OpenSourcerer 1442 Posted ... (edited) I love browser extensions. I do because - well, they extend the functionality of browsers. They add new functions and make already available things better or easier. That's why it might be good to fund them, especially if they help you enhance your privacy/security. Now there is a topic to fund the NoScript browser extension. Many people know NoScript and its powers and they use it. Two million Firefox installations do. But there's more than NoScript. My idea is the following: Create a list of extensions that directly enhance privacy and/or security and fund them all. The list gets a budget and we split it up. This way we can help many projects in a shorter time and with less money - and the devs would still be thankful! I will start with those four add-ons - they all are available for Firefox:NoScript by Giorgio Maone Self-Destructing Cookies by Ove RequestPolicy by Justin Samuel Disconnect (as well as Facebook/Twitter/Google Disconnect) by disconnect.mePost other addons and ideas here. This may be an idea for May and a request for not funding NoScript alone.May projects funding poll lost. Let's see if it will win in the June poll Extensions which are up for election:NoScript by Giorgio Maone (script management, anti-script/anti-track, anti-XSS, anti-clickjacking) Self-Destructing Cookies by Ove (cookie management, anti-track) RequestPolicy by Justin Samuel (request management, anti-CSRF) Disconnect by disconnect.me (anti-track) BetterPrivacy by IKRG (similar to 2. Self-Destructing Cookies) DoNotTrackMe by Abine, Inc. (similar to 4. Disconnect) HTTP Nowhere by Chris Wilper (anti-HTTP , blocks unencrypted traffic) HTTPS-Finder by jacobsk...@gmail.com ("finds" HTTPS when browser connects to a HTTP website) Referrer Control by muzuiget (referrer control, anti-track) Perspectives (SSL certificate checking without using CAs)Addons not mentioned, reason (bracketed) or linked...AdBlock Plus/EdgeHTTPS-Everywhere (the EFF does much more things - maybe open a separate No-Profit thread for them?!)Convergence/Convergence Extra (don't seem to be actively developed)Ghostery (indirectly mentioned)DNSSEC/TLSA Validator (not open source) Edited ... by giganerd 4 PirateParty, encrypted, yaranaika and 1 other reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
GoXRUTD7k8FfZp5jmvNK4uE6 7 Posted ... Some addons for Firefox that I would recommend supporting not already suggested (Some also available in Chrome): BetterPrivacyDoNotTrackMe (I prefer this over Disconnect/Ghostery as the Abine company seems to be more privacy friendly)HTTP NowhereHTTPS FinderHTTPS EverywhereReferrer ControlAdblock Plus / Edge (I use this in conjunction with the HostsMan Windows application) Something to think about. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Referrer Control Hey, thanks. Very interesting addon! I'd support this one, too. Adblock Plus / Edge Adblockers don't enhance privacy or security.By the way, AdBlock Plus would be the very last addon I'd support. Really. Please stop using it. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
PirateParty 49 Posted ... Adblock Plus / EdgeAdblockers don't enhance privacy or security.By the way, AdBlock Plus would be the very last addon I'd support. Really. Please stop using it. Adblock Plus can enhance privacy, there are many lists you can enable when you install it. It does nearly the same thing as disconnect. https://easylist-downloads.adblockplus.org/easyprivacy.txt EasyPrivacy is an optional supplementary subscription that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data. Quote Hide PirateParty's signature Hide all signatures https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum Share this post Link to post
GoXRUTD7k8FfZp5jmvNK4uE6 7 Posted ... Referrer ControlHey, thanks. Very interesting addon! I'd support this one, too. No problem I would argue the opposite gigan3rd and agree with PirateParty. Lists such as EasyPrivacy+EasyList, Fanboy's Social Blocking List and Malware Domains help with both privacy and security by reducing tracking and blocking infected domains. For sites that you do support however, try and become more active in disabling your ad blocker for their domain to let the money flow where you believe it should. 1 PirateParty reacted to this Quote Share this post Link to post
CultureVulture 30 Posted ... I love browser extensions. I do because - well, they extend the functionality of browsers. They add new functions and make already aviable things better or easier. That's why it might be good to fund them, especially if they help you enhance your privacy. Now there is a topic to fund the NoScript browser extension. Many people know NoScript and its powers and they use it. Two million Firefox installations do. But there's more than NoScript. My idea is the following: Create a list of extensions that enhance privacy and fund them all. The list gets a budget and we split it up equally, by aviability for browsers or by popularity.Let's say, we have four add-ons and a budget of 400€. As a result: Every add-on developer would get 100€ if equally split up. By aviability: #1 would get 150€ since it's aviable for A, B and C, #2 gets 100€ because it's only aviable for A and B and so onBy popularity: #3 gets 250€ because it has more than 500 000 users, #4 gets 50 because of 50 000 users and so on..We need more thoughts on the third thing, for example relativity: Should it be relative to the addon with the most users or relative to the user number average of all addons?... This way we can help many projects in a shorter time and with less money - and the devs would still be thankful! I will start with those four add-ons - they all are aviable for Firefox:NoScript by Giorgio MaoneSelf-Destructing Cookies by OveRequestPolicy by Justin SamuelDisconnect (as well as Facebook/Twitter/Google Disconnect) by disconnect.mePost other addons and ideas here. This may be an idea for May and a request for not funding NoScript alone. YES! Excellent. Quote Share this post Link to post
CultureVulture 30 Posted ... Referrer Control Hey, thanks. Very interesting addon! I'd support this one, too. Adblock Plus / Edge Adblockers don't enhance privacy or security.By the way, AdBlock Plus would be the very last addon I'd support. Really. Please stop using it.What's the reasoning against Adblock Plus? Quote Share this post Link to post
InactiveUser 188 Posted ... What's the reasoning against Adblock Plus?It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity. "In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"."source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma": "I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out." source: https://adblockplus.org/blog/the-monetization-dilemma 1 OpenSourcerer reacted to this Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
pfSense_fan 181 Posted ... SSL Certificate checking with Perpectives Project https://addons.mozilla.org/en-US/firefox/addon/perspectives/ http://perspectives-project.org/ https://en.wikipedia.org/wiki/Perspectives_project Personally, I would like to see a perspectives notary added to each AirVPN server. Would add a "trusted" notary for Air users. It's evolution, Convergence (by Moxie Marlinspike, based on Perspectives Project) seems to have even more promise, but doesn't seem to be continually supported. http://convergence.io/ https://en.wikipedia.org/wiki/Convergence_(SSL) https://www.youtube.com/watch?v=i9e4g7SV244 (Moxie Marlinspike Speaks Part 1) https://www.youtube.com/watch?v=EYv3bTTNF1w (Moxie Marlinspike Speaks Part 2) There is someone trying to update Convergence though, not many users at this point. https://addons.mozilla.org/en-us/firefox/addon/convergence-extra/ Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
CultureVulture 30 Posted ... What's the reasoning against Adblock Plus?It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity. "In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"." source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma": "I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out." source: https://adblockplus.org/blog/the-monetization-dilemmaUgh. Point taken.All the more reason, therefore, to support good developers doing important work on addons that protect privacy and security by PAYING THEM some money!!Surely Ghostery is as problematic as AdBlock Plus? Quote Share this post Link to post
OpenSourcerer 1442 Posted ... What's the reasoning against Adblock Plus?It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity. "In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"." source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma": "I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out." source: https://adblockplus.org/blog/the-monetization-dilemmaUgh. Point taken.All the more reason, therefore, to support good developers doing important work on addons that protect privacy and security by PAYING THEM some money!!Surely Ghostery is as problematic as AdBlock Plus? I concur!I stopped using it when I heard of a few quite popular gaming sites shutting down their services because they got many visitors but didn't make enough money from the advertisements there. So they concluded that many people use adblockers who just don't care what is being blocked or don't know how to unblock certain sites. I realized that by using ABP I contribute to the death of these good sites and blogs and stopped using it immediately. That was two or three years ago.Later I discovered NoScript and realized that it can be a good adblocker, too, only blocking aggressive ads like Flash. I don't like Flash, anyways, but I still see ads on websites and they don't distract me. Good deal, I think About Ghostery: I heard something similar about this but I just skimmed the press article reporting about it. Would be nice if someone could tell us more. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
OpenSourcerer 1442 Posted ... Hewewith I add DNSSEC/TLSA Validator to the list. It's an add-on for Firefox, Chrome, Safari, IE and Opera to implement DANE. A post on this will follow in the near future.I noticed it's not open source.. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
OpenSourcerer 1442 Posted ... ## Updated to suit integration into the June poll ## Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Stan464 2 Posted ... i disagree with adverts outright, if i wanted to watch ad's, I would turn my TV on... With that, i can understand the need for "Ad's" as they if someone is hosting something for free & they need the additional revenue to support the back end, that's fine.... Like youtuber's, There's one thing making it a Hobby, But why mooch of that & not get an actual job like the rest of us?.. granted, that can be easier said than done, but don't cry when people use adblock. Again, if we wanted Ad's, We would stick the TV On. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... But why mooch of that & not get an actual job like the rest of us? I see YouTube video creators and uploaders as "digital artists". Their job is to entertain those who search YouTube for some entertainment after they probably did their actual (stressful) job. I think it's important to let them have some income just to give them an incentive to remain active. After all, you don't pay for seeing their videos, right? You just see a 30 second ad before their video, you can even skip many of them after five seconds! Does seeing an ad kill you?To be honest, some of them are even quite interesting...Hint: You can use HTML5 playback. No ads. But there are a few videos which force you to use Flash for ad playback. Again, if we wanted Ad's, We would stick the TV On. Who is "we"? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Artful Dodger 23 Posted ... New browser extension which is trying to deal with fingerprinting: https://github.com/ghostwords/chameleon Quote Share this post Link to post
rickjames 106 Posted ... New browser extension which is trying to deal with fingerprinting: https://github.com/ghostwords/chameleon I love the idea of privacy extensions but,A: That's for chromeB: It trys to make chrome look like the tor firefox browser The pool of non tor browser users is Massive, the pool of tor users is relatively miniscule in comparison. Forcing your browser into a smaller user pool is counterproductive, making your browser look like a tor browser is borderline absurd. 2 NbK and OpenSourcerer reacted to this Quote Share this post Link to post
Guest Posted ... You should search for informations before recommending some addons.Disconnect is maintained by Google developersGhostery belongs to an advertiserAdblock partnered with Google (and others)HTTP Nowhere and HTTPS Privacy shouldn't be mentioned as there's HTTPS Everywhere from EFFThere's Privacy Badger from EFF to prevent trackers tooYou're not going to help people if you encourage them to use privacy-less software. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... And you should read the first post. Ghostery belongs to an advertiser I excluded it from my recommendations. I also linked to the post explaining why. HTTP Nowhere [...] shouldn't be mentioned as there's HTTPS Everywhere from EFF HTTPS Nowhere blocks all HTTP connections. HTTPS Everywhere forces HTTPS for supported sites. Clearly these are not the same. Disconnect is maintained by Google developers[...]You're not going to help people if you encourage them to use privacy-less software. Do you want to be the first giving up Firefox, then? Because Google is there, too. Now really. I strive to maintain a healthy mix between carelessness and paranoia, and so far my life is wonderful. I know what's going on without having nightmares. And I consider this to be the healthiest way of living. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
NbK 4 Posted ... i use: Js Switch, Toggle Cookies, Ublock Origin, No Script, Flag Fox and Down Them All. in my opinion less is better https Everywhere is just as much of a joke as https is. the key is more in about:config i can post my about:config settings for u guys if u like i have most in a text for my vbox installs. 1 rickjames reacted to this Quote Share this post Link to post
go558a83nk 364 Posted ... i use: Js Switch, Toggle Cookies, Ublock Origin, No Script, Flag Fox and Down Them All. in my opinion less is better https Everywhere is just as much of a joke as https is. the key is more in about:config i can post my about:config settings for u guys if u like i have most in a text for my vbox installs. https is a joke? 1 InactiveUser reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... HTTPS is not perfect, but far from being a joke.Remember NSA's QUANTUMINSERT?It modifies HTTP traffic. They can't inject into HTTPS connections.Or let "Hacking Team" explain to us how they intercept HTTPS and also Tor traffic:"Place an in-line Active Probe in the ISP’s network""Exploit the target transparently by injecting a browser-based exploit while he’s surfing the web (http)" <<< !!!!!"Insert a trusted root CA certificate(s) for MITM""Decrypt and Decode the traffic!"Under "Challenges", Hacking Team lists:"Pay attention to EFF SSL Observatory" <<< HTTPS Everywhere feature!"Tor manipulation is possible only through clear-text traffic" Hacking Team is a very capable attacker, so is the NSA. Both love HTTP and consider HTTPS to be, at the very least, a big obstacle.Certainly not a joke. Source for the Hacking Team statements I quoted:https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Naga/httpX/Presentation.pptxCaution! It's a direct link to a .pptx Powerpoint presentation. Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
zhang888 1066 Posted ... Thanks sheivoko, but comparing Hacking Team capabilities to NSA would be same as comparing my mid-2000s family sedan to a racing car.They both ride, they both do what you buy them for, but they certainly don't do it in the same time and quality, and the second player has certainlysome things under the sleeve. If a sleazy company like hacking team was able to sell flash 0day to sleazy governments like Nigeria and Sudan, it means two things (at least):1) You need to completely throw Flash altogether, no click-to-play, no click-to-anything. Full removal.2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would bemasking yourself as a Windows NT 6.1 user while using other *nix OS, just as example. And of course enforcing end-to-end encryption where applicable. That will break most of adversaries tools.Not a bullet-proof technique of course, but will require a tailor made exploit to compromise you. 2 rickjames and NbK reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
NbK 4 Posted ... 2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would bemasking yourself as a Windows NT 6.1 user while using other *nix OS, just as example. about:config settings for above (incase some one needs it) Create a New String: general.appname.override | Set @ NetscapeCreate a New String: general.appversion.override | Set @ 5.0 (Windows)Create a New String: general.buildID.override | Set @ 0Create a New String: general.productSub.override | Set @ 20100101Create a New String: general.useragent.vendor | Leave Empty and hit EnterCreate a New String: general.useragent.vendorSub | Leave Empty and hit EnterCreate a New String: general.useragent.override | Set @ Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0Create a New String: general.platform.override | Set @ Win32Create a New String: general.oscpu.override | Set @ Windows NT 6.1 1 rickjames reacted to this Quote Share this post Link to post
CriticalRabbit 6 Posted ... But why mooch of that & not get an actual job like the rest of us? I see YouTube video creators and uploaders as "digital artists". Their job is to entertain those who search YouTube for some entertainment after they probably did their actual (stressful) job. I think it's important to let them have some income just to give them an incentive to remain active. After all, you don't pay for seeing their videos, right? You just see a 30 second ad before their video, you can even skip many of them after five seconds! Does seeing an ad kill you?To be honest, some of them are even quite interesting...Hint: You can use HTML5 playback. No ads. But there are a few videos which force you to use Flash for ad playback. >Again, if we wanted Ad's, We would stick the TV On. Who is "we"? I disagree. The advert should be optional and should, therefore, be at the end of the video. The same applies for webpages. If I enjoyed the video (or web content) I could then support the creator by watching an optional advert at the end of it. I hate being forced and I’ll decide what runs on my computer, even inside of my browser. What I hate the most is the deception; why should I allow ad companies to track me across the internet? When did I ever agree to that? 1 germanfreimacht reacted to this Quote Share this post Link to post