Re: [Trisquel-users] Web Browser

[Adonay Felipe Nogueira]

> When you quote automatically whole (especially lengthy posts) it is
> difficult to follow what exactly you are commenting on (without

Sorry, I'll do trim-posting now. :D

> I have sent this using the Contact link on this site. No reply so
> far. No fix either. Hopefully someone will look into it.

I tried to look it up, and it doesn't seem that your issue was sent
using the issue tracker, so I made this one:

https://trisquel.info/en/issues/23884

Re: [Trisquel-users] Web Browser

[studio]

After some help from devs I was able to run the program. Unfortunately it  
seems unable to open any site using SSL. There are no any background  
chattering connections but still it seems quite limited and the interface is  
not really anything I am used to (there is practically no humanly UI).  
Perhaps worth considering in future when it becomes usable.

Re: [Trisquel-users] Web Browser

[studio]

https://www.reddit.com/r/firefox/comments/7x59ey/firefox_making_requests_without_consent_even_in/

Re: [Trisquel-users] Web Browser

[studio]

Latest commits on github are from 2018-01-05.
And the issue I reported already got a reply (2 hours).

Re: [Trisquel-users] Web Browser

[ar018]

> https://www.uzbl.org/

Latest news is from 2016.11.27 and it is not included in Debian, hinting that  
maybe it is not yet quite ready for prime time.

Re: [Trisquel-users] Web Browser

[studio]

I just found a project you may be interested to check:

https://www.uzbl.org/

Unfortunately I am getting some errors when running 'make', so I can't share  
anything more.

Re: [Trisquel-users] Web Browser

[studio]

Update:

I received a reply from IceCat's developer. He is working on improvements to  
IceCat (and Abrowser) to fix the previously mentioned issues.

Re: [Trisquel-users] Web Browser

[studio]

We are in the same both.

https://trisquel.info/en/forum/family-privacy-again?page=1#comment-127273

Re: [Trisquel-users] Web Browser

[ar018]

> Same with privacy. If I say (like it's popular) "I have nothing to hide" am  
actually saying "I don't care about you either. Anything you send to me can  
end up in the wrong hands."


I see your point. And I was a bit exaggerating (or misrepresenting the  
matter) when I said "not concerned enough to protect my privacy". More  
precisely, I take some radical "root" precautions and leave it at that,  
omitting minute details. I'll cover my reasons sometime in the other thread  
in troll lounge.


My current precautions (which are relatively basic and easy to implement)  
provide for reasonable privacy against commercial intrusion, while it's  
nowhere near protecting me from institutional intelligence (local and global  
governments). I believe it is somewhat futile to achieve that, anyway, as  
root DNS servers are owned, the whole internet backbone is owned,  
communication channels are owned, certificate providers are owned... we are  
living in a glass chateau on internet.


Internet aside, I carry a mobile (dumb 2G) phone, bank cards, various other  
cards registered to my name. If need be, my steps can be counted. :) With  
this grand technological infrastructure (internet and non-internet) real  
security and privacy can only be achieved through hiding and isolation,  
neither of which I can afford. And mind the thumb rule of security: It's a  
chain. A single broken link can be enough to nullify all the other security  
measures you took.


While you may feel secure with your browser settings and internet usage  
patterns, these are only effective against commercial intrusion. As for the  
government intelligence, all your traffic is flowing through "glass pipes"  
and I wouldn't rely much on https either.


So I know my limits and don't bother to achieve a security/privacy level  
beyond commercial intrusion. That's what I have meant with "not concerned  
enough to protect my privacy".


I believe it's not a defeatist approach, it's a sober one.

Re: [Trisquel-users] Web Browser

[studio]

> I'm only interested in it as a technical debate, and not concerned enough  
to protect my privacy. I don't know why - I should have been.


Is there is really such thing as "my"? Take health as an example: I may be  
fairly careless about my health by assuming that it is *my* health and I can  
do whatever I want with it because it affects only me and nobody else.


But when I am ill I need more resources to recover my health. They also need  
to be of higher quality because when I am ill my body needs special care. All  
these resources don't fall from the sky - they come from other people. So  
basically I am exploiting the energy other have put in it because I have been  
careless. Additionally while I am ill I loose my capability to take care of  
others efficiently too and they may be suffering not due to irresponsibility  
(like me) but due to some actual unfortunate. So by being irresponsible to  
myself I am actually irresponsible to others. I become a useless parasite.  
That's why it is my ultimate responsibility to be in good health and  
condition, and that is not selfishness - on the contrary.


Same with privacy. If I say (like it's popular) "I have nothing to hide" am  
actually saying "I don't care about you either. Anything you send to me can  
end up in the wrong hands."

Re: [Trisquel-users] Web Browser

[Mason Hock]

> For instance, it wouldn't call home
> if the browser is not accessing a page with JS which makes outbound
> connections. The JS (and its outbound connections) has nothing to
> do with the spyware or its home address.

Yes, that would be the smart way to do it. I'm glad you don't work for Mozilla.

> To our relief, Mozzarella the cheesy borser is not that wise
> apparently, as it bluntly goes out to various 3rd party sites no
> matter what (I hope they are not lurking here). But who can say all
> the spyware out there are as dumb?

Well, if we want to be fully paranoid, there's no reason Mozilla couldn't have 
Firefox make blatant third-party connections, be somewhat transparent about 
their existence, provide security rationales for having them and half-assed 
broken documentation for disabling them, while *also* doing as you describe 
with additional connections that are completely undocumented and only occur 
when there is sufficient noise. I suspect you're right, though, and that this 
is giving Mozilla too much credit. 

Re: [Trisquel-users] Web Browser

[ar018]

> (1) Malevolence = Deliberate info leaking. In this case, no matter where  
you access, what the content or protocol is, the browser will do its thing.


Giving it a second thought, this can depend on how wisely a spyware is  
written. A good spyware would be wise enough to stick its nose out *only* in  
a "noisy crowd". For instance, it wouldn't call home if the browser is not  
accessing a page with JS which makes outbound connections. The JS (and its  
outbound connections) has nothing to do with the spyware or its home address.  
A spyware can behave like this just to confuse the matter, so that you would  
never know which address is which, and whether spy-home is accessed by JS or  
by spyware.


There may be other examples of a spyware hiding behind complexity. So, it can  
be rather difficult to catch an intelligent spyware. To catch sophisticated  
spyware, a detailed strategy to outsmart them should be devised, which I  
don't have currently.


To our relief, Mozzarella the cheesy borser is not that wise apparently, as  
it bluntly goes out to various 3rd party sites no matter what (I hope they  
are not lurking here). But who can say all the spyware out there are as dumb?

Re: [Trisquel-users] Web Browser

[ar018]

> ... everyone is just clapping from the sidelines ...

BTW I must apologize for this sweeping generalization. It was unfair.

Re: [Trisquel-users] Web Browser

[ar018]

As for direct IP addressing, it should be straightforward to filter out DNS  
queries and responses from the chatter, so access by domain names should be  
tolerable - as long as you filter DNS part from the chatter. But then, since  
you include DNS chatter to the test case, that means you also want to inspect  
that. And this adds up to the work you're carrying on.


That aside, I can't really see what can go wrong - deliberately - with a  
simple DNS name resolution. But since root servers are 0wned, you may have a  
point in wanting to inpect DNS chatter. It maybe worthwhile not to assess the  
browser, but to assess DNS infrastructure. Then again, testing DNS  
infrastructure is a different case that should be isolated from browser  
tests, I think.

Re: [Trisquel-users] Web Browser

[ar018]

> I actually thought of what you suggest. But:

Let me put it this way: You are testing the browser, and there can be 2 modes  
of failure.


(1) Malevolence = Deliberate info leaking. In this case, no matter where you  
access, what the content or protocol is, the browser will do its thing. To  
isolate malicious behavior and to make it stick out, the least parasitic  
environmet (simplest protocol, no scripts, etc.) is best.


(2) Inferiority = Inadvertent info leaking. This is much more difficult to  
spot than the former case. Leakage due to inferior implementation can occur  
almost anywhere and everywhere. You need to test zillion combinations, and  
spot the leakage among the chatter. Sorry but this is beyond my mortal  
capabilities. Good luck, if you want to test that.


Also, inferiority means bug, and this is a technical failure (which can occur  
in any software any time) rather than a behavioral one. So I assume you are  
after behavioral failures (deliberate spying), that is you are after (1).


Therefore I sustain my original suggestion - of the simplest test case  
possible.


As for doing the tests myself, I'm also aware of the fact that everyone is  
just clapping from the sidelines for something they would directly benefit  
from. But for me, while I find your work very commendable and very useful for  
many, I'm only interested in it as a technical debate, and not concerned  
enough to protect my privacy. I don't know why - I should have been. For  
instance I haven't tried the user.js you have shared (yet). So I talk the  
talk, but don't walk the walk. :) (correct usage of the term, I hope)

Re: [Trisquel-users] Web Browser

[studio]

I actually thought of what you suggest. But:

1. Testing plain http may never reveal things like this (which may be  
additional info)


2. Testing plain http may not show connections specific to TLS (e.g. OCSP  
requests), so it may create a false sense of privacy


3. Although for the sake of testing we may create a simplified connection  
test access by IP address already goes a bit too far from what normally one  
does in a browser. So it may limit the scope of what we would actually see.  
Additionally it may hide some irregular connections related to name resolving  
(if there are any).


A full featured test would probably look at many various aspects separately  
and in combination. However this one is really simplified, not an extensive  
one.


BTW you can test for yourself too and share your findings. You may even find  
a better and more complete testing procedure. It seems everyone is waiting  
for me to test and saying "how nice" :)

Re: [Trisquel-users] Web Browser

[ar018]

BTW, why don't you use plain http URL's to test? The less protocol  
complexities are involved, the less parasitic effects there are. This also  
goes for DNS lookups. It might be worthwile to use direct IP addresses  
instead of domain names. Of course it wouldn't work on shared host sites but  
then you don't have to test with shared host sites either. Just find a  
convenient site to test, which is accesible through raw IP address, offers  
plain http service, and the test page is script-free. You are not testing the  
site, anyway, you are testing the browser.

Re: [Trisquel-users] Web Browser

[ar018]

> HTTPS is not VPN tunnel. What are you talking about? A metaphor?

It's *literally* not VPN but, *functionally* equivalent (or similar) AFAIK. I  
don't know if this is within the definiton of metaphor.

Re: [Trisquel-users] Web Browser

[studio]

HTTPS is not VPN tunnel. What are you talking about? A metaphor?

The rest sounds logical but it doesn't invalidate the possibility for using  
it as an anti-privacy feature.


Some searching lead me to https://tools.ietf.org/html/rfc5246#section-7.2.1  
but from that explanation I don't understand at which point exactly the  
close_notify should be sent (after downloading the document or at any other  
point), what effect it may have if the client is not sending it etc. Seems  
quite a complex matter as a whole (at least for me) and unfortunately I don't  
have the time to dig deeper into it right now.

Re: [Trisquel-users] Web Browser

[studio]

I have been testing different browsers and settings with Panopticlick.

However I can't find a single browser for which "Is your browser accepting Do  
Not Track commitments?" to show something different from "no". I have sent an  
email to EFF a few days ago but no reply at all.



Another strange observation: setting

user_pref("privacy.donottrackheader.enabled", true);

in Firefox results in decrease of bits. Putting the same value in Tor results  
in increase of bits.

Re: [Trisquel-users] Web Browser

[ar018]

> Yeah...of course.

I have been lurking in several forums / lists for a long time. Sometimes  
there would be a thread which intrigues me so much that I can't curb the urge  
to post something, and that's the point when I actually become a member,  
until I got bored or another forum intrigues me better. Which results in  
hopping forums.


This is mostly how the first post goes for me, and I guess for the most  
people. So, someone popping out of nowhere and joining the discussion is not  
quite strange.


That aside, I can't see how ad hominem exchanges would help a rather  
technical debate. Why don't we leave it as it is and move on to the technical  
aspects of the discussion?

Re: [Trisquel-users] Web Browser

[studio]

Conformity again. I don't know that person (in case anyone implies some  
hidden connection) but everyone is free to be abnormal. Normality is a  
statistical term, not a measure of sanity. Just like "Firefox respects your  
privacy better" is a normal assumption but far from reality.

Re: [Trisquel-users] Web Browser

[i_write_words]

Hi "Hunter"/"Aranya"/"Abba12".

Yes, David, please blow me to kingdom come now.

Re: [Trisquel-users] Web Browser

[shiretoko]

Forgive me... now I can see the likeliness.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> > heyjoe i have been following this thread for since it started
> and i registered because of you
> 
> Yeah...of course.

What? Normal people don't randomly stumble across and become engrossed in a 
comically difficult-to-follow thread on a forum they have no connection to and 
follow it for an entire month before finally making an account in order to post 
a single comment?
 

Re: [Trisquel-users] Web Browser

[Mason Hock]

> we are not
> really meeting each other, not communing as it were.

Indeed not, and whether you lack self-awareness or just pretend to, it was a 
mistake for me to try again. Never mind. 

Re: [Trisquel-users] Web Browser

[shiretoko]

> heyjoe i have been following this thread for since it started
and i registered because of you

Yeah...of course.

Re: [Trisquel-users] Web Browser

[studio]

I am not a fan of anybody and I am not looking for fans, followers and all  
that business. Having fans is stupid vanity. I have been saying the whole  
time - no authority, no conformity to ideology (=no followers). Can't people  
be friends without imposing rules on each other? Isn't that what freedom is  
all about? If you still think that freedom is about control - we are not  
really meeting each other, not communing as it were.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> I will be working to improve it further after more meticulous testing. Then
> perhaps it would make sense to reopen the repo on GitHub. (not a promise
> though, so don't hold your breath)

You've already done a lot of work and certainly have no obligation to do more, 
but if you get around to it I and others would be grateful if the git repo 
works out. I suspect you're not a fan of me personally at this point, but I 
sincerely do appreciate your work.

Re: [Trisquel-users] Web Browser

[ar018]

> Do you think you could probably point me out to the correct RFC (or  
whatever web standard document applies) to read more about that process?


I am not well versed on this, but AFAIK http requests are connectionless,  
i.e. there's a request and a response, whereas https is connection based.


Because https communication is basically an autenticated and encrypted  
session, i.e. a VPN tunnel, which requires a sustained connection. Otherwise,  
each simple request such as GET should have been preceded by establishing an  
SSL tunnel, and terminating the connection upon response. This is simply too  
expensive to implement. So an SSL tunnel (connection) must be permanent one,  
in which, requests and responses exchanged. Even if there's no exchange of  
request/response pair between the client and server, the connection should  
stay open once established, until either connection times out or parties  
terminate the connection gracefully (by handshaking). This is as far as I  
remember. I might be omitting important details.


As for a link, I don't have one readily available, but a DDG search with  
combinations of "ssl" , "connection" , "https" , "tunnel" , "rfc" words  
should lead you to relevant resources, I think.

Re: [Trisquel-users] Web Browser

[studio]

So far I have always thought that once the file is loaded, there is no need  
to keep any connections open or to send packets in order to close them. In  
fact it seemed to me logical that once the document is loaded, this  
"handshake closing packets" (or whatever the proper technical term is) should  
be assumed as sent which closes the connection. This means - it should not be  
related to closing the browser. Otherwise it seems it may be a privacy issue  
itself and the server software may be using such "closing packets" as  
information about (potentially) knowing what the user is doing on his  
computer (closing the browser, time spent on the site or anything along these  
lines).


Do you think you could probably point me out to the correct RFC (or whatever  
web standard document applies) to read more about that process?

Re: [Trisquel-users] Web Browser

[ar018]

Well, if the URL is "httpS" then the communication is connection based. The  
browser can just drop the connection (without handshake) and the server keeps  
the connection open till it times out. This (keeping a dead connection open)  
can put a small burden on the server, cumulatively, i.e. if every client just  
drops line wthout a "bye". Qupzilla seems to be playing nice. Just guessing.  
Looking at the payload of outbound and inbound packets could reveal it.


But anyway since packet exchange occurs with currently opened site only, that  
means it is not related to spying (privacy).

Re: [Trisquel-users] Web Browser

[jodiendo]

I got a  new gprl license , try to find 5 legs for my linseed, it will drive  
you nuts always. 

Re: [Trisquel-users] Web Browser

[studio]

Why should HTTP make hand shakes or keep open connections after the  
robots.txt has been downloaded? And what would be the exact mechanism (and  
purpose) for doing anything like that?

Re: [Trisquel-users] Web Browser

[ar018]

> The sending of packets on exit to the currently opened site still persists  
though.


It might be some protocol exchange (hand-shaking) to terminate an open  
connection.

Re: [Trisquel-users] Web Browser

[studio]

Disabled Adblock and deleted the adblock subdirectory from profile. On  
startup there are no packets. The sending of packets on exit to the currently  
opened site still persists though.

Re: [Trisquel-users] Web Browser

[ar018]

> QupZilla
> Startup: multiple connections to filter37.adblockplus.org
> Open preferences - zero packets but when I clicked on "Tabs" section more  
packets to filter37.adblockplus.org were sent


Could you retry it with AdBlock disabled? (in the Tools menu)

On a side note, there was an online/offline selection (in File menu) in the  
previous version of qupzilla, but it's gone in v2.2.3. This is a backwards  
evolution regarding privacy. I have worked around that by having 2 separate  
proxy definitions and selecting arbitrarily one of them (easier to do with  
"StatusBar Icons" plugin enabled).


Proxy #1 ("online") -> Default to system proxy (direct internet connection)
Proxy #2 ("offline")-> HTTP::localhost:54321 (which doesn't exist, so  
internet connection is blocked)


I wonder whether qupzilla would still send outgoing packets (other than DNS  
queries) even with a bogus proxy definiton, as it would mean actively and  
deliberately going out of its ways to connect to internet - which I wouldn't  
consider as benign behavior.

Re: [Trisquel-users] Web Browser

[studio]

> I'm using your user.js and it works beautifully

I will be working to improve it further after more meticulous testing. Then  
perhaps it would make sense to reopen the repo on GitHub. (not a promise  
though, so don't hold your breath)

Re: [Trisquel-users] Web Browser

[abualomarain]

heyjoe i have been following this thread for since it started
and i registered because of you

i thank you for all the work you've done so far
I'm using your user.js and it works beautifully

please Continue to work on this matter and user.js specifically i appreciate  
all the work you do


and don't be turned off by some people here ignore the ignorant and remember  
your work will effect lots and lots of other people here and elsewhere and  
you will be thanked


PS. this comment is under GPL


sorry magic was dying to come out

Re: [Trisquel-users] Web Browser

[studio]

So far there is not a single post in this thread in which you talk about web  
browsers. Yet you tell me I talk back for the sake of it.

Re: [Trisquel-users] Web Browser

[calmstorm]

This comment reeks of sarcasm and is just so funny, I really have to commend  
you.


I got a good chuckle and smile out of how tongue and cheek this was.

Awesome trolling though. :)

Please by all means do more of these posts. Though its better if you do it in  
the troll lounge. ;)

Re: [Trisquel-users] Web Browser

[studio]

epiphany
---

Startup: multiple connections to filter20.adblockplus.org
Second startup: zero packets
Open preferences - zero packets (disable plugins)
Browse to https://fsf.org/robots.txt - no 3rd party connections
No setting to disable JS
Panopticlick score: 20.14 bits

Re: [Trisquel-users] Web Browser

[studio]

links
---

Same result as elinks but with one difference:
Exiting causes some additional packets to be sent to the host of the the  
currently opened URL

Re: [Trisquel-users] Web Browser

[studio]

QupZilla
---

Startup: multiple connections to filter37.adblockplus.org
Open preferences - zero packets but when I clicked on "Tabs" section more  
packets to filter37.adblockplus.org were sent


Disable: JS, pepper plugins (flash) (strange there is an option because such  
package is not installed on the system at all), local storage, inline  
suggestions, history, storage of html5 content, password saving

It has a feature to disable JS to change window size or access clipboard
Change global user agent to: Mozilla/5.0 (Windows NT 6.1; rv:52.0)  
Gecko/20100101 Firefox/52.0


Browse to https://fsf.org/robots.txt - no 3rd party connections
Exit: additional packets sent to www.fsf.org

Panopticlick score: 19.14 bits

Click to open preferences: additional packets to lb2.eff.org continue sending  
in the background + from time to time a single packet to www.fsf.org


Retest Panopticlick with DNT enabled: 20.19 bits

Clear all browsing data (cookies, history etc) and exit: more packets to  
lb2.eff.org are sent

Re: [Trisquel-users] Web Browser

[studio]

elinks
---

Startup - zero packets
Open options - zero packets
Browse to https://fsf.org/robots.txt - no 3rd party connections
Panopticlick score: 20.14 bits

Re: [Trisquel-users] Web Browser

[jason]

Yes. And so, circling back to Abdullah Ramazanoglu's original question,  
determining the public domain status of a thing depends on establishing a  
specific fact pattern for that thing, taken in light of a specific country.  
That can result in something being public domain in one country and not  
another.


Circling back to the original discussion that started this sub-conversation,  
I have not done an analysis of the situation in all the countries of the  
world; I don't have the time or resources to accomplish that but hopefully  
providing even just one example helps to show that copyright abandonment is a  
complex topic and abandoning all of the roughly 200 different copyrights that  
someone gets is probably not possible. Thanks to the efforts of copyright  
maximalists like Big Media it's usually easier to play along with copyright  
and grant the permissions to make something be Free rather than trying to  
fight back to get rid of of the copyright and ultimately failing. The former  
is more internationally recognized; the latter is not.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> Of course, it should probably be said that this is a U.S.-centric viewpoint
> and not necessarily applicable to non-U.S. people.

Absolutely, I thought I had clarified this but now realize I only specified 
that the 1923 thing is U.S.-specific. Everything I said after that point is 
also specific to the U.S.

Re: [Trisquel-users] Web Browser

[jason]

Of course, it should probably be said that this is a U.S.-centric viewpoint  
and not necessarily applicable to non-U.S. people.

Re: [Trisquel-users] Web Browser

[jason]

"Then what would be the legal status of of the legacy public domain base?"

It would be hard to generalize about this because of so many factors. What  
country is it public domain in and why (copyright expiration? Because the  
author abandoned it (and maybe other countries won't recognize that)? Unless  
it's very old it's probably not free of copyright restrictions on a worldwide  
basis.


For example to quote from  
https://en.wikipedia.org/wiki/Wikipedia:Public_domain:
"However, some countries make exceptions to this rule. A notorious case is  
Germany, which has had a bilateral treaty with the U.S. governing copyright  
since January 15, 1892. That treaty, which is still in effect, defined that a  
U.S. work was copyrighted in Germany according to German law irrespective of  
the work's copyright status in the U.S., and it did not contain a "rule of  
the shorter term". In one case, a German court therefore decided that a U.S.  
work that had fallen into the public domain in the U.S. was still copyrighted  
in Germany in 2003 in spite of §7(1) of the EU directive."


"There is an immense database of works without even a trace to their  
origins."


Yes, automatic copyright means that orphan works are a problem:
https://en.wikipedia.org/wiki/Orphan_work

And the continued retroactive copyright terms that the U.S. keeps doing don't  
help this.

Re: [Trisquel-users] Web Browser

[Mason Hock]

I don't know the answer to all of these situations, but if the author has 
explicitly released the work into the public domain you should be fine 
modifying and redistributing it (although they should really use CC0 to avoid 
ambiguity), while if the author has omitted a license you should assume it is 
under copyright. If the author is unknown, the work may still be copyrighted 
but it is unlikely to be enforced. The huge collections of "public domain" 
programs you refer to probably contain many works for which copyright law won't 
be enforced, but I would not assume that before modifying or redistributing 
one. Exceptions are if the work is uncopyrightable or the copyright would have 
expired by now. For example, in the United States any work published before 
1923 is public domain (unless the copyright has been renewed or the work meets 
certain conditions), so a folk song written before 1923 is public domain 
whether or not the author is known. Recordings of folk songs are another story, 
as the recording is considered a separate work from the composition. (From the 
link below it seems like it should be a derivative work of the composition for 
the purposes of copyleft, but for some reason this is not the case.) If a folk 
song was recorded after 1923 it is autmatically copyrighted like any other 
work, *but* if it was published before March 1, 1989 the recording has to have 
been released with the copyright notice attached in order for the copyright to 
be enforcable. AFAIK that last detail is only the case for recordings. 
Bascially, copyright law is a shitshow, especially in the States. Thanks Disney.

https://www.law.cornell.edu/definitions/uscode.php?width=840=800=true_id=17-USC-1602536950-364936160_occur=1_src=title:17:chapter:1:section:101

Re: [Trisquel-users] Web Browser

[studio]

Well, I made a copy of it, so that I can run it. I didn't run it on the web  
page. So I deserve to be stoned.


BTW I wasn't expecting clarifications although I appreciate your effort to  
bring the thread out of the totally ridiculous direction it took. :) Just  
stone me and let's finish with that.

Re: [Trisquel-users] Web Browser

[studio]

.

Re: [Trisquel-users] Web Browser

[ar018]

> And so, something like CC0 is more likely to accomplish the intended goal.

This is news to me. Up to now I thought simply a missing copyright notice  
automatically translates into public domain.


Then what would be the legal status of of the legacy public domain base?

For instance could I be held liable for modifying a public domain humor/joke  
and sharing that in a forum? Or modifying the lyrics of a folks song, etc.?  
There is an immense database of works without even a trace to their origins.


More to the point, there are sites to download so called public domain  
programs - huge collections of them. What are their status?

Re: [Trisquel-users] Web Browser

[shiretoko]

That's so much nonsense that I clearly won't bother to argue. Just read  
jxselfs post if you're really interested in it, but I guess you prefer to  
defiantly talk back just for the sake of it.

Re: [Trisquel-users] Web Browser

[jason]

"Then I ran the first shared bash script, so I immediately committed a crime"

Copyright doesn't usually do anything with the running of programs, but with  
derivative works and the making of copies.


"I am also reading (and copy-pasting excerpts from) your automatically  
non-free copyrighted forum posts without explicit permission (license)"


Reading a copyrighted work is not usually an infringing activity; see above.  
:)
Also, quoting people and re-using small portions is usually allowed as a fair  
use exception to copyright in the U.S. and in the various laws of other  
countries around the world. Details vary of course depending on the  
specifics.

Re: [Trisquel-users] Web Browser

[studio]

> So you completely ignored the fact that NOT attaching a license to a piece  
of software is immediately making it non-free?


Damn. Then I ran the first shared bash script, so I immediately committed a  
crime. Take me to court for breaking the international copyright law. I am  
also reading (and copy-pasting excerpts from) your automatically non-free  
copyrighted forum posts without explicit permission (license) - take me to  
court again, then stone me.


I am also breathing air containing CO and CO2 molecules produced by cars  
which have non-free computers which are not in the FSF's list of endorsed  
hardware and which run non-GPL software. I even pay to ride in such vehicles  
sometimes, which means I support the non-free hardware and software  
production. I also benefit from a whole world of technology running on  
non-free software. I will rot in hell for eternity.


I hope I haven't ignored any detail. If I have - please stone me twice.

Re: [Trisquel-users] Web Browser

[jason]

Thanks to things like the Berne Convention as well as various international  
treaties that have come along since then, when someone makes something  
they're not getting one single solitary copyright from their home country but  
about 200 different copyrights from various countries around the world. It's  
not clear if people can legally abandon their all of their copyrights in all  
of those countries around the world. It appears that Germany does not allow  
this for example. There may be others too.


The reason I mention this is to show that when things like the unlicense  
recommend that people use the wording:


"I dedicate any and all copyright interest in this software to the public  
domain. I make this dedication for the benefit of the public at large and to  
the detriment of my heirs and successors. I intend this dedication to be an  
overt act of relinquishment in perpetuity of all present and future rights to  
this software under copyright law."


...it like likely won't have full effect on all of those different copyrights  
that that person got when they made their contribution i.e., for people in  
Germany it's still under full "All Rights Reserved" copyright, since they  
don't allow copyright abandonment.


Creative Commons was looking into that very problem and this is why they  
wrote CC0 in the way that they did, into 3 parts:

1. The first part tried to abandon all copyrights
2. The second part grants a broad permissive license in the case that the  
first can't be done. This addresses the problem with countries that don't  
recognize #1.
3. The third part is a promise not to sue in case that license doesn't work  
for some reason.


And so, something like CC0 is more likely to accomplish the intended goal.

Re: [Trisquel-users] Web Browser

[shiretoko]

So you completely ignored the fact that NOT attaching a license to a piece of  
software is immediately making it non-free?
Well, I guess you have to ignore it, because it would make all the rest of  
you agrumentation just crumble.


> Forums are not the place to "release" software.

Says who?
People can share software wherever they want, even if heyjoe thinks it's "not  
the place" for doing so.

Re: [Trisquel-users] Web Browser

[studio]

If you want to get something straight you should read it straight. You  
interpret, modify it and then ask what is wrong. The answer is: your process  
is wrong.


"I *accuse* person X of having a serious mental disorder" or "I *blame*  
others for writing free software" is different from:


"Protecting forum posts with copyright and licenses is insanity. If 2 people  
communicate by handling a copyright notice and a license for what they share  
this is not a moral stance but a serious mental disorder."


> Where are the programs that you released under the public domain?

https://trisquel.info/en/forum/web-browser?page=4#comment-127318

and it is not "releasing under" but rather sharing some useful settings. Just  
like one shares with a friend "Look, if you use this towel you can wipe your  
window and see better". It is in no way enforcing regulation on how (not) to  
use the towel, who is the legal entity releasing the towel and all that  
nonsense.


Forums are not the place to "release" software. Just like you don't write a  
piece of code on the wall in a public toiled and put a license note on it  
just because there is a "legal perspective" to it.


If one is serious to release software, there are proper ways to do it. That  
was the idea of having a repo about it. But since people here would rather  
sit and evaluate, criticize, argue, or take care mainly about the perfect  
conformity to some ideology disregarding any call for healthy common sense, I  
don't think any further sharing by me would be valuable because I refuse any  
kind of sectarian thinking.

Re: [Trisquel-users] Web Browser

[shiretoko]

Let me get this straight:
Magic Banana writes a piece of software and releases it under the GPL, and  
you accuse him of having a

"serious mental disorder" for that.
What the  is wrong with you?

He explicitly grants every user the four freedoms he deservers, and instead  
of being grateful for that, you just spread FUD about copyright law claiming  
a piece of work without a license is immediately public domain.
It is NOT in the wast majority of countries and you have been told so  
countless times.


Where are the programs that you released under the public domain? Or do you  
prefer just blaiming others for writing free software?

Re: [Trisquel-users] Web Browser

[studio]

I have no tactics so please stop looking for such and assigning them to me. I  
am simply allergic to people deliberately twisting the meaning of what is  
being said. It's time wasting and annoying.


Protecting forum posts with copyright and licenses is insanity. If 2 people  
communicate by handling a copyright notice and a license for what they share  
this is not a moral stance but a serious mental disorder.


There is nothing more to say here. The info about browsers has been shared.  
That's all. The repo will be deleted for now.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> I will never accept anything from anyone who
> tells me "I can potentially help" and then imposes regulations on that
> "help" (however 'ethical' anyone may consider that).

I thought that if a program works as expected and is open and transparent we 
don't need additional freedoms. :)

I've noticed that people who find the GPL restrictive often fail to be 
similarly outraged by far more restrictive proprietary licenses. It's almost as 
if they are really offended by the moral stance rather than the restrictions 
used to protect that stance.

If you do not plan to exploit Magic Banana's contribution to create proprietary 
software, the GPL does not affect you in any way. If you do (I doubt this. I 
believe you have good intentions.), then Magic Banana is right to use the GPL 
to protect himself from becoming complicit.

Unrelated, your recent tactic of projecting your actions onto others (e.g. 
making an off-topic point to be evasive and then accusing them of being 
off-topic when they respond to it) is very transparent. We share common ground 
on some issues, but I'm done trying to discuss anything else. I'm going to stop 
following this thread now, but I will keep an eye on the github repo and try to 
help out once there is something up there to work with. Personalities aside, I 
sincerely appreciate the work you're doing.

Re: [Trisquel-users] Web Browser

[studio]

> No copyright would actually mean the classical copyright, under the Berne  
convention.


"No copyright" would mean that if my whole post was just these 2 words. But  
those 2 words are extracted from a sentence which contains additional and  
essential info.


https://unlicense.org/

> Good luck with your GitHub repository that only contains a license file

The license file exists because GitHub asks to select a license when creating  
a repo and the repo was created because another GitHub member suggested that.  
The chosen license reflects the intent and terms of what may follow (if I  
have the time). It won't include contributions by contentious people who  
copyright and license their forum posts. And yes - all the info about  
browsers which I shared in this thread (including code) is free for anyone to  
use as one likes. When sane people discuss and share something they don't put  
legal warnings on each sentence.


If you have nothing to share about web browsers which can't be found on the  
web and would rather talk about other things - please open a separate thread.

Re: [Trisquel-users] Web Browser

[studio]

> For a (any) licence to take legal effect, the work has to be legally owned  
by some entity, i.e. copyrighted, AFAIK.


Exactly. There is no such thing as anonymous copyright holder or licensor.  
You can't go to court and say "I am the completely anonymous person of that  
forum post and because I added a sentence mentioning my favorite license, I  
am here to sue another anonymous person X for violating the license". This is  
sheer nonsense and yet another attempt to renew someone's favorite discussion  
about 4 freedoms and all the rest of it. I refuse to participate in that.


> kindly requesting that the work to be used in accordance with GPL.

Licensing forum posts is not kindness but a signal that someone should  
seriously visit a doctor.


The GitHub repo I opened will use "The Unlicense" which means no copyright  
and restrictions/regulations. I will never accept anything from anyone who  
tells me "I can potentially help" and then imposes regulations on that "help"  
(however 'ethical' anyone may consider that).

Re: [Trisquel-users] Web Browser

[ar018]

For a (any) licence to take legal effect, the work has to be legally owned by  
some entity, i.e. copyrighted, AFAIK.


Without a © it is basically public domain, and cannot be subjected to a  
license. So, I gather that MagicBanana is not demanding, but kindly  
requesting that the work to be used in accordance with GPL.

Re: [Trisquel-users] Web Browser

[shiretoko]

> So you are pasting lines of code in a public forum claiming that by using  
this code any completely anonymous person is signing a legal agreement with  
you (an anonymous licensor) and that that this has legal power? Are you  
serious?


Why should it matter where he releases his software? Github might be a more  
convenient place to share code, but from a legal perspective it's not special  
at all.
I also can browse any github project right now completely anonymously and  
download every single one of them, still i'm bound to the license agreement  
attached to the program, no matter how big or small it is.
Seriosly, what you said here makes no sense whatsoever and I don't even know  
what you're trying to achieve.

Re: [Trisquel-users] Web Browser

[studio]

Thanks but I automation like this (based on ">50%" or similar) seems  
dangerous to me. These are important settings and my plan is to give the user  
the ability to control what he sets, not some automatic script.


> By the way, all the software I write, including the two scripts in this  
thread, is under the terms of the GNU General Public License version 3 or any  
later version.


So you are pasting lines of code in a public forum claiming that by using  
this code any completely anonymous person is signing a legal agreement with  
you (an anonymous licensor) and that that this has legal power? Are you  
serious?

Re: [Trisquel-users] Web Browser

[Caleb Herbert]

I guess I meant a less bad situation than what we have now.


signature.asc
Description: This is a digitally signed message part

Re: [Trisquel-users] Web Browser

[studio]

I would like to hear more of your thoughts in the other thread which I opened  
some time ago:


https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do

Let's leave this one for browsers, so that we don't make it a burden for  
others :)

Re: [Trisquel-users] Web Browser

[ar018]

> If huge effort should be applied, it should
> start from the very root of the problem.

In the past, hardware was either so basic as to not utilize firmware, or,  
when it did, onboard processor was barely coping with the job to have spare  
cycles for spying around. In that era, "proprietary hardware" meant nothing.  
So, only software has to be freed, and that was a manageable task. The whole  
suit (OS, DE, utilities) could be dissected and developed by relatively small  
teams of people, down to a broke individual.


Good days are over.

Now, hardware is sophisticated enough to have lots of spare cycles for  
spying. But how to free the hardware without multi-million dollars of funds?  
Design and production of CPU, GPU, networking, etc. components are gigantic  
tasks needing multi-millions of dollars. There must be a solution or we can  
find ourselves between the rock and a hard place (correct usage of the term,  
I hope).


I think the Shakti Project, from this perspective, is of utmost importance. I  
regard it as start of a revolution in hardware domain. Luke is also trying to  
find a solution for GPU. So far the "solution" seems to be using spare  
general purpose CPU cores and running specialized software on it, to turn  
that core into a sort of GPU (with too low performance and too high power  
consumption). I hope, in future there will be other projects, like Shakti,  
focused on the GPU question. And then there is networking hardware...


We are bound by physical constraints in libre hardware production. It's not  
like "lets club together and write a module - or whatever". Until the  
hardware question is solved, all we can do is "defensive driving", as far as  
I can see. In the meantime we can try to prune the free software in regards  
to security/privacy issues. I believe you did more than your fair bit in this  
regard.

Re: [Trisquel-users] Web Browser

[studio]

I am not saying it is impossible. It just needs huge amount of long term  
work. Imagine just the JS module...


> I don't know if it makes much sense. Just brainstorming.

It makes a lot of sense but such a process won't resolve the root issues at  
firmware/hardware level, so it won't ensure privacy and security. If huge  
effort should be applied, it should start from the very root of the problem.  
Currently here we are really discussing how to paint the wall of a falling  
building.

Re: [Trisquel-users] Web Browser

[ar018]

> Things have become so complex in the
> last 10 years that it is difficult to
> follow, what's left for development.

Maybe a modularized approach could solve this. You know, once "lp" was a huge  
software, with print management and printer drivers lumped into a monolithic  
package. Then lpr-ng came about, IIRC it was the first print management  
software that separated drivers to their proper place and thus was able to  
focus on the print management job itself. Nowadays each printer has its own  
driver, readily usable by any print management software you'd choose.


I suspect similar dissection might be possible in web browsers too. Ofcourse  
this must entail a strong standardization regarding how each piece of a  
browser interact with each other (or at least with the main trunk). In such a  
hypothetical structure, a browser would be no more than a slim, main trunk,  
perhaps outsourcing even the basic HTML rendering to an external module  
("driver" in lpr analogy). So, browser trunks (which are quite manageable in  
size) compete with each other on their own merit, likewise "drivers" for a  
specific function do so between them. This would both promote natural  
selection process among the components, and would - hopefully - free browser  
development "privilege" from a few tech giants.


But then it would be a different story to choose a browser. You would need to  
choose the main browser and external modules separately. Maybe a new wave  
emerges from this, where people start making "browser recipe"s and package  
them together. And then we would have perhaps hundreds of recipe packages to  
choose from.


I don't know if it makes much sense. Just brainstorming.

Re: [Trisquel-users] Web Browser

[studio]

I think one of the biggest problems is that the web standards are influenced  
to a great degree by the tech giants (Google, Mozilla) and this makes it hard  
for smaller projects to catch up as they don't have the same human power.  
Things have become so complex in the last 10 years that it is difficult to  
follow, what's left for development. Living on activist ideas and donations  
would hardly attract many top experts.

Re: [Trisquel-users] Web Browser

[ar018]

> What do you suggest?

Unfortunately I have no suggestion for a browser that is both as  
www-compatible as FF and fairly lightweight and security/privacy respecting.  
The closest I came with was Midori (yes, it shows it's age and orphanage) for  
general web browsing, Qupzilla (eith its non-free dependencies and KDE  
direction) for the rather difficult sites, and a FF fork (possibly Tor) for  
the most difficult sites. I do accept it's not a perfect compromise, but it's  
the best I can do.


And no, neither have I time to fiddle with entrails of a browser, so I will  
just stick to off-the-shelf solutions, save some critical user settings.

Re: [Trisquel-users] Web Browser

[studio]

> Trying to produce a secure and privacy respecting browser out of an  
opposite one (and an obese one in that) is not very good strategy IMHO.


What do you suggest? I have tried pretty much everything and I am running out  
of options. If it was within my abilities I would write another browser. But  
I would need so much time to learn and do it that until I am done perhaps the  
Internet won't exist any more.


> What's wrong with -say- Midori?

https://trisquel.info/en/forum/web-browser?page=2#comment-126271

Re: [Trisquel-users] Web Browser

[ar018]

> Thoughts?

With multi-millions of LOC, FF forks doing just cosmetic changes is only  
normal. What else could they possibly do? Trying to produce a secure and  
privacy respecting browser out of an opposite one (and an obese one in that)  
is not very good strategy IMHO.


What's wrong with -say- Midori? Seeing that it is already ripe for adoption,  
it's beyond me why FSF wouldn't adopt such a good platform and build on it.

Re: [Trisquel-users] Web Browser

[studio]

Thanks. The output looks better now.

> I added two comments. The script is like 20 lines long. There is not much  
to refactor.


I can look into that myself.

> I will not write any PHP

No need to. I can do it if/when necessary.



BTW another thing about IceCat:

While trying to understand what is the difference between it and FF I started  
from https://www.gnu.org/software/gnuzilla/ and leaving aside for a moment  
the licensing concerns I tried to find the actual code which supposedly makes  
IceCat different from FF and. I read:


"IceCat is generated from Firefox with the scripts available at  
http://git.savannah.gnu.org/cgit/gnuzilla.git.;


In the 'tree' section I see nothing more than some rebranding content  
(images, css etc) and a 'makeicecat' script which downloads the original FF  
code, applies the rebranding + custom preferences and... that's it. So  
essentially IceCat is exactly the same as Firefox but:


- rebranded and sub-licensable (for freedom 3)
- added 5 extensions
- some custom prefs were applied, similarly to what we do with user.js now

I other words the difference is not in any core functionality but rather  
cosmetic - one can do all this for oneself, perhaps even better by using FF  
ESR (supposedly more stable and tested than latest FF), a custom hardened  
user.js and extensions of choice. I have not researched this about the other  
FF forks but if the situation with them is similar, this makes researching  
into forks a waste of time along the lines of better privacy etc. Tor may be  
the only exception.


Thoughts?

Re: [Trisquel-users] Web Browser

[studio]

Thanks.

Here is a test using the user.js which I attached in a previous comment and  
the one from the ghacks project:



[/tmp/download]: ./mb user.js ghacks.js > out.txt && head -n 20 out.txt &&  
tail -n 20 out.txt

# key   user.js ghacks.js
accessibility.force_disabledundef   1
alerts.showFavicons undef   false
app.shield.optoutstudies.enabledundef   undef
app.update.auto undef   false
app.update.enabled  false   undef
app.update.service.enabled  truefalse
app.update.silent   undef   false
app.update.staging.enabled  undef   false
beacon.enabled  undef   false
breakpad.reportURL  undef   ""
browser.aboutHomeSnippets.updateUrl undef   "https://127.0.0.1;
browser.backspace_actionundef   2
browser.bookmarks.max_backups   undef   2
browser.bookmarks.showRecentlyBookmarked0); // TOR: 15  false
browser.cache.disk_cache_sslundef   false
browser.cache.disk.capacity undef   0
browser.cache.disk.enable   undef   false
browser.cache.disk.smart_size.enabled   undef   false
undef   "2600 syntax error: the parrot's run down the curtain!"
undef   "2700 syntax error: the parrot's joined the bleedin' choir  
invisible!"

undef   "2800 syntax error: the parrot's bleedin' demised!"
undef   "4000 syntax error: the parrot's pegged out"
"4500 syntax error: the parrot's popped 'is clogs"
"4600 syntax error: the parrot's crossed the Jordan"
"4700 syntax error: the parrot's taken 'is last bow"
"5000 syntax error: this is an ex-parrot!"
" syntax error: the parrot's deprecated!"
"START: Oh yes, the Norwegian Blue... what's wrong with it?"
"SUCCESS: No no he's not dead, he's, he's restin'!"
false
""
true
true
true
false); // [WINDOWS]
false
false
true


There seems something is not quite right in the parsing.

> The script will work as long as the input files do not include any tab

pyllyukko's user.js contains tabs (maybe others too, I still don't know).

> If you (or somebody else) want(s) explanation about part of the script, I  
can answer.


That's very nice of you but perhaps it would be better to refactor it so that  
it is self explanatory (comments etc). Code which is easy to read is also  
easy to maintain, less prone to bugs etc. So if you have the time and desire  
you can work on that.


BTW someone has already made an attempt to diff various user.js projects:

https://github.com/jm42/compare-user.js

but if we should make all this, it is crucial to have also the descriptions  
about what each setting does (may need manual work). We could probably make  
an interface (a form) with default and recommended values and a column in  
which the user can enter values (or pick from existing). Then a simple  
'Submit' button would be able to generate the user.js. I should be able to do  
this with PHP.

Re: [Trisquel-users] Web Browser

[studio]

"Meditate on this I will"
:)

Re: [Trisquel-users] Web Browser

[Mason Hock]

> This needs lots of man hours and lots of attention, especially for
> the cryptographic parts (and I am not an expert in that).

There may be people here who can help who aren't following this thread. It 
might be worth starting a new thread with a subject line specific to this 
project, summarizing what you've found, the purpose of the git repo, and what 
needs to be done. Since privacy information about Firefox forks will benefit 
Abrowser, I think this is probably Trisquel-related enough for the main forum 
(as opposed to the troll lounge).

The evolution of this thread has been interesting. It has almost transcended 
the status of a single thread that has gotten off topic and become an 
independent forum with its own subthreads that are only tangentially related to 
each other but on-topic within themselves, but that keep connecting back to a 
main branch that runs in parallel to a Bugzilla thread. We've even begun to 
adapt to the emerging stucture, returnin to the tops levels for posts that 
require extra visability. There's a part of me that wants to just embrace this 
and see what curious organism emerges if we let things play out, but discussion 
of your git repo will probably fare better in a more focused enviornment. :)

Re: [Trisquel-users] Web Browser

[i_write_words]

Nah, you're just getting the brunt of my anger at myself so I don't have to  
ask my doctor if Celexa is right for me. I just don't speak your language is  
all.


Guilty as charged and drama queens belong on social media, not on the English  
speakers' Peer Support forum of the Trisquel boards.


None of us are perfect and we all have our limits. Sorry for trolling you and  
trying to get my sorry ASCII out of here, just had to talk to Muhammed a sec  
there.


I know you're not a child any more than I am "Aunt Tillie" or "the face of  
the Average Joe", it's just easier for me than using my own words instead of  
tired old stereotypes turned inside out and upside down.


I wish I spoke your language but I don't. Peace out, dude, stay respectful,  
and you're in the right place for Free Software but you might be happier just  
calling it good and using this:


use.your.brain.and.your.browser.to.find.out.what.Edward.Snowden.used.opensores.png

if you genuinely have no interest in Gnu and/or free software.

David, please just try to wait for my ban until it's been a full five years  
if you can? Thanks bunches.

Re: [Trisquel-users] Web Browser

[studio]

After some recent feedback from pyllyuko's project it seems this whole thing  
is very overwhelming. There are lots of undocumented variables for which they  
seem to dig in bug reports etc. Even if I succeed to make something I  
definitely won't be able to keep up to date such huge amount of info long  
term.


This needs lots of man hours and lots of attention, especially for the  
cryptographic parts (and I am not an expert in that).

Re: [Trisquel-users] Web Browser

[studio]

Visualization is easy. Extracting/storing/manipulating/versioning the data is  
the challenge.


First I need to find a way to extract all the existing variables and their  
values from each FF fork and from the different user.js projects. Storing all  
that may require more than 2 dimensions for the data structure, so it may  
turn out more complicated than I thought.

Re: [Trisquel-users] Web Browser

[studio]

> There is sense: the telemetry component of Firefox sends anonimized data  
that help Firefox's development, safe search warns about phishing and  
malware, etc.


> "Different views than yours" is what you call "nonsense".

No. It is not "my view" vs another. It is contradiction of facts with  
promises.


Mozilla admits that Firefox transmits a full fingerprint of the system, the  
way the program is being used and couple all that with your IP address. There  
is nothing "anonimized" about that, it contradicts the very definition of  
privacy and putting it in a "privacy" policy is complete nonsense.


https://trisquel.info/en/forum/web-browser?page=4#comment-127197

> I defend the free software definition

Please do it in a separate dedicated thread as suggested by Mason, so this  
one doesn't get repeatedly diluted with all that.


> You blame the free software definition for not providing you the software  
you want.


No. I blame FSF for misleading the reader (paragraph 3):

https://trisquel.info/en/forum/web-browser?page=4#comment-127279

Re: [Trisquel-users] Web Browser

[studio]

I need to learn how to upload/commit changes and document everything  
properly.


I also need to find out a proper format for the matrix for easy visualization  
and review. Perhaps a simple spreadsheet in LibreOffice will do for  
import/export to CSV which a script can handle further. If you have any  
better idea let me know.


I didn't know what license to choose for this so I simply picked "The  
Unlicense" as it sounded most permissive.


https://github.com/anchev/user.js

Re: [Trisquel-users] Web Browser

[studio]

> This thread will go off the rails again if we discuss anything other than  
web browsers here.


Agreed. Next time anyone mentions anything about "but this is not free" I  
won't answer, so that I don't get accused of "tactics". Then you can tell the  
other person to stay on topic. :)


> Can you remind me of whether Palemoon's default about:config prevented  
background connections, or if you had to additionally configure it yourself?


To keep the reply as short as possible:

https://trisquel.info/en/forum/web-browser?page=2#comment-126740

> Either way, it sounds like this Firefox derivative is the easiest you've  
found for which to disable automatic connections. While I am unwilling to use  
Palemoon for my computing because it is proprietary (though I respect your  
right to decide differently) I will download it to compare its about:config  
to that of Firefox after following the broken documentation page. Focusing on  
the differences will narrow down the number of value changes to try in order  
to disable all automatic connections.


I am not going to use Palemoon. It seems somewhat crippled. Additionally I  
don't like the reply I received by their developers when I reported the  
privacy issues for Basilisk.


I prefer to strengthen IceCat and Tor. My strengthened user.js should be able  
to give the zero packet privacy in all FF forks. But still I am willing to  
improve it further if possible. Perhaps you can test it with Palemoon.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> Back to browsers: The discussion with the authors of pyllyukko user.js lead
> to the idea to create a matrix comparing the settings of different similar
> projects, including Tor. So they suggested that I create a repository on
> GitHub where this matrix can be maintained and updated easily when new
> browser versions appear. Obviously I will have to learn how to use git.

This is an excellent idea. It might be most time efficient to focus on Quantum 
derivatives, since ESR will be updated to FF60 in a few months and the 
differences from FF52 won't matter anymore. I have basic knowledge of git. Let 
me know how I can help.

Re: [Trisquel-users] Web Browser

[Mason Hock]

> You are missing the point of the question.

I did not miss *the* point. There were two points: the specific case of 
Palemoon and the general case. My first paragraph addressed the former, while 
my second paragraph addressed the latter. You then acted as if focusing on 
Palemoon in the first paragraph indicated that I had "missed" the general 
point, ignoring the content of my second paragraph. You then reiterated the 
general point in more detail but not in a way that refutes my second paragraph. 
That does not mean I am right, but it does indicate that you don't have a 
better response, or else you would not have resorted to evasion. I have tried 
to be patient with these tactics, and the result is a sprawling mess of a 
thread in which the very valuable information you have provided is completely 
buried in off-topic discussion. They are also the reason Mozilla closed your 
bug report prematurely; it wasn't some conspiracy to silence you, just 
impatience. I apologize for being blunt, but being subtle has not helped keep 
the conversation on track.

This is irrelevant to the important hard work you have put into investigating 
these browsers. If you aren't too pissed at me at this point, I'd like to keep 
discussing that with you. If you would like to discuss whether or not software 
freedom is important, a new thread in the troll lounge would be the appropriate 
place. This thread will go off the rails again if we discuss anything other 
than web browsers here.

Can you remind me of whether Palemoon's default about:config prevented 
background connections, or if you had to additionally configure it yourself? 
(You might have already answered this, but I will go insane if I try to dig 
through this thread searching for the message.) Either way, it sounds like this 
Firefox derivative is the easiest you've found for which to disable automatic 
connections. While I am unwilling to use Palemoon for my computing because it 
is proprietary (though I respect your right to decide differently) I will 
download it to compare its about:config to that of Firefox after following the 
broken documentation page. Focusing on the differences will narrow down the 
number of value changes to try in order to disable all automatic connections. 

Re: [Trisquel-users] Web Browser

[studio]

In case you (or anyone else) have misunderstood: I am not trying to replace  
the 4 so called freedoms - neither lightly, nor in any other way. They  
obviously have their place and value. What I am saying is:


1. I question and am quite reluctant to the usage of the word freedom for  
something that is really a permission. Freedom is beyond words, beyond  
definitions. It cannot be limited in a shape, listed in a license and all  
that. I don't know why the word freedom has been used when these 4  
permissions were established - whether it was because it sounds more  
appealing to say 'freedom' than 'right' or 'permission'. Maybe it was aimed  
to attract, maybe it was just superficiality, maybe an outside influence,  
maybe a bias, maybe an expression of a rebel, maybe nobody even thought. I  
don't know. But the fact is - this is really a set of very specific  
permissions. I am spending time on this again because I think that if we  
really want to go deep into things we must be very careful with words because  
the word is not the thing which it describes. It is just a description. If  
the description is tinted even slightly - that matters a lot when subtleties  
are discussed.


2. We need something much more than the 4 FSF permissions. They are obviously  
not enough. The world of technology is not becoming more free, on the  
contrary - more and more problems pile up. I have created a separate thread  
about that - so far nobody expressed any interest to share a thought.


3. I am not coming with a ready proposal. If anyone is waiting for a proposal  
that means the person is not serious enough to explore. It really turns into  
consumerism - waiting for the product to be replaced with a better one, so  
one can consume the new recommended thing. This pattern is in itself prone to  
fail. It always leads to exploitation, dependency - not freedom. When I ask  
certain things it is to invite the other person to break the pattern and  
question for himself. Sharing is possible when we are with the same energy,  
at the same time and we need that energy of togetherness because a single  
person can do nothing in this world. When someone starts to present clever  
arguments coming from the safety of past knowledge, from the authority of  
another or from one's own authority - that is selfishness, not togetherness.  
It can never create the explosion which is necessary to change things  
radically.

---

Back to browsers: The discussion with the authors of pyllyukko user.js lead  
to the idea to create a matrix comparing the settings of different similar  
projects, including Tor. So they suggested that I create a repository on  
GitHub where this matrix can be maintained and updated easily when new  
browser versions appear. Obviously I will have to learn how to use git.

Re: [Trisquel-users] Web Browser

[studio]

Heather, I am glad to see you are not just a mechanical being using a  
keyboard and it is really good that you are critical. But perhaps it would be  
better not to turn it into some drama. I have never felt abused by your words  
or anything like that, so there is no need to torture yourself about that.  
Perhaps you focus too much on the person and that creates a lot of confusion  
in you. The person is not important but what he shares may be important (or  
not, depending on the reader).

Re: [Trisquel-users] Web Browser

[fil . bergamo]

For what it's worth, I can only say this:
the human being behind Abdullah Ramazanoglu's words must be a wise one.

Thank you for those words.
If only more people were able to reason and talk like that..

Re: [Trisquel-users] Web Browser

[γραφω λογον]

Guilty as charged, lol, and THAT, my dear complete random stranger
and/or sheep in wolf's clothing, is the only reason why you know so much
about which bruises to kick to make me dance and say funny things
instead of getting my fool self banned from yet another forum. ;)

Off to autodidacticize myself about tcpdump instead of trolling this
nice forum and annoying Joe. Y'all take care, now.


On 01/30/2018 12:21 PM, great...@riseup.net wrote:

 Have you tested the Tramp with tcpdump? No, you
> haven't!
> 
> Shame.png

Re: [Trisquel-users] Web Browser

[ar018]

(Posting to main thread in order to reset thread indentation that gone wild.)

It's like comparing the constitution to actualities of life. Both sides have  
their point, but no constitution can achieve a perfect system, and no  
irregularities of actual life invalidates a good constitution.


Sticking to one POW at the cost of ignoring the other, leads to parallel  
monologues instead of a dialogue, and nothing useful can be expected to come  
off of this.


Heyjoe I admire your intelligence and the way you handle an issue in its  
width and depth. But please don't overlook the subtle difference between the  
theory (of freedom, aka the constitution, aka 4 freedoms) and the practical  
problems that arise in real life.


I am fully with you in that there *are* some serious security and privacy  
problems yet to be solved in FOSS, and I am not claiming that the 4 freedoms  
make for a perfect constitution, but it is the best so far man has developed.  
It's still in evolution.


So, on one hand, pointing out some actual problems (which are indeed serious)  
is not an excuse to throw the whole constitution. To be able to do that, one  
should invent an alternative better than the original. And on the other hand,  
having a good constitution is not an excuse to take real life irregularities  
lightly. Both sides need to look from both angles, I believe.


Instead of throwing the baby out with the bathwater (for both parties), it  
might be more fruitful to try to *tune* the thing. A new rule needs to be  
added to the constitution? One of the rules need to be changed in some way?  
These are all good subjects for discussion. Rules can be pitched against  
actual problems, and vice versa. From this, better rules - hopefully -  
emerge. I'm all in for it. At least it can lead us to grasp just how big a  
quagmire the freedom issue is. That it cannot be completely and simply solved  
by a short list of rules, that the constitution only provides for a base to  
build sophisticated eco-systems on, that a web of peripheral rules  
(continually tuned with changing times) is necessary, etc.


Either top-down (from constitution to real life) or bottom-up (real life to  
constitution) design is possible. But before trying to replace the 4 freedom  
rules we happen to have, I think I ought to point out that there should have  
been an *immense* cumulative brain-power invested in those rules, which are  
evolved, tested and rugged by time. We can point to a specific real life  
problem and make an adjustment to the rules accordingly - only to find later  
out that our modification backfires on many other fronts. So, it must be a  
very, very delicate process to tune it.


But the whole subject is a very good food for thought anyway.

Re: [Trisquel-users] Web Browser

[greatgnu]

>He earned that respect and trust

NEIN NEIINN!! That's exactly the point of this entire thread: never  
trust! Always Test! Have you tested the Tramp with tcpdump? No, you haven't!


Shame.png

Re: [Trisquel-users] Web Browser

[γραφω λογον]

On 01/30/2018 11:38 AM, Supertramp wrote:

 I guess that was referred more to Heather

So I, the owner of the account "Heather" on the Trisquel community
discussion forums, am publicly apologizing for initially mistaking you
for a troll and then trying, unsuccessfully, to help you when I do not
have the time or emotional energy to do so effectively right now.

I will try harder to answer your most recent questions politely and
respectfully as soon as I am able. I trust Supertramp's judgement and
when he tells me, "It's not a troll, it's just the postman, Cerberus.
Good doggie! Here's a dog biscuit." then I believe him and am capable of
acting like at least a reasonable facsimile of a civilized human being.

He earned that respect and trust. You haven't yet. Neither have I, so no
hard feelings.

Re: [Trisquel-users] Web Browser

[greatgnu]

>This site isn't accessible over Tor without completing one of those  
demeaning "Click on every picture containing a bus. Oops one of those was a  
car. Now try clicking on every picture containing a sign. Good boy!" security  
checks, so I'll take your word for it.



It is. I just did it, just needed to change the 'circuit', click on 'change  
the circuit for this website'. I was lucky, I just needed to do it once, you  
might be unlucky and change it 5 or 10 times.. Bad sigg though.


>or a more restrictive case where you can't even compile it yourself and  
redistribute it as Pale Moon.


Indeed, if I understand it correctly, that is exactly the case. It's  
proprietary software. And we are talking about software here, not artwork,  
not a logo, which is not software.

Re: [Trisquel-users] Web Browser

[greatgnu]

>I am not an authority in FOSS or any matter

You don't need to be, nobody needs any authority at all. Software freedom is  
not based on authority but licenses. All that really matters is the licenses.  
The license is freedom when it's free and it's jail when it's proprietary.


> I am not selling anything. I don't even take donations.

I guess that was referred more to Heather doubting you or me originally  
doubting your chromium shilling, for in my last comment or any other ones I  
never implied that you do, on a contrary I think you are genuinely interested  
in the topic of privacy. 

Re: [Trisquel-users] Web Browser

[studio]

> it is because their communities do not see those as critical issues

This is nonsense. They have deliberately created the issue of telemetry and  
all the rest. And they ignore repeatedly what has been shown to them. So it  
is not because they "do not see". I have made everything possible so that  
everyone sees. What is the result? I am honestly tired of reading preaching  
about the 4 divine commandments which nobody cares to exercise in practice  
and just waits for the next listed recommendation.


> Thanks to freedom 3, another fork can arise to fix the "critical issues".

Forks have arisen. Some claim they fix the issues. And they don't. And you  
still defend their bible.


> You can push in that direction or, like you do (and it is indeed better to  
not scatter the development effort), try to convince the developers of  
Firefox (or of one of the derivatives) that the issues you point are indeed  
critical and ought to be addressed, despite the associated loss in  
functionalities.


You see: that's what I am talking about. You just sit and evaluate what  
another one does and whether it conforms to the 4 divine commandments or not.  
And although I have asked a question explicitly saying to leave for a moment  
these 4, you are back to all that. It seems impossible to have a meaningful  
conversation what one says "My friend, look at the sky, let's have a walk and  
see some things" and another says "Looking at the sky may not conform to the  
rules, it is good/bad to look, it is good that others have the 'freedom' to  
look, try to convince others to look"... to infinity.

Re: [Trisquel-users] Web Browser

[studio]

Please, if you don't mind: I have already given a scenario + questions about  
that specific scenario.


You are creating another scenario and arguing about different questions that  
arise from it. This is meaningless. In an oppression regime you have no  
rights and no freedom. In a community without Internet you don't need to  
worry about the browser connecting to Amazon or Google. There is nothing to  
discuss there, so let's not go off into something else. Please look at what I  
am actually asking (if you want), don't invent other things, don't argue for  
the sake of defending what you were told to be right. Kindly also note that  
the same persons who tell you about all the things you defend wrote:


"If you're looking to surf the web at speed, but with a concern for your  
privacy and safety at the same time, look no further than GNU Icecat."  
(https://www.fsf.org/working-together/gang/icecat)


A simple test proved that it is not true. IceCat makes connections in the  
background and it doesn't even ask the user if he wants that or not. This is  
exactly the situation "the software is using me, I am not using the  
software". So the bolded statement on FSF's page is an irresponsible one  
because it does not show the actuality. It crease a false sense of security  
which is worse than knowing something is insecure. They were informed about  
that. Still - do you see any article saying "We were wrong, actually IceCat  
connects to Akamai without your knowledge"? It has been more than a month.  
How many people in the so called community have even offered a workaround  
(e.g. through user.js or about:config)? Where is the community who has the  
'freedoms' to modify things when such critical issue is found?


You see - giving talks repeatedly about how bad all this is and then offering  
a product which does it is an obvious contradiction. It may not be deliberate  
and due to inattention but inattention itself is irresponsibility. Without  
being absolutely sure about things one should never recommend things,  
especially beautiful fantasies. Yet there are those lists of endorsements and  
recommendations which so many people here seem to easily fall into.


So if you are serious - forget about what others have said. Don't follow  
"look no further" instruction but look further, go beyond. Use your eyes and  
your brain.

Re: [Trisquel-users] Web Browser

[Adonay Felipe Nogueira]

Yes, you need to have them available, not because you'll necessarily use
them, but because someone else will, be it the person who gave it a
copy, the other which received a copy from you, the thirty fifth
genration of people who receive copies from your generation.

You never know the econimic and social scenario these people will be
under, they can be in a desert, a censorship regime or a place without
Internet. At the same time their status presses them, the restrictions
on freedom 2 and 3 would also do the same in such status. What good
would it be if a given person in a community without Internet would be
forbidden to distribute original and modified copies? Even if the person
doesn't do such things and instead goes on into "doing fixing service"
for that software, it would again be characterized as distribution
(because the person already knows what to do, so they do it over and
over). As for the distribution of originals, it all goes back to the
pressed situation again, because the person could help others which are
under such case too but which aren't fortunate enough to have such
software to help their daily lives. In all cases, the second half of
"distribution", selling, is also important, otherwise how would that
person reward himself for the work they do in that scenario?

2018-01-29T23:30:29+0100 stu...@anchev.net wrote:
> If a program is good (works as expected, doesn't spy or damage data)
> and gives you freedom 0 and 1 - do you really need freedom 2 and 3?
>

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.