> When you quote automatically whole (especially lengthy posts) it is
> difficult to follow what exactly you are commenting on (without
Sorry, I'll do trim-posting now. :D
> I have sent this using the Contact link on this site. No reply so
> far. No fix either. Hopefully someone will look into it
After some help from devs I was able to run the program. Unfortunately it
seems unable to open any site using SSL. There are no any background
chattering connections but still it seems quite limited and the interface is
not really anything I am used to (there is practically no humanly UI).
https://www.reddit.com/r/firefox/comments/7x59ey/firefox_making_requests_without_consent_even_in/
Latest commits on github are from 2018-01-05.
And the issue I reported already got a reply (2 hours).
> https://www.uzbl.org/
Latest news is from 2016.11.27 and it is not included in Debian, hinting that
maybe it is not yet quite ready for prime time.
I just found a project you may be interested to check:
https://www.uzbl.org/
Unfortunately I am getting some errors when running 'make', so I can't share
anything more.
Update:
I received a reply from IceCat's developer. He is working on improvements to
IceCat (and Abrowser) to fix the previously mentioned issues.
We are in the same both.
https://trisquel.info/en/forum/family-privacy-again?page=1#comment-127273
> Same with privacy. If I say (like it's popular) "I have nothing to hide" am
actually saying "I don't care about you either. Anything you send to me can
end up in the wrong hands."
I see your point. And I was a bit exaggerating (or misrepresenting the
matter) when I said "not concerned eno
> I'm only interested in it as a technical debate, and not concerned enough
to protect my privacy. I don't know why - I should have been.
Is there is really such thing as "my"? Take health as an example: I may be
fairly careless about my health by assuming that it is *my* health and I can
d
> For instance, it wouldn't call home
> if the browser is not accessing a page with JS which makes outbound
> connections. The JS (and its outbound connections) has nothing to
> do with the spyware or its home address.
Yes, that would be the smart way to do it. I'm glad you don't work for Mozilla.
> (1) Malevolence = Deliberate info leaking. In this case, no matter where
you access, what the content or protocol is, the browser will do its thing.
Giving it a second thought, this can depend on how wisely a spyware is
written. A good spyware would be wise enough to stick its nose out *onl
> ... everyone is just clapping from the sidelines ...
BTW I must apologize for this sweeping generalization. It was unfair.
As for direct IP addressing, it should be straightforward to filter out DNS
queries and responses from the chatter, so access by domain names should be
tolerable - as long as you filter DNS part from the chatter. But then, since
you include DNS chatter to the test case, that means you also wa
> I actually thought of what you suggest. But:
Let me put it this way: You are testing the browser, and there can be 2 modes
of failure.
(1) Malevolence = Deliberate info leaking. In this case, no matter where you
access, what the content or protocol is, the browser will do its thing. To
I actually thought of what you suggest. But:
1. Testing plain http may never reveal things like this (which may be
additional info)
2. Testing plain http may not show connections specific to TLS (e.g. OCSP
requests), so it may create a false sense of privacy
3. Although for the sake of te
BTW, why don't you use plain http URL's to test? The less protocol
complexities are involved, the less parasitic effects there are. This also
goes for DNS lookups. It might be worthwile to use direct IP addresses
instead of domain names. Of course it wouldn't work on shared host sites but
t
> HTTPS is not VPN tunnel. What are you talking about? A metaphor?
It's *literally* not VPN but, *functionally* equivalent (or similar) AFAIK. I
don't know if this is within the definiton of metaphor.
HTTPS is not VPN tunnel. What are you talking about? A metaphor?
The rest sounds logical but it doesn't invalidate the possibility for using
it as an anti-privacy feature.
Some searching lead me to https://tools.ietf.org/html/rfc5246#section-7.2.1
but from that explanation I don't understan
I have been testing different browsers and settings with Panopticlick.
However I can't find a single browser for which "Is your browser accepting Do
Not Track commitments?" to show something different from "no". I have sent an
email to EFF a few days ago but no reply at all.
Another strang
> Yeah...of course.
I have been lurking in several forums / lists for a long time. Sometimes
there would be a thread which intrigues me so much that I can't curb the urge
to post something, and that's the point when I actually become a member,
until I got bored or another forum intrigues me
Conformity again. I don't know that person (in case anyone implies some
hidden connection) but everyone is free to be abnormal. Normality is a
statistical term, not a measure of sanity. Just like "Firefox respects your
privacy better" is a normal assumption but far from reality.
Hi "Hunter"/"Aranya"/"Abba12".
Yes, David, please blow me to kingdom come now.
Forgive me... now I can see the likeliness.
> > heyjoe i have been following this thread for since it started
> and i registered because of you
>
> Yeah...of course.
What? Normal people don't randomly stumble across and become engrossed in a
comically difficult-to-follow thread on a forum they have no connection to and
follow it for an e
> we are not
> really meeting each other, not communing as it were.
Indeed not, and whether you lack self-awareness or just pretend to, it was a
mistake for me to try again. Never mind.
> heyjoe i have been following this thread for since it started
and i registered because of you
Yeah...of course.
I am not a fan of anybody and I am not looking for fans, followers and all
that business. Having fans is stupid vanity. I have been saying the whole
time - no authority, no conformity to ideology (=no followers). Can't people
be friends without imposing rules on each other? Isn't that what fr
> I will be working to improve it further after more meticulous testing. Then
> perhaps it would make sense to reopen the repo on GitHub. (not a promise
> though, so don't hold your breath)
You've already done a lot of work and certainly have no obligation to do more,
but if you get around to it
> Do you think you could probably point me out to the correct RFC (or
whatever web standard document applies) to read more about that process?
I am not well versed on this, but AFAIK http requests are connectionless,
i.e. there's a request and a response, whereas https is connection based.
So far I have always thought that once the file is loaded, there is no need
to keep any connections open or to send packets in order to close them. In
fact it seemed to me logical that once the document is loaded, this
"handshake closing packets" (or whatever the proper technical term is) sho
Well, if the URL is "httpS" then the communication is connection based. The
browser can just drop the connection (without handshake) and the server keeps
the connection open till it times out. This (keeping a dead connection open)
can put a small burden on the server, cumulatively, i.e. if ev
I got a new gprl license , try to find 5 legs for my linseed, it will drive
you nuts always.
Why should HTTP make hand shakes or keep open connections after the
robots.txt has been downloaded? And what would be the exact mechanism (and
purpose) for doing anything like that?
> The sending of packets on exit to the currently opened site still persists
though.
It might be some protocol exchange (hand-shaking) to terminate an open
connection.
Disabled Adblock and deleted the adblock subdirectory from profile. On
startup there are no packets. The sending of packets on exit to the currently
opened site still persists though.
> QupZilla
> Startup: multiple connections to filter37.adblockplus.org
> Open preferences - zero packets but when I clicked on "Tabs" section more
packets to filter37.adblockplus.org were sent
Could you retry it with AdBlock disabled? (in the Tools menu)
On a side note, there was an online/of
> I'm using your user.js and it works beautifully
I will be working to improve it further after more meticulous testing. Then
perhaps it would make sense to reopen the repo on GitHub. (not a promise
though, so don't hold your breath)
heyjoe i have been following this thread for since it started
and i registered because of you
i thank you for all the work you've done so far
I'm using your user.js and it works beautifully
please Continue to work on this matter and user.js specifically i appreciate
all the work you do
and d
So far there is not a single post in this thread in which you talk about web
browsers. Yet you tell me I talk back for the sake of it.
This comment reeks of sarcasm and is just so funny, I really have to commend
you.
I got a good chuckle and smile out of how tongue and cheek this was.
Awesome trolling though. :)
Please by all means do more of these posts. Though its better if you do it in
the troll lounge. ;)
epiphany
---
Startup: multiple connections to filter20.adblockplus.org
Second startup: zero packets
Open preferences - zero packets (disable plugins)
Browse to https://fsf.org/robots.txt - no 3rd party connections
No setting to disable JS
Panopticlick score: 20.14 bits
links
---
Same result as elinks but with one difference:
Exiting causes some additional packets to be sent to the host of the the
currently opened URL
QupZilla
---
Startup: multiple connections to filter37.adblockplus.org
Open preferences - zero packets but when I clicked on "Tabs" section more
packets to filter37.adblockplus.org were sent
Disable: JS, pepper plugins (flash) (strange there is an option because such
package is not installe
elinks
---
Startup - zero packets
Open options - zero packets
Browse to https://fsf.org/robots.txt - no 3rd party connections
Panopticlick score: 20.14 bits
Yes. And so, circling back to Abdullah Ramazanoglu's original question,
determining the public domain status of a thing depends on establishing a
specific fact pattern for that thing, taken in light of a specific country.
That can result in something being public domain in one country and not
> Of course, it should probably be said that this is a U.S.-centric viewpoint
> and not necessarily applicable to non-U.S. people.
Absolutely, I thought I had clarified this but now realize I only specified
that the 1923 thing is U.S.-specific. Everything I said after that point is
also specific
Of course, it should probably be said that this is a U.S.-centric viewpoint
and not necessarily applicable to non-U.S. people.
"Then what would be the legal status of of the legacy public domain base?"
It would be hard to generalize about this because of so many factors. What
country is it public domain in and why (copyright expiration? Because the
author abandoned it (and maybe other countries won't recognize that)?
I don't know the answer to all of these situations, but if the author has
explicitly released the work into the public domain you should be fine
modifying and redistributing it (although they should really use CC0 to avoid
ambiguity), while if the author has omitted a license you should assume i
Well, I made a copy of it, so that I can run it. I didn't run it on the web
page. So I deserve to be stoned.
BTW I wasn't expecting clarifications although I appreciate your effort to
bring the thread out of the totally ridiculous direction it took. :) Just
stone me and let's finish with th
.
> And so, something like CC0 is more likely to accomplish the intended goal.
This is news to me. Up to now I thought simply a missing copyright notice
automatically translates into public domain.
Then what would be the legal status of of the legacy public domain base?
For instance could I be
That's so much nonsense that I clearly won't bother to argue. Just read
jxselfs post if you're really interested in it, but I guess you prefer to
defiantly talk back just for the sake of it.
"Then I ran the first shared bash script, so I immediately committed a crime"
Copyright doesn't usually do anything with the running of programs, but with
derivative works and the making of copies.
"I am also reading (and copy-pasting excerpts from) your automatically
non-free copyrighted f
> So you completely ignored the fact that NOT attaching a license to a piece
of software is immediately making it non-free?
Damn. Then I ran the first shared bash script, so I immediately committed a
crime. Take me to court for breaking the international copyright law. I am
also reading (an
Thanks to things like the Berne Convention as well as various international
treaties that have come along since then, when someone makes something
they're not getting one single solitary copyright from their home country but
about 200 different copyrights from various countries around the wor
So you completely ignored the fact that NOT attaching a license to a piece of
software is immediately making it non-free?
Well, I guess you have to ignore it, because it would make all the rest of
you agrumentation just crumble.
> Forums are not the place to "release" software.
Says who?
Peo
If you want to get something straight you should read it straight. You
interpret, modify it and then ask what is wrong. The answer is: your process
is wrong.
"I *accuse* person X of having a serious mental disorder" or "I *blame*
others for writing free software" is different from:
"Prote
Let me get this straight:
Magic Banana writes a piece of software and releases it under the GPL, and
you accuse him of having a
"serious mental disorder" for that.
What the is wrong with you?
He explicitly grants every user the four freedoms he deservers, and instead
of being grateful f
I have no tactics so please stop looking for such and assigning them to me. I
am simply allergic to people deliberately twisting the meaning of what is
being said. It's time wasting and annoying.
Protecting forum posts with copyright and licenses is insanity. If 2 people
communicate by hand
> I will never accept anything from anyone who
> tells me "I can potentially help" and then imposes regulations on that
> "help" (however 'ethical' anyone may consider that).
I thought that if a program works as expected and is open and transparent we
don't need additional freedoms. :)
I've noti
> No copyright would actually mean the classical copyright, under the Berne
convention.
"No copyright" would mean that if my whole post was just these 2 words. But
those 2 words are extracted from a sentence which contains additional and
essential info.
https://unlicense.org/
> Good luck
> For a (any) licence to take legal effect, the work has to be legally owned
by some entity, i.e. copyrighted, AFAIK.
Exactly. There is no such thing as anonymous copyright holder or licensor.
You can't go to court and say "I am the completely anonymous person of that
forum post and because
For a (any) licence to take legal effect, the work has to be legally owned by
some entity, i.e. copyrighted, AFAIK.
Without a © it is basically public domain, and cannot be subjected to a
license. So, I gather that MagicBanana is not demanding, but kindly
requesting that the work to be used
> So you are pasting lines of code in a public forum claiming that by using
this code any completely anonymous person is signing a legal agreement with
you (an anonymous licensor) and that that this has legal power? Are you
serious?
Why should it matter where he releases his software? Githu
Thanks but I automation like this (based on ">50%" or similar) seems
dangerous to me. These are important settings and my plan is to give the user
the ability to control what he sets, not some automatic script.
> By the way, all the software I write, including the two scripts in this
thread
I guess I meant a less bad situation than what we have now.
signature.asc
Description: This is a digitally signed message part
I would like to hear more of your thoughts in the other thread which I opened
some time ago:
https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do
Let's leave this one for browsers, so that we don't make it a burden for
others :)
> If huge effort should be applied, it should
> start from the very root of the problem.
In the past, hardware was either so basic as to not utilize firmware, or,
when it did, onboard processor was barely coping with the job to have spare
cycles for spying around. In that era, "proprietary ha
I am not saying it is impossible. It just needs huge amount of long term
work. Imagine just the JS module...
> I don't know if it makes much sense. Just brainstorming.
It makes a lot of sense but such a process won't resolve the root issues at
firmware/hardware level, so it won't ensure priv
> Things have become so complex in the
> last 10 years that it is difficult to
> follow, what's left for development.
Maybe a modularized approach could solve this. You know, once "lp" was a huge
software, with print management and printer drivers lumped into a monolithic
package. Then lpr-ng
I think one of the biggest problems is that the web standards are influenced
to a great degree by the tech giants (Google, Mozilla) and this makes it hard
for smaller projects to catch up as they don't have the same human power.
Things have become so complex in the last 10 years that it is di
> What do you suggest?
Unfortunately I have no suggestion for a browser that is both as
www-compatible as FF and fairly lightweight and security/privacy respecting.
The closest I came with was Midori (yes, it shows it's age and orphanage) for
general web browsing, Qupzilla (eith its non-fre
> Trying to produce a secure and privacy respecting browser out of an
opposite one (and an obese one in that) is not very good strategy IMHO.
What do you suggest? I have tried pretty much everything and I am running out
of options. If it was within my abilities I would write another browser.
> Thoughts?
With multi-millions of LOC, FF forks doing just cosmetic changes is only
normal. What else could they possibly do? Trying to produce a secure and
privacy respecting browser out of an opposite one (and an obese one in that)
is not very good strategy IMHO.
What's wrong with -say
Thanks. The output looks better now.
> I added two comments. The script is like 20 lines long. There is not much
to refactor.
I can look into that myself.
> I will not write any PHP
No need to. I can do it if/when necessary.
BTW another thing about IceCat:
While trying to understand
Thanks.
Here is a test using the user.js which I attached in a previous comment and
the one from the ghacks project:
[/tmp/download]: ./mb user.js ghacks.js > out.txt && head -n 20 out.txt &&
tail -n 20 out.txt
# key user.js ghacks.js
accessibility.force_disabledundef 1
alerts.sho
"Meditate on this I will"
:)
> This needs lots of man hours and lots of attention, especially for
> the cryptographic parts (and I am not an expert in that).
There may be people here who can help who aren't following this thread. It
might be worth starting a new thread with a subject line specific to this
project, summarizi
Nah, you're just getting the brunt of my anger at myself so I don't have to
ask my doctor if Celexa is right for me. I just don't speak your language is
all.
Guilty as charged and drama queens belong on social media, not on the English
speakers' Peer Support forum of the Trisquel boards.
After some recent feedback from pyllyuko's project it seems this whole thing
is very overwhelming. There are lots of undocumented variables for which they
seem to dig in bug reports etc. Even if I succeed to make something I
definitely won't be able to keep up to date such huge amount of info
Visualization is easy. Extracting/storing/manipulating/versioning the data is
the challenge.
First I need to find a way to extract all the existing variables and their
values from each FF fork and from the different user.js projects. Storing all
that may require more than 2 dimensions for t
> There is sense: the telemetry component of Firefox sends anonimized data
that help Firefox's development, safe search warns about phishing and
malware, etc.
> "Different views than yours" is what you call "nonsense".
No. It is not "my view" vs another. It is contradiction of facts with
p
I need to learn how to upload/commit changes and document everything
properly.
I also need to find out a proper format for the matrix for easy visualization
and review. Perhaps a simple spreadsheet in LibreOffice will do for
import/export to CSV which a script can handle further. If you hav
> This thread will go off the rails again if we discuss anything other than
web browsers here.
Agreed. Next time anyone mentions anything about "but this is not free" I
won't answer, so that I don't get accused of "tactics". Then you can tell the
other person to stay on topic. :)
> Can yo
> Back to browsers: The discussion with the authors of pyllyukko user.js lead
> to the idea to create a matrix comparing the settings of different similar
> projects, including Tor. So they suggested that I create a repository on
> GitHub where this matrix can be maintained and updated easily when
> You are missing the point of the question.
I did not miss *the* point. There were two points: the specific case of
Palemoon and the general case. My first paragraph addressed the former, while
my second paragraph addressed the latter. You then acted as if focusing on
Palemoon in the first par
In case you (or anyone else) have misunderstood: I am not trying to replace
the 4 so called freedoms - neither lightly, nor in any other way. They
obviously have their place and value. What I am saying is:
1. I question and am quite reluctant to the usage of the word freedom for
something t
Heather, I am glad to see you are not just a mechanical being using a
keyboard and it is really good that you are critical. But perhaps it would be
better not to turn it into some drama. I have never felt abused by your words
or anything like that, so there is no need to torture yourself abou
For what it's worth, I can only say this:
the human being behind Abdullah Ramazanoglu's words must be a wise one.
Thank you for those words.
If only more people were able to reason and talk like that..
Guilty as charged, lol, and THAT, my dear complete random stranger
and/or sheep in wolf's clothing, is the only reason why you know so much
about which bruises to kick to make me dance and say funny things
instead of getting my fool self banned from yet another forum. ;)
Off to autodidacticize mys
(Posting to main thread in order to reset thread indentation that gone wild.)
It's like comparing the constitution to actualities of life. Both sides have
their point, but no constitution can achieve a perfect system, and no
irregularities of actual life invalidates a good constitution.
Sti
>He earned that respect and trust
NEIN NEIINN!! That's exactly the point of this entire thread: never
trust! Always Test! Have you tested the Tramp with tcpdump? No, you haven't!
Shame.png
On 01/30/2018 11:38 AM, Supertramp wrote:
I guess that was referred more to Heather
So I, the owner of the account "Heather" on the Trisquel community
discussion forums, am publicly apologizing for initially mistaking you
for a troll and then trying, unsuccessfully, to help you when I do not
h
>This site isn't accessible over Tor without completing one of those
demeaning "Click on every picture containing a bus. Oops one of those was a
car. Now try clicking on every picture containing a sign. Good boy!" security
checks, so I'll take your word for it.
It is. I just did it, just n
>I am not an authority in FOSS or any matter
You don't need to be, nobody needs any authority at all. Software freedom is
not based on authority but licenses. All that really matters is the licenses.
The license is freedom when it's free and it's jail when it's proprietary.
> I am not selli
> it is because their communities do not see those as critical issues
This is nonsense. They have deliberately created the issue of telemetry and
all the rest. And they ignore repeatedly what has been shown to them. So it
is not because they "do not see". I have made everything possible so th
Please, if you don't mind: I have already given a scenario + questions about
that specific scenario.
You are creating another scenario and arguing about different questions that
arise from it. This is meaningless. In an oppression regime you have no
rights and no freedom. In a community wit
Yes, you need to have them available, not because you'll necessarily use
them, but because someone else will, be it the person who gave it a
copy, the other which received a copy from you, the thirty fifth
genration of people who receive copies from your generation.
You never know the econimic and
1 - 100 of 302 matches
Mail list logo