/me playing bullshit-bingo in this mail ...
On Fri, 24 Mar 2017, David C. Rankin wrote:
On 03/24/2017 07:15 PM, David Haller wrote:
> Works here with seamonkey/flash-player-18.104.22.168-2.127.1.x86_64
> and under Gentoo with Firefox-45.7.0 with www-plugins/adobe-flash-22.214.171.124
> You don't even need JS. Have you accidentally disabled it?
It must be something within my config (about:config)
that is preventing the
plugin from working. The bizarre thing is with flash-plugin installed, it
doesn't even show in the addons->plugins list.
This is with firefox 48esr, and the config/security tweaks from:
Can't you pin it down a bit from that stuff? That's rather a lot.
And BTW, while I'm at it, what do you think happens if you set
Exactly: you are _explicitly_ sending _even more info_. And nobody's
bound to honor that flag. So, one of the first things I do is to
_DISABLE_ that "pseudo" protection. Instead I use uMatrix (a bit more
complex but better that uBlock, same author IIRC). And and a blacklist
the notorious trackers (doubleclick, farcebork etc. pp.) via dnsmasq.
However, they got that right:
"Disable Safe Browsing service
Safe Browsing offers phishing protection and malware checks,"
"however it may send user information (e.g. URL, file hashes, etc.) to
third parties like Google."
No shit, really?!?! *feigning being flabbergasted*
Wait, what "it might"??? NO FUCKING WAY! IT MUST SEND THAT STUFF to
work! So, again:
Three strikes, those wiki-pages are *OUUUTTT*!
So, same as above, and they even say it: using that "Safe Browsing" is
bending over for the "soap" and invite Mozilla/Google to ream^Wtrack
you real good. I've no idea what Mozilla does with it. But Google?
It's Google! I'd be verrrrra surprised if they didn't use and
So, just don't send anything but your request and only what is needed
for that request. E.g. I've disabled send-referer via a prefbar
checkbox, and that stays off unless (very rarely) some site doesn't
work without it.
Yes, I know what the referer is and I miss it in the logs of my
site(s) if it's not there, but, as the web has developed the last 15
Hey, they want to track me? Ok, so I don't even send them the
referer... I can play that game too ...
If I find the time, I might look over those tips above a bit more.
But: many basic configs that Firefox lacks in the UI are there in
Seamonkey (which I use only as a browser, FFs UI is crap anyway).
And some I might have as checkboxes in my prefbar (e.g. some
deprecated hashes, safe.renogtiation which I don't care about if I'd
load that page without https anyway and some sites have broken https
or had until not long ago).
So, David, could you start with a fresh profile, install uMatrix, read
its docs (once you get the basic principle, its quite easy and very
efficient to use!). And on that specific site, no adjustments were
needed, if I remember the uMatrix defaults right.
And/or try my flash-player package, if that works, that might be the
easiest way. Or 'strace -f -efile -o ff-flash.strace' your firefox.
Somehow it doesn't seem to find the plugin... But analyzing that
ff-flash.strace might be a little tedious ('grep flash
ff-flash.strace' would be my first step, probably).
And remind me to go over the about:config prefs of firefox, I need to
do that anyway too, so maybe we can do that together. I could even
fire up my irc server and open the firewall for some more rapid
back-n-forth on request for you.
PS: And yes, I'm aware of being trackable by trying to be untrackable
but as long as they can't connect this to me... Anyhow, I prefer
being only trackable that way than by bending over and just
delivering willfully. Me paranoid?
PPPS: Webdesigners should be forced to use 56k lines (max), and CPUs
like a Pentium 133 or so.
 ISTR amazon needed rc4/md5 still not that long ago, which ISTR is,
why I have a prefbar checkbox for this option:
And yes, I've disabled all insecure algorithms, but have the
checkbox for this, as I needed it not long ago.
 the matrix of (sub-)domains over features (cookies, scripts, ...)
A monk. A punk. A chick. In a kick-ass flick. -- Bulletproof Monk
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org