Re: Spoofing (?) in Seamonkey

2020-03-13 Thread Daniel 

NFN Smith wrote on 13/03/2020 2:40 AM:

Daniel wrote:

https://turbotax.intuit.com/personal-taxes/online/system-requirements

According to this, it's not just browser support, they don't support 
linux at all.



Android is based on Linux, isn't it??

And what difference would it make what OS you are using to run your 
preferred Browser which would then be sending a series of 'Ones' and 
'nones' from your modem to their modem??


If all the interface is browser-based, then it really doesn't matter 
what the underlying platform is.  I do find it interesting that the site 
indicates that Windows 7 is OK, as is Mac all the way back to Mavericks. 
Plus that Opera is on the list of acceptable browsers.


Something that I've noticed with sites that demand only certain browsers 
(and levels) is that what they're communicating usually doesn't match 
with the reality of interacting with their sites.  Years ago, for sites 
that demanded *only* Internet Explorer, that made sense, as that was 
generally an indication that the site used ActiveX scripting, but that's 
not happening anymore.


If a site specifies that you *must* be running Chrome, Firefox, Safari 
or Edge, it's frequently a matter of what the site's tech support people 
are willing to interact with, especially with UI navigation to specific 
settings.  If they say "Firefox", they want to be able to tell you to go 
to Tools -> Options -> [whatever setting] and tell you to click X and Y, 
and be done with it.  For them, it doesn't matter that Seamonkey is also 
a Gecko browser with all the same capacities, if the navigation to get 
to those settings is unfamiliar:  Edit -> Preferences -> and an entirely 
different menu of options.  In that sense, those of us that run 
Seamonkey are at more of a disadvantage than users of Palemoon and 
Waterfox, because the others have config UIs that are much closer to 
current versions of Firefox.  I've found this effect most common with 
financial institutions.


If memory serves me correct (which it sometimes doesn't), in Mozilla 
Suite (on which both Firefox and SeaMonkey were based), the " Edit -> 
Preferences ->" was the correct route (which SeaMonkey still uses) and 
Firefox changed to Tools->Options some time later.


So does this mean we SeaMonkey users can blame all our probs on FF 
devs?? ;-)


I know that there are sites that do demand at least Firefox 60, but I'm 
not aware of anything out there that actually requires stuff that is 
unique to Gecko 60. Maybe there's a few out there that expect you to 
install a WebExtensions add-on, but I haven't seen any. That's the only 
reason I can think of for a technical reason to require Firefox 60.


The other thing on demanding particular browsers and versions (and O/S 
levels) is that there is something to be said for ensuring minimum 
versions that have some measure of currency of security patches. On my 
own site, I do block access to Firefox versions older than 52, as well 
as blocking access to Windows versions older than Win 7 and Mac versions 
older than Sierra. Part of it is that I want to discourage people from 
running really old stuff that's no longer being maintained.  However, in 
a similar way, I've found that the bulk of traffic that hits my site 
that purports to be from older systems is mostly bot traffic that I 
don't want at my site anyway.  For that, I don't bother with 
script-based sniffing to deliver a warning message.  Instead, I go the 
route of using regular expressions in the .htaccess file, and if a UA 
string shows a Firefox version older than 50 or that it's running 
Windows XP, I just drop the connection.


On this, I will note that my site does get some volume of traffic that 
claims to be running Firefox 40.1 (a version that was never valid), and 
dropping those connections immediately is a zero-loss proposition, plus 
less bandwidth wasted, and cleaner access statistics.


Circling back to Seamonkey, my experience is that nearly all the time, 
if a site demands certain params for browser and O/S, if your browser UA 
string shows something that's acceptable to them, you shouldn't have 
problems interacting, regardless of what browser and O/S combination 
that you're actively using.


Smith


I hadn't considered your point about users 'phoning Help Desks and not 
actually having the 'required' Software versions or OS's!!


--
Daniel

Win7 User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) 
Gecko/20100101 SeaMonkey/2.49.5 Build identifier: 20190609032134


Linux User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) 
Gecko/20100101 SeaMonkey/2.49.1 Build identifier: 20171015235623

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spoofing (?) in Seamonkey

2020-03-12 Thread NFN Smith 

Daniel wrote:

https://turbotax.intuit.com/personal-taxes/online/system-requirements

According to this, it's not just browser support, they don't support 
linux at all.



Android is based on Linux, isn't it??

And what difference would it make what OS you are using to run your 
preferred Browser which would then be sending a series of 'Ones' and 
'nones' from your modem to their modem??


If all the interface is browser-based, then it really doesn't matter 
what the underlying platform is.  I do find it interesting that the site 
indicates that Windows 7 is OK, as is Mac all the way back to Mavericks. 
Plus that Opera is on the list of acceptable browsers.


Something that I've noticed with sites that demand only certain browsers 
(and levels) is that what they're communicating usually doesn't match 
with the reality of interacting with their sites.  Years ago, for sites 
that demanded *only* Internet Explorer, that made sense, as that was 
generally an indication that the site used ActiveX scripting, but that's 
not happening anymore.


If a site specifies that you *must* be running Chrome, Firefox, Safari 
or Edge, it's frequently a matter of what the site's tech support people 
are willing to interact with, especially with UI navigation to specific 
settings.  If they say "Firefox", they want to be able to tell you to go 
to Tools -> Options -> [whatever setting] and tell you to click X and Y, 
and be done with it.  For them, it doesn't matter that Seamonkey is also 
a Gecko browser with all the same capacities, if the navigation to get 
to those settings is unfamiliar:  Edit -> Preferences -> and an entirely 
different menu of options.  In that sense, those of us that run 
Seamonkey are at more of a disadvantage than users of Palemoon and 
Waterfox, because the others have config UIs that are much closer to 
current versions of Firefox.  I've found this effect most common with 
financial institutions.


I know that there are sites that do demand at least Firefox 60, but I'm 
not aware of anything out there that actually requires stuff that is 
unique to Gecko 60. Maybe there's a few out there that expect you to 
install a WebExtensions add-on, but I haven't seen any. That's the only 
reason I can think of for a technical reason to require Firefox 60.


The other thing on demanding particular browsers and versions (and O/S 
levels) is that there is something to be said for ensuring minimum 
versions that have some measure of currency of security patches. On my 
own site, I do block access to Firefox versions older than 52, as well 
as blocking access to Windows versions older than Win 7 and Mac versions 
older than Sierra. Part of it is that I want to discourage people from 
running really old stuff that's no longer being maintained.  However, in 
a similar way, I've found that the bulk of traffic that hits my site 
that purports to be from older systems is mostly bot traffic that I 
don't want at my site anyway.  For that, I don't bother with 
script-based sniffing to deliver a warning message.  Instead, I go the 
route of using regular expressions in the .htaccess file, and if a UA 
string shows a Firefox version older than 50 or that it's running 
Windows XP, I just drop the connection.


On this, I will note that my site does get some volume of traffic that 
claims to be running Firefox 40.1 (a version that was never valid), and 
dropping those connections immediately is a zero-loss proposition, plus 
less bandwidth wasted, and cleaner access statistics.


Circling back to Seamonkey, my experience is that nearly all the time, 
if a site demands certain params for browser and O/S, if your browser UA 
string shows something that's acceptable to them, you shouldn't have 
problems interacting, regardless of what browser and O/S combination 
that you're actively using.


Smith


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spoofing (?) in Seamonkey

2020-03-12 Thread Daniel 

Gerry Hickman wrote on 12/03/2020 6:59 AM:

Chuck wrote:
I just had to go to Firefox to do my taxes because Turbotax would not 
run in Seamonkey.


Here's their page about supported browsers

https://turbotax.intuit.com/personal-taxes/online/system-requirements

According to this, it's not just browser support, they don't support 
linux at all.



Android is based on Linux, isn't it??

And what difference would it make what OS you are using to run your 
preferred Browser which would then be sending a series of 'Ones' and 
'nones' from your modem to their modem??


--
Daniel

Win7 User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) 
Gecko/20100101 SeaMonkey/2.49.5 Build identifier: 20190609032134


Linux User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) 
Gecko/20100101 SeaMonkey/2.49.1 Build identifier: 20171015235623

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spoofing (?) in Seamonkey

2020-03-11 Thread NFN Smith 

Chuck wrote:

I have been using Seamonkey for years now mainly for email and
browsing. I know there a many things in Seamonkey I don't have a clue
about but since I never use them,



I have not needed to understand them. However one thing I would like
to understand (and don't) is "spoofing", or whatever the proper term
is.



I just had to go to Firefox to do my taxes because Turbotax would not
 run in Seamonkey.



Is there a source which I  could access to learn to use this feature
in Seamonkey.



Remember I am a just  a basic user of Seamonkey



Thanks, Chuck



"spoofing" is indeed the term you want to use.

There's more than one way to go about this, and which you use depends on 
what you're doing, and what level of tinkering that you're comfortable with.


To start off, looking at your posted message, your copy of Seamonkey is 
currently reporting itself as:


   > Mozilla/5.0 (Windows NT 10.0; rv:52.0) Gecko/20100101 Firefox/52.0 
SeaMonkey/2.49.5


It's a good bet that Intuit isn't really complaining about Seamonkey 
specifically, so much as they are about a browser identifying itself as 
 Firefox 52. It's likely that you could get what you need if you are 
using the UA string for Seamonkey 2.53.1:



Mozilla/5.0 (Windows NT 10.0; rv:60.0) Gecko/20100101 Firefox/60.0 
SeaMonkey/2.53.1


You can spoof this from 2.49.5, but I would suggest that you probably 
want to upgrade to 2.53.1.


Although I don't think they're objecting to Seamonkey, if they are, you 
could simply spoof Firefox 60, without mentioning Seamonkey.  If you're 
running 2.53.1, then the easiest way to get that is going to be to turn 
off the "Advertise Firefox Compatibility" setting, which would cause 
Seamonkey to show:


> Mozilla/5.0 (Windows NT 10.0; rv:60.0) Gecko/20100101 Firefox/60.0

For that, go Edit -> Preferences -> Advanced -> HTTP Networking, and 
then un-tick the User Agent String for Firefox.


I'm betting that the combination of updating to 2.53.1 and that setting 
will be the easiest for you.



You can also do spoofing either by extension or by going to about:config 
to tweak your prefs.js file. With the extension route, the way to do 
that is to get PrefBar from https://prefbar.tuxfamily.org/ although once 
it's installed, you have to make sure that the UserAgent control is 
shown, as well as to make sure you have added a setting to show one of 
the strings noted above.  There's a number of strings already there, 
that are useful as examples, but they're all really old.


Personally, I do PrefBar, because it allows me to do spoofing changes on 
the fly, where I can show what I want, when I want, and then go back to 
showing the default, when spoofing is no longer needed.


The other approach is via about:config, and adding one or more entries 
there.


If you have an entry called general.useragent.override and set a UA 
string there (i.e., one of the ones noted above), then that permanently 
sets the UA for all activity (including what is included in outbound 
email).  Because of the email angle, I generally discourage this one, 
because it makes your email look like it was sent by Firefox (which is 
not a mail client). Few will probably notice or care, but it does stand 
out as being unusual.


You can also do site-specific spoofing by extended versions of 
general.useragent.override, where you add the server and domain name you 
need.  Thus, for you, you probably want 
general.useragent.override.turbotax.intiut.com and again, using one of 
the strings noted above.


Even though I generally prefer to do spoofing on the fly, there are a 
couple of sites that I visit regularly, where I do use site-specific 
general.useragent.override entries.  One is with google.com, where I 
show a straight Firefox UA, because for some reason, Google doesn't 
display quite correctly if it sees a Firefox string that includes 
Seamonkey, particularly in that the cursor location in Google's search 
bar doesn't display correctly.  A minor annoyance, but nice to know that 
I can fix the display.  I also currently spoof 2.53.1 for a couple of 
financial institutions. I just upgraded Seamonkey from 2.49.5 yesterday, 
and those sites have been complaining about unsupported browser, and by 
showing a 2.53 string with Firefox, spoofing makes those complaints go 
away. Now that I'm upgraded to 2.53, I don't need to spoof anymore, 
although eventually I'll remove those, especially when I eventually see 
newer versions of Seamonkey.


To re-iterate, I think the easiest approach for you is upgrading to 
2.53, and then turning off advertising Firefox compatibility.  If, for 
some reason, you don't want to upgrade, then the next easiest solution 
is using about:config to spoof just when you're visiting 
turbotax.intuit.com.


Smith




___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spoofing (?) in Seamonkey

2020-03-11 Thread Gerry Hickman via support-seamonkey 

Chuck wrote:
I just had to go to Firefox to do my taxes because Turbotax would not 
run in Seamonkey.


Here's their page about supported browsers

https://turbotax.intuit.com/personal-taxes/online/system-requirements

According to this, it's not just browser support, they don't support 
linux at all.


--
Gerry Hickman (London UK)
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spoofing (?) in Seamonkey

2020-03-11 Thread David E. Ross 
On 3/10/2020 7:26 PM, Chuck wrote:
> I have been using Seamonkey for years now mainly for email and browsing.
> I know there a many things in Seamonkey I don't have a clue about but 
> since I never use them,
>   I have not needed to understand them.
> However one thing I would like to understand (and don't) is "spoofing", 
> or whatever the proper term is.
> I just had to go to Firefox to do my taxes because Turbotax would not 
> run in Seamonkey.
> Is there a source which I  could access to learn to use this feature in 
> Seamonkey.
> Remember I am a just  a basic user of Seamonkey
> Thanks, Chuck
> 

See my Web pages:

, especially at the end
where I discuss defeating sniffing.

, where "sniffing",
"spoofing", and other terms have user-oriented definitions (not always
technically precise)/


-- 
David E. Ross


Beyond Meat and other such vegetarian meat substitutes
represent the ultimate in ultra-processed foods.  Real
meat is natural.  Beyond Meat is definitely not.  No,
I do NOT own a cattle ranch, a butcher shop, or any
other business doing commerce in meat.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Spoofing (?) in Seamonkey

2020-03-10 Thread Chuck 

I have been using Seamonkey for years now mainly for email and browsing.
I know there a many things in Seamonkey I don't have a clue about but 
since I never use them,

 I have not needed to understand them.
However one thing I would like to understand (and don't) is "spoofing", 
or whatever the proper term is.
I just had to go to Firefox to do my taxes because Turbotax would not 
run in Seamonkey.
Is there a source which I  could access to learn to use this feature in 
Seamonkey.

Remember I am a just  a basic user of Seamonkey
Thanks, Chuck
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey