Jump to content


Photo
* * * * * 1 votes

About funding browser extensions

Firefox Chrome Opera Safari Internet Explorer extension addon

  • Please log in to reply
25 replies to this topic

#21 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 09 July 2015 - 01:31 PM

i use: Js Switch, Toggle Cookies, Ublock Origin, No Script, Flag Fox and Down Them All. in my opinion less is better https Everywhere is just as much of a joke as https is. the key is more in about:config i can post my about:config settings for u guys if u like i have most in a text for my vbox installs.

 

https is a joke?



#22 sheivoko

sheivoko

    Advanced Member

  • Members
  • PipPipPip
  • 214 posts

Posted 09 July 2015 - 02:30 PM

HTTPS is not perfect, but far from being a joke.

Remember NSA's QUANTUMINSERT?
It modifies HTTP traffic. They can't inject into HTTPS connections.

Or let "Hacking Team" explain to us how they intercept HTTPS and also Tor traffic:

  • "Place an in-line Active Probe in the ISP’s network"
  • "Exploit the target transparently by injecting a browser-based exploit while he’s surfing the web (http)"   <<< !!!!!
  • "Insert a trusted root CA certificate(s) for MITM"
  • "Decrypt and Decode the traffic!"

Under "Challenges", Hacking Team lists:

  • "Pay attention to EFF SSL Observatory" <<< HTTPS Everywhere feature!
  • "Tor manipulation is possible only through clear-text traffic"

 

Hacking Team is a very capable attacker, so is the NSA. Both love HTTP and consider HTTPS to be, at the very least, a big obstacle.

Certainly not a joke.

 

 

Source for the Hacking Team statements I quoted:

https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Naga/httpX/Presentation.pptx

Caution! It's a direct link to a .pptx Powerpoint presentation.


all of my content is released under CC-BY-SA 2.0


#23 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 09 July 2015 - 04:26 PM

Thanks sheivoko, but comparing Hacking Team capabilities to NSA would be same as comparing my mid-2000s family sedan to a racing car.

They both ride, they both do what you buy them for, but they certainly don't do it in the same time and quality, and the second player has certainly

some things under the sleeve.

 

If a sleazy company like hacking team was able to sell flash 0day to sleazy governments like Nigeria and Sudan, it means two things (at least):

1) You need to completely throw Flash altogether, no click-to-play, no click-to-anything. Full removal.

2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would be

masking yourself as a Windows NT 6.1 user while using other *nix OS, just as example.

 

And of course enforcing end-to-end encryption where applicable. That will break most of adversaries tools.

Not a bullet-proof technique of course, but will require a tailor made exploit to compromise you.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#24 NbK

NbK

    Member

  • Members
  • PipPip
  • 18 posts
  • LocationThe Matrix

Posted 09 July 2015 - 06:33 PM

2) You need to be very careful (in case you consider yourself a potential target) regarding your internet fingerprinting. The best thing would be

masking yourself as a Windows NT 6.1 user while using other *nix OS, just as example.

 

about:config settings for above (incase some one needs it)

 

Create a New String: general.appname.override     | Set @ Netscape
Create a New String: general.appversion.override | Set @ 5.0 (Windows)
Create a New String: general.buildID.override        | Set @ 0
Create a New String: general.productSub.override | Set @ 20100101
Create a New String: general.useragent.vendor        | Leave Empty and hit Enter
Create a New String: general.useragent.vendorSub | Leave Empty and hit Enter
Create a New String: general.useragent.override      | Set @ Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Create a New String: general.platform.override        | Set @ Win32
Create a New String: general.oscpu.override              | Set @ Windows NT 6.1



#25 CriticalRabbit

CriticalRabbit

    Advanced Member

  • Members
  • PipPipPip
  • 66 posts

Posted 25 July 2015 - 03:26 PM

But why mooch of that & not get an actual job like the rest of us?

 

I see YouTube video creators and uploaders as "digital artists". Their job is to entertain those who search YouTube for some entertainment after they probably did their actual (stressful) job. I think it's important to let them have some income just to give them an incentive to remain active. After all, you don't pay for seeing their videos, right? You just see a 30 second ad before their video, you can even skip many of them after five seconds! Does seeing an ad kill you?

To be honest, some of them are even quite interesting...

Hint: You can use HTML5 playback. No ads. But there are a few videos which force you to use Flash for ad playback.

 

>Again, if we wanted Ad's, We would stick the TV On.

 

Who is "we"?

 

I disagree. The advert should be optional and should, therefore, be at the end of the video. The same applies for webpages. If I enjoyed the video (or web content) I could then support the creator by watching an optional advert at the end of it. I hate being forced and I’ll decide what runs on my computer, even inside of my browser.  What I hate the most is the deception; why should I allow ad companies to track me across the internet? When did I ever agree to that?



#26 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 25 July 2015 - 03:49 PM

Everyone views the beginning, but not everyone is watching a video until the end. So it's not an option. Same with Opt-In.
But I agree, there should be an Opt-Out. At least for registered viewers...

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)






Also tagged with one or more of these keywords: Firefox, Chrome, Opera, Safari, Internet Explorer, extension, addon

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13908 - BW: 47977 Mbit/sYour IP: 54.197.24.206Guest Access.