Jump to content
Not connected, Your IP: 34.239.158.107

Recommended Posts

I love browser extensions. I do because - well, they extend the functionality of browsers. They add new functions and make already available things better or easier. That's why it might be good to fund them, especially if they help you enhance your privacy/security.
 
Now there is a topic to fund the NoScript browser extension. Many people know NoScript and its powers and they use it. Two million Firefox installations do. But there's more than NoScript.
 
My idea is the following: Create a list of extensions that directly enhance privacy and/or security and fund them all. The list gets a budget and we split it up. This way we can help many projects in a shorter time and with less money - and the devs would still be thankful!
 
I will start with those four add-ons - they all are available for Firefox:

  1. NoScript by Giorgio Maone
  2. Self-Destructing Cookies by Ove
  3. RequestPolicy by Justin Samuel
  4. Disconnect (as well as Facebook/Twitter/Google Disconnect) by disconnect.me

Post other addons and ideas here.
 
This may be an idea for May and a request for not funding NoScript alone.

May projects funding poll lost. Let's see if it will win in the June poll Extensions which are up for election:

  1. NoScript by Giorgio Maone (script management, anti-script/anti-track, anti-XSS, anti-clickjacking)
  2. Self-Destructing Cookies by Ove (cookie management, anti-track)
  3. RequestPolicy by Justin Samuel (request management, anti-CSRF)
  4. Disconnect by disconnect.me (anti-track)
  5. BetterPrivacy by IKRG (similar to 2. Self-Destructing Cookies)
  6. DoNotTrackMe by Abine, Inc. (similar to 4. Disconnect)
  7. HTTP Nowhere by Chris Wilper (anti-HTTP , blocks unencrypted traffic)
  8. HTTPS-Finder by jacobsk...@gmail.com ("finds" HTTPS when browser connects to a HTTP website)
  9. Referrer Control by muzuiget (referrer control, anti-track)
  10. Perspectives (SSL certificate checking without using CAs)

Addons not mentioned, reason (bracketed) or linked...

Edited ... by giganerd

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Some addons for Firefox that I would recommend supporting not already suggested (Some also available in Chrome):

 

BetterPrivacy

DoNotTrackMe (I prefer this over Disconnect/Ghostery as the Abine company seems to be more privacy friendly)

HTTP Nowhere

HTTPS Finder

HTTPS Everywhere

Referrer Control

Adblock Plus / Edge (I use this in conjunction with the HostsMan Windows application)

 

Something to think about.

Share this post


Link to post

 

Hey, thanks. Very interesting addon! I'd support this one, too.

 

 

Adblockers don't enhance privacy or security.

By the way, AdBlock Plus would be the very last addon I'd support. Really. Please stop using it.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

 

Adblock Plus / Edge

Adblockers don't enhance privacy or security.

By the way, AdBlock Plus would be the very last addon I'd support. Really. Please stop using it.

 

Adblock Plus can enhance privacy, there are many lists you can enable when you install it. It does nearly the same thing as disconnect.

 

https://easylist-downloads.adblockplus.org/easyprivacy.txt

 

EasyPrivacy is an optional supplementary subscription that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data.

Share this post


Link to post

Referrer Control

Hey, thanks. Very interesting addon! I'd support this one, too.

 

No problem

 

I would argue the opposite gigan3rd and agree with PirateParty.

 

Lists such as EasyPrivacy+EasyList, Fanboy's Social Blocking List and Malware Domains help with both privacy and security by reducing tracking and blocking infected domains. For sites that you do support however, try and become more active in disabling your ad blocker for their domain to let the money flow where you believe it should.

Share this post


Link to post

I love browser extensions. I do because - well, they extend the functionality of browsers. They add new functions and make already aviable things better or easier. That's why it might be good to fund them, especially if they help you enhance your privacy.

 

Now there is a topic to fund the NoScript browser extension. Many people know NoScript and its powers and they use it. Two million Firefox installations do. But there's more than NoScript.

 

My idea is the following: Create a list of extensions that enhance privacy and fund them all. The list gets a budget and we split it up equally, by aviability for browsers or by popularity.

Let's say, we have four add-ons and a budget of 400€. As a result:

 

  • Every add-on developer would get 100€ if equally split up.
  • By aviability: #1 would get 150€ since it's aviable for A, B and C, #2 gets 100€ because it's only aviable for A and B and so on
  • By popularity: #3 gets 250€ because it has more than 500 000 users, #4 gets 50 because of 50 000 users and so on..
We need more thoughts on the third thing, for example relativity: Should it be relative to the addon with the most users or relative to the user number average of all addons?...

 

This way we can help many projects in a shorter time and with less money - and the devs would still be thankful!

 

I will start with those four add-ons - they all are aviable for Firefox:

Post other addons and ideas here.

 

This may be an idea for May and a request for not funding NoScript alone.

 

YES! Excellent.

Share this post


Link to post

What's the reasoning against Adblock Plus?

It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity.

 

"In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"."

source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html

 

The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma":

 

"I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out."

 

source: https://adblockplus.org/blog/the-monetization-dilemma


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

SSL Certificate checking with Perpectives Project

https://addons.mozilla.org/en-US/firefox/addon/perspectives/

http://perspectives-project.org/

https://en.wikipedia.org/wiki/Perspectives_project

 

Personally, I would like to see a perspectives notary added to each AirVPN server. Would add a "trusted" notary for Air users.

 

​It's evolution, Convergence (by Moxie Marlinspike, based on Perspectives Project) seems to have even more promise, but doesn't seem to be continually supported.

 

http://convergence.io/

https://en.wikipedia.org/wiki/Convergence_(SSL)

https://www.youtube.com/watch?v=i9e4g7SV244 (Moxie Marlinspike Speaks Part 1)

https://www.youtube.com/watch?v=EYv3bTTNF1w (Moxie Marlinspike Speaks Part 2)

 

 

There is someone trying to update Convergence though, not many users at this point.

https://addons.mozilla.org/en-us/firefox/addon/convergence-extra/


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

 

What's the reasoning against Adblock Plus?

It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity.

 

"In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"."

 

source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html

 

The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma":

 

"I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out."

 

source: https://adblockplus.org/blog/the-monetization-dilemma

Ugh. Point taken.

All the more reason, therefore, to support good developers doing important work on addons that protect privacy and security by PAYING THEM some money!!

Surely Ghostery is as problematic as AdBlock Plus?

Share this post


Link to post

 

 

What's the reasoning against Adblock Plus?

It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity.

 

"In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"."

 

source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html

 

The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma":

 

"I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out."

 

source: https://adblockplus.org/blog/the-monetization-dilemma

Ugh. Point taken.

All the more reason, therefore, to support good developers doing important work on addons that protect privacy and security by PAYING THEM some money!!

Surely Ghostery is as problematic as AdBlock Plus?

 

I concur!

I stopped using it when I heard of a few quite popular gaming sites shutting down their services because they got many visitors but didn't make enough money from the advertisements there. So they concluded that many people use adblockers who just don't care what is being blocked or don't know how to unblock certain sites. I realized that by using ABP I contribute to the death of these good sites and blogs and stopped using it immediately. That was two or three years ago.

Later I discovered NoScript and realized that it can be a good adblocker, too, only blocking aggressive ads like Flash. I don't like Flash, anyways, but I still see ads on websites and they don't distract me. Good deal, I think

 

About Ghostery: I heard something similar about this but I just skimmed the press article reporting about it. Would be nice if someone could tell us more.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Hewewith I add DNSSEC/TLSA Validator to the list. It's an add-on for Firefox, Chrome, Safari, IE and Opera to implement DANE. A post on this will follow in the near future.

I noticed it's not open source..


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

## Updated to suit integration into the June poll ##


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

i disagree with adverts outright, if i wanted to watch ad's, I would turn my TV on...

 

With that, i can understand the need for "Ad's" as they if someone is hosting something for free & they need the additional revenue to support the back end, that's fine....

 

 

Like youtuber's, There's one thing making it a Hobby, But why mooch of that & not get an actual job like the rest of us?..

 

granted, that can be easier said than done, but don't cry when people use adblock. Again, if we wanted Ad's, We would stick the TV On.

Share this post


Link to post

But why mooch of that & not get an actual job like the rest of us?

 

I see YouTube video creators and uploaders as "digital artists". Their job is to entertain those who search YouTube for some entertainment after they probably did their actual (stressful) job. I think it's important to let them have some income just to give them an incentive to remain active. After all, you don't pay for seeing their videos, right? You just see a 30 second ad before their video, you can even skip many of them after five seconds! Does seeing an ad kill you?

To be honest, some of them are even quite interesting...

Hint: You can use HTML5 playback. No ads. But there are a few videos which force you to use Flash for ad playback.

 

Again, if we wanted Ad's, We would stick the TV On.

 

Who is "we"?


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

New browser extension which is trying to deal with fingerprinting:

 

https://github.com/ghostwords/chameleon

 

I love the idea of privacy extensions but,

A: That's for chrome

B: It trys to make chrome look like the tor firefox browser

 

The pool of non tor browser users is Massive, the pool of tor users is relatively miniscule in comparison. Forcing your browser into a smaller user pool is counterproductive, making your browser look like a tor browser is borderline absurd.

Share this post


Link to post
Guest

You should search for informations before recommending some addons.

  • Disconnect is maintained by Google developers
  • Ghostery belongs to an advertiser
  • Adblock partnered with Google (and others)
  • HTTP Nowhere and HTTPS Privacy shouldn't be mentioned as there's HTTPS Everywhere from EFF
  • There's Privacy Badger from EFF to prevent trackers too

You're not going to help people if you encourage them to use privacy-less software.

Share this post


Link to post

And you should read the first post.

 

Ghostery belongs to an advertiser

 

I excluded it from my recommendations. I also linked to the post explaining why.

 

HTTP Nowhere [...] shouldn't be mentioned as there's HTTPS Everywhere from EFF

 

HTTPS Nowhere blocks all HTTP connections. HTTPS Everywhere forces HTTPS for supported sites. Clearly these are not the same.

 

Disconnect is maintained by Google developers

[...]

You're not going to help people if you encourage them to use privacy-less software.

 

Do you want to be the first giving up Firefox, then? Because Google is there, too.

 

Now really. I strive to maintain a healthy mix between carelessness and paranoia, and so far my life is wonderful. I know what's going on without having nightmares. And I consider this to be the healthiest way of living.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

i use: Js Switch, Toggle Cookies, Ublock Origin, No Script, Flag Fox and Down Them All. in my opinion less is better https Everywhere is just as much of a joke as https is. the key is more in about:config i can post my about:config settings for u guys if u like i have most in a text for my vbox installs.

Share this post


Link to post

i use: Js Switch, Toggle Cookies, Ublock Origin, No Script, Flag Fox and Down Them All. in my opinion less is better https Everywhere is just as much of a joke as https is. the key is more in about:config i can post my about:config settings for u guys if u like i have most in a text for my vbox installs.

 

https is a joke?

Share this post


Link to post

HTTPS is not perfect, but far from being a joke.

Remember NSA's QUANTUMINSERT?
It modifies HTTP traffic. They can't inject into HTTPS connections.

Or let "Hacking Team" explain to us how they intercept HTTPS and also Tor traffic:

  • "Place an in-line Active Probe in the ISP’s network"
  • "Exploit the target transparently by injecting a browser-based exploit while he’s surfing the web (http)"   <<< !!!!!
  • "Insert a trusted root CA certificate(s) for MITM"
  • "Decrypt and Decode the traffic!"

Under "Challenges", Hacking Team lists:

  • "Pay attention to EFF SSL Observatory" <<< HTTPS Everywhere feature!
  • "Tor manipulation is possible only through clear-text traffic"

 

Hacking Team is a very capable attacker, so is the NSA. Both love HTTP and consider HTTPS to be, at the very least, a big obstacle.

Certainly not a joke.

 

 

Source for the Hacking Team statements I quoted:

https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Naga/httpX/Presentation.pptx

Caution! It's a direct link to a .pptx Powerpoint presentation.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Thanks sheivoko, but comparing Hacking Team capabilities to NSA would be same as comparing my mid-2000s family sedan to a racing car.

They both ride, they both do what you buy them for, but they certainly don't do it in the same time and quality, and the second player has certainly

some things under the sleeve.

 

If a sleazy company like hacking team was able to sell flash 0day to sleazy governments like Nigeria and Sudan, it means two things (at least):

1) You need to completely throw Flash altogether, no click-to-play, no click-to-anything. Full removal.

2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would be

masking yourself as a Windows NT 6.1 user while using other *nix OS, just as example.

 

And of course enforcing end-to-end encryption where applicable. That will break most of adversaries tools.

Not a bullet-proof technique of course, but will require a tailor made exploit to compromise you.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would be

masking yourself as a Windows NT 6.1 user while using other *nix OS, just as example.

 

about:config settings for above (incase some one needs it)

 

Create a New String: general.appname.override     | Set @ Netscape
Create a New String: general.appversion.override | Set @ 5.0 (Windows)
Create a New String: general.buildID.override        | Set @ 0
Create a New String: general.productSub.override | Set @ 20100101
Create a New String: general.useragent.vendor        | Leave Empty and hit Enter
Create a New String: general.useragent.vendorSub | Leave Empty and hit Enter
Create a New String: general.useragent.override      | Set @ Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Create a New String: general.platform.override        | Set @ Win32
Create a New String: general.oscpu.override              | Set @ Windows NT 6.1

Share this post


Link to post

 

But why mooch of that & not get an actual job like the rest of us?

 

I see YouTube video creators and uploaders as "digital artists". Their job is to entertain those who search YouTube for some entertainment after they probably did their actual (stressful) job. I think it's important to let them have some income just to give them an incentive to remain active. After all, you don't pay for seeing their videos, right? You just see a 30 second ad before their video, you can even skip many of them after five seconds! Does seeing an ad kill you?

To be honest, some of them are even quite interesting...

Hint: You can use HTML5 playback. No ads. But there are a few videos which force you to use Flash for ad playback.

 

>Again, if we wanted Ad's, We would stick the TV On.

 

Who is "we"?

 

I disagree. The advert should be optional and should, therefore, be at the end of the video. The same applies for webpages. If I enjoyed the video (or web content) I could then support the creator by watching an optional advert at the end of it. I hate being forced and I’ll decide what runs on my computer, even inside of my browser.  What I hate the most is the deception; why should I allow ad companies to track me across the internet? When did I ever agree to that?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...