Identities Infinite wrote:I allow all blocked objects but use the new interface. That one is so much better than the old one because the old interface has so many blank frames for some reason. The applet frame I think I notice but there is nothing in it.
I use the old interface. After entering username, I'm taken to a page with a password field. I looked at this from JAWS point of view [smile] and hit "tab" past the empty password field. Next was "Authenticate", which means "log in" or "send your password". DON'T. Tab one more time. Focus is now on what looks like a link, labeled "Enable Java", but hovering there shows a destination without any reference to Java, just a session ID number. I click this. You do whatever Jaws does to click stuff. Now, NoScript by default is blocking Java, so after a second or two, you'd have to open the Blocked Objects menu and allow it, but I think the following ABE rule will work.
Noscript options advanced ABE. Five tabs to focus on USER (meaning, user-defined rules). Move to the textarea, field, edit box, whatever JAWS calls it. The first line, by default, reads, "# User-defined rules. Feel free to experiment here.". In this particular case, yes, the hash tag indicates a comment or remarks and is not parsed. Move to a blank line, and copy/paste this:
- Code: Select all
Accept from https://www.hushmail.com/*
Unless JAWS or NVDA can find the OK button for you directly, I count eight clicks of Tab key to the OK button. Click it, and you are done. But close the NS menu, re-open, and go back there, to make sure the new rule saved properly. Compare the JAWS readback to what's posted above.
This should be a one-time only thing, in which Noscript will continue to block java everywhere else, but will auto-allow that particular applet from that particular source at that particular site, without further action on your part.
Unfortunately, I don't get an audible alert when the applet has finished loading. (Feature request to Hush?) While it's loading, the screen changes, showing images of permission boxes, "If you are asked to run software from Hush Communications, please say yes", and non-URL clicks to disable Java. The loading takes about 15 seconds with my typically 5-10Mbps download speed. When loaded, it reverts to the original password screen, with password field and authenticate button, black text on gray background, and again, it's the next tab after P W field. So type your password, or paste it from Password Safe (thought I forgot about that, eh? [wink], then the next tab focus is Authenticate. Activate that to log in, knowing that your password has been further encrypted so that neither an eavesdropper nor Hush can read it.
I believe that you can configure the account to always use Java, but I do not store permanent cookies on my machine. Also, there is something in the URL I have stored in Password Safe,
- Code: Select all
I am not doing anything illegal under Canadian law; I just want to be more safe than I was the last 5 years. Nothing wrong with that.
Then Hush has no reason or motivation to tamper with your encryption, and they lose every single customer if word gets out that they compromised an account without a court order targeting that particular account. I'm counting on that being good enough, and so are a lot of other people. But you have to be comfortable with it yourself.