http://www.linuxfromscratch.org/
> GA consists of JS code that the site owner adds to each web page on which
they want to track you.
I explained in another post that it is possible to be tracked by GA even if
the site has no JS at all - through GA's API which can be implemented server
side (i.e. inside a PHP or Python scri
https://en.wikipedia.org/wiki/Systemd#Criticism
http://www.zdnet.com/article/linus-torvalds-and-others-on-linuxs-systemd/
In a previous post I have given quite clear answer to this. There is no
"case" and nothing needs the justification or condemnation of a
self-appointed judge. GA will be removed, later, when I have time - this has
been considered long before some forum troll decided to spit on something for
> This forum (trisquel-users) is dedicated to topics related to Trisquel and
its usage.
"tcpdump" shows different :)
> Also there are sometimes semi-offtopic posts which are downvoted.
As well as fully off-topic posts which are upvoted just because the source is
a particular nick name. On a
I am not.
Why don't you compare for yourself and share the result? There is nothing
complicated. I have already explained how I test (in web browsers thread).
Thanks.
> When I give a mail address and server other than my default one, it is same
here.
I tried with my actual email address. No idea why it didn't work.
> You're so full of shit.
Thank you. You are a marvelous person.
> LOL, dude
> You're so full of shit.
Thank you. You are a marvelous person.
After some help from devs I was able to run the program. Unfortunately it
seems unable to open any site using SSL. There are no any background
chattering connections but still it seems quite limited and the interface is
not really anything I am used to (there is practically no humanly UI).
> @heyjoe I think you will find this newsgroup quite stimulating. ツ
Thanks. Now I can get high lol.
BTW I wouldn't see this as I am not subscribed to the mailing list, so it's a
coincidence that I looked at this thread. Speaking of which: Did you get my
email from the other day? I sent it to
https://trisquel.info/en/forum/pretty-new#comment-128424
One day soon this site will not use GA but you will still be a
https://en.wikipedia.org/wiki/Troll_%28Internet%29
Your conclusion that a micro site with less than 500 visitors monthly (non of
which uses privacy respecting browser) which
> Yet you took the time to subscribe to Google Analytics and to add their
proprietary JavaScript to your website.
How I spend my time and what I put on my website is not your business,
especially considering that nobody has forced or even indirectly invited you
to visit it (and even less to
> I would say it is better than Chromium at least.
You cannot say that because as per your words you know very little about
Chromium.
> Apparently it only reveals your ip address which is easily revealed
anyways.
No. There is more to it.
> It's already been explained to you that Google learns nothing about you
from this behavior.
I guess the experts who explain this are Google internals who have personally
checked that.
> They know that your IP address is running a Web browser. Big whoop.
It is not Google's business to kno
Have you read it?
"Iridium has Google Safe Browsing enabled by default. This means within 5
minutes after start and then periodically every 30(?) minutes, a request to
iridiumbrowser.de (keeps a cache of the GSB data) is made to update the safe
browsing database."
I am so sick of that "sa
https://www.reddit.com/r/firefox/comments/7x59ey/firefox_making_requests_without_consent_even_in/
> You apparently think that "all CSS" is some kind of "infection".
You should really stop telling me what I think, especially when I don't think
it.
> Let us take your website as an example
Let us not.
> Without it, your site becomes much uglier:
http://dcc.ufmg.br/~lcerf/anchev_no-css.ht
> RMS' answer looks clear: for him, the telemetry component has never been
the problem; extensions that could access Firefox's internals (including
trigger the collect of sensitive data through the telemetry component) were.
WebExtensions has *solved* that problem: "no issue with this at this
> Yeah, one question comes to mind, do you have noscript when doing these
tests?
No but all tests were made with javascript completely disabled in the browser
itself. I have shared how I do the tests in the web browsers thread.
> I know very little of chromium so I really cannot comment (..
> Actually, I was more talking about the forks then firefox itself.
I have provided factual tests for the forks too.
> Okay, Well it just seemed suspicious that you attacked firefox forks too.
Because essentially, if you attack firefox forks even, you basically have
nowhere to move to...
T
Alrighty.
> That issue needs to be laid on the table and given a good in-depth look.
Ok, lay it. Let's look into it in the other thread.
> Yes, but we still need to shrink exposure as much as we can.
Well, you use Yahoo, I use Gmail... and so do many of our correspondents
which makes switching the mail
> I hoped we would discuss this in the other thread but it is drawned among
the other things
We still can. We actually did and it is marked for further investigation.
(simplicity)
> And quite an efficient one.
Sure but it is not always practical, e.g. in a work scenario in which you
coll
Latest commits on github are from 2018-01-05.
And the issue I reported already got a reply (2 hours).
https://trisquel.info/en/forum/web-browser?page=6#comment-128395
I just found a project you may be interested to check:
https://www.uzbl.org/
Unfortunately I am getting some errors when running 'make', so I can't share
anything more.
Of course.
BTW you can get tracked through CSS too. I don't know if Midori can block all
CSS.
Qupzilla looks good. Unfortunately as long as it has no mechanism to control
loading of 1st and 3rd party resources (as uM and uBO) I consider that pretty
dangerous in today's web (rather than healthy). Of course unless you don't
care about being tracked by disguised pixels.
I am not saying your approach is wrong. I am just saying that Midori is quite
old (and its development seems frozen). Web standards are not static but
evolve as new security issues arise and user agents must be up to date with
those standards. Just look at the high number of weak ciphers in M
> he is the one who is showing facts
You mean the videos I shared and the copy-paste from Mozilla's docs are
non-facts? Or the tcpdump tests?
> you are nitpicking to support Chromium.
Did you even read that (#48):
>> It is not an argument to prefer Chromium but an argument to avoid
Firefo
Well... that has already been done, so I don't see why not. Let's not forget
that they attack every possible layer, not just what is easy.
> OTOH, I use it in totally passive mode. No active content processing is
enabled. No exposures, no vulnerabilities.
Well, just because you disable the colorful stuff doesn't mean there are no
exposures or vulnerabilities. There are things that happen in the HTTP layer
itself, also in crypt
> I always wondered indeed how come different hardware with same programs use
different amount of RAM memory.
Different kernel, different drivers, different system resources => different
if-then-else executed by the browser code.
> what about Palemoon or Basilisk internet browsers?
You can read more in the web browsers thread.
Fresh news about Basilisk: the developers say it is not a "high-sec
environment browser" so they refuse to even look at the privacy issues it
inherits from Firefox. Palemoon is by the same deve
> The telemetry component does not report the pages the users visit.
It does much more than that, including things like scrolls, clicks, your
preferences etc:
https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories
> A victim of proprietary software, yes.
No, he does not
I am tired of you, honestly.
When I say something like "There is red apple on the table" it seems you
would never understand it. You would rather argue that Red is the name of a
company producing digital cameras, or philosophize about Apples' OSX or about
tables as in a database. Then you w
You are twisting my words again and again. And you seem to twist even what
your favorite authorities say.
https://www.fsf.org/blogs/rms/20140407-geneva-tedx-talk-free-software-free-society
Watch the video:
4:20-6:20 - Does that create the impression that it is possible to have that
also in
> Are you the same person who pretends that freedom 1 is not practical
because it is too much work to read large source codes?!
analytics.js is not 10M lines of code. My posts about the impossibility to
exercise freedom 1 were about the large code base of browsers. You should
really pay att
> 2. Any time both nodes are safe, the conversation is safe.
Only if the transport and all devices involved in the whole process of
computing and data transfer are safe.
> Your attitude is "everyone else is doing things in a bad way, so what's the
point?"
No. My point is not that. I have
> No, it is not.
Then why people want free software according to you? Because they like the
licensing? Or because it is not paid? No - they want it because of the
ability for community control which implies it safety.
> ??
What I said means that I know better than you what I mean and why I
I was answering some questions and concerns raised by others.
Didn't your main question already receive an answer?
> I see no reason why the Android version of Chromium would "need" Google
Analytics more than the desktop versions.
I am not saying it needs it.
> It is minified.
I know. But you can unminify it. That's what I meant. It is still difficult
to read due to the non-descriptive variable and func
> Nobody here says that "free" is synonymous with "safe" (again: good work at
not "putting words into other people's mouth"!).
I said:
>> You should make a difference between demotivating and disagreeing to blind
faith in "free" as a synonym of "safe".
Where do you see me say "person X is
> It is much better than doing nothing.
You seem to ignore the most common scenario (which I already explained but
again:) host A is perfectly clean/libre system communicating with host B
which is PRISM'ed (= all communication is tapped). Now consider that hosts
like A are very few and host
> What logic is this?
I have already explained it. If you can't understand it I don't think I can
explain it any better. You should really try to look beyond your own computer
and understand that communication involves other hosts too and that changing
your mail server is not enough as a me
> I also agree that heyjoe's posts are for the most part defeatist and
demotivating.
You should make a difference between demotivating and disagreeing to blind
faith in "free" as a synonym of "safe". Otherwise you are merely singing
Gnulellujah.
> I'm not sure what threat model he is thin
Thanks for sharing that info. That's what I was hoping to see from you when I
asked you to show actual code in the web browsers thread.
What catches my eye is:
./android_webview/BUILD.gn
and
var n=analytics.getService("Data Saver Extension")
in detailed_data_usage_compiled.js. These make me
Sounds like too much hassle to be honest. A classical simple system for auto
subscribing for email notifications for the thread one posts to is much
simpler.
BTW I have been part of some discussions (IIRC on Google's community groups)
in which it was possible to still post by sending an ema
Thanks for explaining the technicalities. But can NNTP resolve the issue with
mail lists sending all the threads (including those one doesn't participate
in)? If not - then it probably has value only as an optimized version of
lists rather than UX improvement.
Thanks. I already configured it in claws mail. However I don't see it as
anything different from mail lists, i.e. I still see all of the threads
inside the particular forum/newsgroup I subscribe to. Perhaps it won't be
quite different from what we already have here?
I have absolutely no idea. I don't use these +/- buttons at all. It is a
silly function to me.
openSUSE's forum have that too but I haven't explored into it (I still need
to learn about how to use NNTP):
https://forums.opensuse.org/faq.php?faq=novfor#faq_nntp
Perhaps that could be part of the request (if one is to be made). I am not
quite sure how this site is maintainted though. A li
> 2) Not mirrored to list archives; (I don't know whether there is a mailing
list for it in the first place)
Mailing lists are a pain to me. It seems when I am subscribed I get all the
messages, even those from threads I am not taking part in. This is spammy. I
would rather prefer it like i
> I really want the lawyer.
I don't. I hope I will never need one.
> I also clicked on the "analytics" subdirectory because I found it
interesting that Google Analytics is part of Chromium.
I don't think it is not part of the browser (is it?). As the README says:
"The third_party directory
I agree too. So what shall we do?
- Talk in troll lounge
- Stop talking
- Ask someone to create separate general tech-talk forum
?
No, I am not. That "here" is something you tailored from different parts of
my post, again - extracting a detail and missing the whole and turning it
into something else.
Ok, enough. Stay on topic please. That is not helpful to anyone.
Perhaps because of the parts full of wonderful and polite communication of
useful information.
> you just did some tcpdumps, which provided some nice info,
That "just" is what nobody else did and it is not based on "helpful" articles
and recommendations.
> but you make it sound as if you revolutionized the whole webbrowser
market...
Where do you read any claims of that? Please stop
> I actually wrote two scripts to help you
You are not helping me but the community. I am not a helpless person asking
for your help.
> In contrast, the only "advice" from you is "create your own network,
completely isolated from the Internet"
That is the only valid answer to the OP's que
> If you know something I don't though, feel free. I haven't used chromium
too much... to be honest.
Then you should not assume what others say/recommend but test for yourself. I
have tested and I have found that out of the box both Chromium and
Firefox-based browsers contact third party ho
> What about the subliminal message "our computers and networks are owned,
securing our communications is moot, give up"?
Nobody said "give up". You should really stop putting words into other
people's mouths. I have asked you to stop it so many times, yet you keep
doing it.
> If I was a
Perhaps an interesting article:
https://aeon.co/essays/your-brain-does-not-process-information-and-it-is-not-a-computer
> Chromium dials back to google very frequently.
Not if you have configured it properly. I don't know what you mean by "dials
back". The only case when it communicates to a third party host is when
opening chrome://settings in which case it sends a single request to
translate.google.com to
> It *was* their dual-core signal processors that is developed
Animals with dual-core sound processors? Am I missing the humor or some deep
meaning in that? :)
So you don't have cable TV and you have deliberately limited your internet
quota. That reminds me of the monks who always look at t
Perhaps. But I don't assume easily :P
No. Using the word as a marketing tool implies that.
I don't know if anyone has ever considered the possibility of E.S. being a
deliberately created figure (for various purposes). To me it seems quite
possible. NSA surely knows his location and can expunge him at any time. But
they don't.
The video is a short presentation by Trammel Hudson who talks about securing
the boot process through replacement of proprietary BIOS/UEFI with
https://www.linuxboot.org/
> Well, a glass window is the best membrane one can think of. There is no
better.
If that was true animals with high s
If you can't measure it "best" and "least" have no meaning. A goal is not
merely a direction of movement.
For some it is simply staying Ecuador's embassy.
> The goal is to strike the best compromise
Then please define clearly and unambiguously "best compromise" explaining:
- why it is best (and can't be any better)
- what exactly is compromised (and cannot be otherwise)
Otherwise without actual measures it is really heading for the horizon which
I dare to say that E.S. seems to me not quite thoughtful of the lower ring
issues. In his Twitter feed he merely says "Use Tor, use Signal" which is
meaningless considering the former. This makes me question the actual
competence of the guy as these are really superficial statements (even mor
> If you have a fuge factory, and a enough capital, and some artificial
satellites, and some rights for legality, can you make a perfect method?
Why do you think these are the factors needed to perfect security?
If you have these - you will most likely be visited by FBI/NSA/CIA personally
an
Instead of waiting one could take action. Waiting is like never filing a bug
report but simply expecting someone to find the bug and fix it. Or waiting
for someone else to identify the browser leaks just to say "how nice" or "how
bad". Or never learning because right now there are more "impor
> Micro$oft announced that Windblows would support facial recognition instead
of a password
That would be utterly stupid. One's face is not private data, especially in
the age of social networking with profiles full of pictures.
BTW M$ has very strange understanding of security. Some time a
They are not backdoors per se but because of their nature they open a huge
door to mischief.
> That is people's happiness.
> I think they should state facts honestly. If they keep sincere, people will
respect them the end.
No merchant cares about your happiness. The convenience they sell to you is
just a tool to put you to sleep, so they can exploit you more efficiently. In
such
We are still working on it :P
> Is this the DDoS attack?
You would have to try much harder for it ;) Then the mod will find you
without you having to contact him :P
> I had addressed it with;
Sorry. I may have missed that. Anyway my clarification is probably still
relevant and necessary :)
What is TIC?
The bullet lists you show are still only for experts. I can't imagine doing
it with clients who use iMac/iPhone and are utterly proud of it and closing
> When a libreboot laptop in a their factory, it has no back doors, 100%
ensured.
1) All CPUs are currently buggy and are vulnerable to back doors (Spectre,
Meltdown). The software mitigations don't fix the hardware, only reduce the
risk partially.
2) Microcode is still proprietary
3) Ot
> I discovered my new favorite distrobution, Hyperbola.
I think you should change your avatar to a clear text "I use Hyperbola" :)
Would save you typing :P
> anything based off of chromium
Why?
> ps, the linux libre lts kernel itself is hardened for hyperbola by default.
Still that means nothing without exact description.
Thanks!
I guess unar is what I need (I see it in openSUSE's OSS repo too).
What you list is only valid if all the nodes in the network have the
qualities you listed.
Suppose you have:
- node A (perfect clean ultimate libre)
- node B (containing spyware)
A sends encrypted message to B. The spyware on B decrypts everything because
it steals B's private key. So what g
That article is not by openSUSE so what it lists and recommends is someone's
personal preference (including adding Google Chrome from external Google's
repos etc).
> So I guess it is already be enabled by default and therefore should not be
recommended here.
I already explained everything
Because people here obviously respect the authority of an organization which
recommends things which are not quite factual and IceCat is one of them (for
the moment, until it gets fixed). The point is: just reading recommendations
does not equal testing or even less - understanding. That has
I can't recall for sure because the last time I installed openSUSE from
scratch was years ago. Since then I am only upgrading it to newer versions.
But during initial setup you can choose what you install - package by
package. And you can select repos from which you install.
https://en.open
https://www.waterfoxproject.org/#develop
Perhaps you haven't read what it advertises.
I thought you were asking.
Anyway it is quite difficult to understand your English, so I may have
misunderstood.
This page:
https://www.fsf.org/working-together/gang/icecat
says
"If you're looking to surf the web at speed, but with a concern for your
privacy and safety at the same time, look no further than GNU Icecat."
but IceCat has privacy issues (demonstrated by me personally).
In any case I am u
I simply explained what I do.
> By harden I mean an increase in security/privacy. That's all I really know.
:) That's pretty vague. Brave is supposed to be hardened Chromium but it
leaks network packages in the background like crazy (much more than
Chromium). Waterfox is also supposed to be a hardened Firefox but it is
First you should understand that this is capitalism and everyone is trying to
sell you something (even "free" things). Too much advertising and too heavy
marketing language is a sign to be noted. Look at how they speak, not only
what they say.
Personally I get in direct contact with the ser
But what do you mean by "harden"? Give specific examples please, so that I
know what is "softened" and "hardened" in your mind.
> stretch as the base for stable and Buster for testing.
What is 'stretch' and 'Buster'?
> It's not free/libre ([1]),
It is free unless you explicitly add the non-OSS repos.
> I would suggest that people around here stop recommending this distro
Where exactly did you read "I recommend"?
> otherwise people might as well start using the post downvoting system.
Perhaps it would be a
1 - 100 of 349 matches
Mail list logo
