap, you'd expect some walls to not let a

      flashlight send email with your wallet password into wild world.

      Missed opportunity, in my view.</p>

  </body>

</html>