Slashdot Mirror

TB3 has issues with mailtweak http://mailtweak.mozdev.org/tweaks.html#personal - at least for me. I can't email merge with it now and had to roll back to TB2

In the future, the content will be loaded before you click! Unfortunately, it's not like it today, so I didn't make the first post...

In the future, the future will happen in the past.

A W3C project did something similar to this back in 2001. There was even a Firefox (then Mozilla) plugin.

http://en.wikipedia.org/wiki/Annotea

Well I got that from Wikipeida since I don't use Flashblock anymore. Their source is the CVS logs.

Flashblock puts a placeholder in front of Flash, Shockwave, Authorware, Java, and Sliverlight.

Are you using a different Flashblock than this one? According to the page there it only blocks the first three. I wouldn't mind to have something that could do it for the other two as well, but Flashblock doesn't seem to be it.

http://prefbar.mozdev.org/

First plugin I install for SeaMonkey: Home button, toggles for colours, fonts, images, JavaScript, Java, Flash, pop-ups; drop downs for Proxy settings, User Agent, window size - couldn't live without it.

Cue me reposting my views on noscript being a pretty crappy tool for modern web security then.

NoScript comes from a broken way of thinking, "you can identify attacking sites and trusted sites", the attack code for this was coming from reddit.com (a site you have to allow in order to use reddit). The only way this sort of bug can be protected against is by use of javascript filtering tools such as controldescripts that filter javascript request by type and domain, with such a tool it would be possible to protect yourself much more effectively.

mouseclick is submitting info -> allow
mouseover is requesting data -> allow
mouseover is submitting data -> request user confirmation
javascript function is doing something weird -> request user confirmation
javascript is trying to use a known exploit* -> deny and notify user (as a workaround for 0-days simply blocking the bad JS calls will protect users much faster than browsers usually get patched) ...etc

You could also combine this with domain checking to have lists of pages where you allow
*no-js (untrusted),
*simple-JS (google, youtube, etc) but [it might allow functionality but could prevent tracking],
*complex-js (facebook, etc) [all the ajax stuff means simple-JS wouldn't work]
*all-JS (fancynewsite.com) [even the complex list of functions you allow just isn't enough]

Such tools could also help the paranoid among us use website that require JS, by disabling mousetracking and sending of data on non-click actions.

As long as people stick to the broken thinking of trusted/untrusted domains, there is little chance of this actually happening. The worst thing about noscript is that for an unkown site you often have to allow JS on it to see what it looks like, so unless you plan on only browsing sites you've already been to and those that don't use javascript, it is completely useless yet its users claim, nay genuinely think they are more secure!

Indeed, it will educate people to surf with javascript turned off, and it will hopefully educate webmasters to stop programming their sites in a way that requires javascript even for basic functionality.

That's what some of us have been saying since Netscape first spawned a pop-up ad, some 15 years ago.

The only response (Netscape 3 vs. Netscape 4, and all versions of IE until IE7.) was to bury the "Disable Javascript" option a little bit deeper into the menus.

It wasn't until PrefBar came out that I got the single-click togglability for Javashit and Flash that I'd wanted for 15 years.

Looks like its time to install Vimperator http://vimperator.mozdev.org/ again

didn't get to read the article because it requires a fucking registration and I'm unwilling to register just to read this tripe

PrefBar allows you to change your user-agent, you may be able to use it to impersonate a GoogleBot (they seem to be indexed by google so it's worth a shot). I can't test it just now as I have 58 tabs open and some of them have large flash videos loaded, but this may be just the thing to facilitate your tripe-viewing in future. :)

Firefox users can get a search plugin @ http://mycroft.mozdev.org/ for the NOAA forecast.

The ultimate solution to this problem is vimperator. There is no awesome bar whatsoever. And anyone who knows how to bring up the history on it is welcome to share my fine taste in erotica.

You can view/delete your flash cookies here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

There's also a firefox plug-in: http://objection.mozdev.org/

I agree, regular tracking regardless of the technology used.

I think this might be a better solution.

Although I've had trouble getting it to work properly on a couple of machines, it seems to do what it says on the tin most of the time.

Please, don't bother replying suggesting "noscript"- it breaks necessary functionality of sites horribly.

Try PrefBar.

Bad news: You lose a few pixels of vertical room.
Good news: Single-mouse-click access to toggle Java, Javascript, animations, Flash, drop-down for User-Agent, etc. etc. etc...

Makes it trivial to surf with Javashit deactivated 99% of the time, and then, when you want to use your bank/broker (or Google Maps), turn it on, do your business, and turn it back off again.

As a bonus, one of the tickboxes is for whether or not you're using a proxy. So you can easily determine whether or not your locally-installed ad-blocking proxy (hey, I believe in the belt-and-suspenders approach) is a factor in whether or not a site is broken. (Yahoo properties are particularly egregious offenders. They serve their Javashit and their content from different sites, and the proxy disables such shenanigans, so in order to use things like Yahoo F^HMail, even in "classic" mode, you not only have to have Javashit enabled, but the ad-blocking proxy off.)

But I digress. If you want quick and easy control over what your client does with the crap that web designers throw at it, try PrefBar. I tried NoScript for a day or two, and immediately went back to PrefBar.

The root cause of the Javascript beef is that the designers - all the way back to the Netscape 4 days - have always made it difficult (by burying it in menus) to easily switch it on/off. Ditto for cookies, flash, and just about everything else. Back in the dark ages, Netscape was a commercial product, and they didn't want to anger advertisers by making it easy to enable/disable cookies and Javascript. Ditto for IE -- the end user isn't Microsoft's customer, the OEMs, hardware vendors, and the MPAA-like entities are, and IE buried its security/active-content options even deeper. These are long-standing UI bugs that have never been fixed, and probably never will be fixed, because most end users don't want to know what's going on under the hood. NoScript didn't really solve the meta-problem of advertiser-friendly UI; PrefBar did.

controldescripts allows what your asking for (well the disabling ajax and javascript animations, othertools will block flash and esc will stop gifs), unfortunately setting it up was beyond me, but the functionality to restrict the js commands a site has access to is there, so i just use noscript+temporarily allow default domain.

Pandora stores its data about users in flash "cookies" (Local Shared Objects). If you can find and delete those cookies, you can reset your skips (as well as cause Pandora to forget your username and password; doesn't kick you off though). Unlimited skips! I believe you can delete them here,Âwith this Firefox addon and probably by manually finding and deleting them. (I'm too lazy to determine the directory. It would be just wonderful if someone could clarify.) No telling what happens when/if you are caught.

I expect it wouldn't take much fiddling with http://mozplugger.mozdev.org/ to get this working. It can plug any X11 window (including a WINE IE6) into Firefox as the handler for a particular MIME type. You would just need to update ieTab to change the MIME type of the pages you wanted to render in IE6. Still not sure why you would want to.

Ever since the author of NoScript decided to turn it into malware and attack my computer, I stopped using it. Any alternatives?

Prefbar.

Single-mouse-click, browser-wide control of Javashit, Flash, and images, colors, cookies, User-Agent, etc...

I leave Javashit off 99% of the time, then click to turn it on, do the banking, and click turn it back off.

How about running Firefox with the IE Tab addon and IE6 installed? I haven't tested it but I don't see why it wouldn't work.

Set firefox as default, and use http://ieview.mozdev.org/ with the whitelist pages set.

http://ietab.mozdev.org/index.html

http://ietab.mozdev.org/index.html

Netscape successfully committed suicide.

Having used Netscape 4.x (all the way through 4.72 iirc), I have to agree.

Internet Explorer 4 was leaps and bounds better than Netscape Communicator, so I switched to it.

Coincidentally, I switched again a few years later when it turned out this one browser was leaps and bounds better than Internet Explorer 6. What was its name again... Phoenix? Firebird? Something like that.

I think you are putting way to much stock in how a few minutes of advertising can adversely affect your life. Just ignore them, fast forward, or hit the DVD Menu button and skip all that crap. Seriously the only way to avoid all of what you call "corporate propaganda" is to live in a cave, never buy anything and live a completely self-sufficient life, never have any contact with the outside world, never again read anything, listen to anything, or watch anything. Then you would truly be "free" of the corporate shackles. (As a bonus you could also realize that you've had people shouting in your ears their whole life and that you never realized how much your thinking had been muddled - in the silence of your cave.)

Ahh... now you're telling me it's impossible and/or impractical. Which is great, because it just so happens I already did it. As a matter of fact, I wrote a series of pieces for members of an eating disorder recovery group on how to avoid all the negative imagery and get healthier. It's on a private forum, so I'll just stick it in here.

--//--

How to avoid advertisements on the web:

If you're not using Firefox, you should be.

http://www.mozilla.com/en-US/firefox/

Once you've got Firefox, you should install tools to protect you from advertising. First one is Adblock Plus

https://addons.mozilla.org/en-US/firefox/addon/1865

This lets you block advertisements, and is configurable.

Next, if you want to block particular sites completely, you can use this tool, called BlockSite:

https://addons.mozilla.org/en-US/firefox/addon/3145

After you've done all this, you can customize Google to remove certain items you don't want to see with the CustomizeGoogle add on.

https://addons.mozilla.org/en-US/firefox/addon/743

With this tool, you can remove advertisements, filter out sites you don't ever want to see in your search results, and remove google tracking. Which may screw up Muses website statistics tracking, but will prevent you from becoming a target for advertisements specifically related to eating disorders and dieting etc.

If you take the time to install and set up these tools, you will be amazed at the difference.

--//--

How to avoid advertisements in your mail:

First, install Thunderbird:

http://www.mozilla.com/en-US/thunderbird/

This mail reader has a built in spam blocker that learns how to identify spam as you mark things as spam/not spam. This will go a long way towards keeping your mailbox advertisement free.

Once you've got that installed, you want to be using it to read your web based mail, like Hotmail, Yahoo, GMail, etc.

So you need to install the Webmail add on.

http://webmail.mozdev.org/

Once you've installed this, you'll be able to view your mail from all these websites without having to see their banners and other assorted crap.

After this is all done, you should set up folders for every piece of mail you expect to receive, and filters to automatically move them there. This will prefilter your pile, and your learning spam filters will also prefilter.

Between the two, you'll have an ever shrinking pile of messages that "might" be spam to wade through and mark as "is spam" or "is not spam".

--//--

How to avoid advertising in your multimedia:

Stop paying for cable television. Disconnect your service, and use the money you save to buy a DVD burner for backup, a video card for your computer that supports TV-Out, and a large external hard drive that you can use to carry files to and from your fr

Even AdBlock and NoScript may not be enough. I've read about a recent trend where adverts are hosted directly on the content server. So if your website "requires" JavaScript and/or people have whitelisted it, ads will get through because the scripts and images are hosted directly on your website. Bastards.

In case you are willing to do something about it:

• Greasemonkey (FF|IE)
• Platypus
• Shiftspace
• JetPack
• Chickenfoot
• Privoxy
• Proximodo

the last of which is hosted by... SourceForge.

Fourtheded.
And even with the tabs on the left side, and the Kubuntu panel on the right side, most webpages _still_ cannot fill the remaining width of the 1680x1050 screen on my laptop. To get even more vertical space, I put the menu on the same toolbar as the addressbar, and a few icons as well. Oh, and Vimperator. I love Vimperator:
http://vimperator.mozdev.org/

Please learn basic HTML for us lazy types. Thank you.

PTTL is your friend.

Or perhaps I should have said:

Check out PTTL: http://pttl.mozdev.org/

Edit: Gah! It auto-linked it for some reason.... ruined my joke.

Please learn basic HTML for us lazy types. Thank you.

PTTL is your friend.

Or perhaps I should have said:

Check out PTTL: http://pttl.mozdev.org/

Edit: Gah! It auto-linked it for some reason.... ruined my joke.

WSJ gives free access to premium content if you are being redirected from google, facebook, digg etc. Here is a dirty little secret. The entire content on WSJ is available to you for free, if you can trick WSJ into believing that you have been directed to their webpage via digg.com!

Step1) Use firefox
Step2) Install refspoof http://refspoof.mozdev.org/
Step3) Install greasemonkey https://addons.mozilla.org/en-US/firefox/addon/748
Step4) Install this script in greasemonkey http://userscripts.org/scripts/show/42134
Step5) Profit!!

WSJ gives free access to premium content if you are being redirected from google, facebook, digg etc. Here is a dirty little secret. The entire content on WSJ is available to you for free, if you can trick WSJ into believing that you have been directed to their webpage via digg.com!

Step1) Use firefox
Step2) Install refspoof http://refspoof.mozdev.org/
Step3) Install greasemonkey https://addons.mozilla.org/en-US/firefox/addon/748
Step4) Install this script in greasemonkey http://userscripts.org/scripts/show/42134
Step5) Profit!!

WSJ gives free access to premium content is you are being redirected from google, facebook, digg etc. Here is a dirty little secret. The entire content on WSJ is available to you for free, if you can trick WSJ into believing that you have been directed to their webpage via digg.com!

Step1) Use firefox
Step2) Install refspoof http://refspoof.mozdev.org/
Step3) Install greasemonkey https://addons.mozilla.org/en-US/firefox/addon/748
Step4) Install this script in greasemonkey http://userscripts.org/scripts/show/42134
Step5) Profit!!

Why is there no way to restrict session cookies to the tab that set them and its spawns? Or does Chrome do that? It's well known that a site doesn't need direct access to a cookie to check for its effects.
A quick search turned up an extinct Firefox extension that seems to do this: CookieStore. It should be default behavior of browsers.

Or use the Objection Firefox extension.

Flash behaves awfully everywhere

FlashBlock

NoScript works too but I find it sort of annoying because it stops half the web from working.

Are you launching IE as another application or using something like IEtab?

Fixed the link for you

Mycroft lets you change the search box in firefox to use secure wikipedia, which should make it secure from any UK-based censorship efforts.

Not entirely true. I stream Netflix Watch Instantly selections in Firefox by using the IETab extension (it fools the server into thinking that you're using IE instead of FF). It works in Opera, too. Alas, only on Windows, though, not Linux.

You aren't using firefox to view netflix. IETAB actually runs IE in Firefox, so you're still using IE. Note the lack of Linux support on the IETAB page.

IETAB

Excerpt:
IE Tab, an extension from Taiwan, embeds Internet Explorer in a Mozilla/Firefox tab.

Emphasis mine.

I will never go back to a browser without mouse gestures.

Interesting. I'm just the opposite. The first thing I install for a browser is Vimperator so I don't have to use the mouse.

Indeed. I'm surprised more people don't just use this instead. Oh, and about:config is your friend if you're concerned about privacy at all. Fx isn't privacy-safe by default. It leaks all manner of personal information. Open source, it seems, no longer means the developers have your best interests at heart. My first thought when reading the synopsis was "Fx does this by default and removal of the associated Google URLs is non-trivial." so I can see exactly what you're saying about Moz vs Apple.
 
As for Apple being Evil? ALL corporations have one goal: Make their shareholders money on their investments. That includes Google, Microsoft, Novell, Apple et al. None of these companies exist to make you happy or give you free shit without some strings attached and the sooner some people realise this the better off we'll all be. Then we can start discussing ways to mitigate these breaches of privacy and security instead of whining constantly that they're there. It's not going away. Corporations will never stop trying to "monetize" the web. In my opinion, Google are the worst of the lot, yet they're still everyone's blue eyed boy. Do we actually care about privacy or do we just want to stiff one company and tolerate another? Duplicity is no way to say "I have principles."

Yes, but will it be halted by FlashBlock?

My firefox defaults to Scroogle, a google search proxy, without all of the IP logging hassles.

There's XUL MSN Messenger, developed by yours truly. It doesn't support display pictures (yet), but otherwise it's pretty solid. I always use it.

From the Adblock website: "This branch is tested irregularly with Firefox 1.0.7, 1.5, Mozilla 1.3.1, 1.7, and Seamonkey 1.0." - http://adblock.mozdev.org/dev.html

On the other hand, addons.mozilla.org agrees with you, that the latest version works with 3.0.*. I did not know that. However, adblock has lagged behind the latest Firefox several times. It was not a "hiccup" with Firefox 2, but rather, the Adblock extension, for several months, failed to work with the latest version of Firefox. The same thing happened with 3.0. Adblock is an outdated and obsolete extension, does not support all of the features that Adblock+ does, has been reported to slow down later versions of Firefox, and is barely maintained. They don't even update their website anymore.

Note that this is a good thing. There is rarely good reason for two projects to do the exact same thing, and the dev's time can be better spent doing just about anything else, such as working with Adblock+.

I have a couple of suggestions for Firefox...

Don't load images: Preferences -> Content and uncheck "Load images automatically".

Block other media you don't want: FlashBlock, AdBlock, QuickJava (for Java and JavaScript)

You could also try fiddling with the browser.cache.check_doc_frequency in your about:config. I haven't tried it, but setting it to 2 might yield good results.

The talking woman is not an ad, it is a site element, so adblocker comments don't apply.

And was adblock mentioned even once? No.

Flashblock blocks any Flash embed or object element, replacing it with a clickable button. If you wish to load a particular Flash element, you click the button and only then does it load. Hugely useful, especially in conjunction with Adblock.

They're not the same thing.

And this folks, is why we have Enigmail. http://enigmail.mozdev.org/home/index.php

Someone has picked up the project and a new beta, which is compatible with FF3, is here.

The test release works with FF3, I've just installed it - thanks for the link.

3 - This is true. You can delete sharedobjects as long as you have a move clip visible you can click on. However, many sites have hidden flash elements that cannot be seen or clicked on. These sites can set data.

Flashblock