InformAction Forums

therube wrote:(I don't think that is the "profile" you intended? Perhaps Profiling practices?)

The wrong auto-linking happened because of a GreaseMonkey script I use to speedup my posting here

Then they would have known I had visited youtube and what page I'd looked at. That's what that link is for. Is that right? No, not necessarily. You asked if it could be used to track you, but that's very unlikely their main purpose. Doubleclick is an advertising company, so the main purpose of the ...

@mr greenhatch:

Yes, thanks to the following built-in rule (in the SYSTEM ruleset), it protects from any attack of the Internet->Intranet CSRF class: This one, for instance, no matter if the attacker site has JavaScript enabled or not.

And in the case of DC that information could and would be used, I suppose, for tracking? Yes, but your IP alone is not enough for effective profiling (many users can share the same IP), and therefore it won't be used for tracking unless other data is available for identification (see below). So, th...

If it's not "transferring code," you seem to be saying its harmless. Is that right? Well, not exactly. With every HTTP data transfer some information is sent: Your IP The address of the page you're visiting Some details about your browser configuration All of this info, except the IP, can...

But please explain what's happening when I see "transferring data from doubleclick.net" in the status bar? Is that a script, and if so, shouldn't NS be blocking it? "Transferring data" means exactly that, data (not necessarily code) is being transferred. It can be an image, an i...

Where are the scripts, I don't see any? (At least not at http://secdev.zoller.lu/ff_dos_keygen.html) onload="document.forms[0].submit()" It's JavaScript, and it means that as soon as the page loads, the first form in the page gets submitted automatically. NoScript prevents this script fro...

So more simply perhaps ... For whatever reason, I have whitelisted (Allowed) badsite1.com & badsite2.com & badsite3.com. Now I go & visit disney.com. I have NOT Allowed disney. Disney is harboring scripts from badsite1 & badsite2 & badsite3. Since I have NOT allowed disney, I am...

Yes it is. When the main document is not in your whitelist, scripts imported with <SCRIPT src="some-other-domain.js"></SCRIPT> are not loaded at all, and even if they were loaded, couldn't execute anyway because their hosting "docshell" has JavaScript disabled. That's why I sligh...

Not exactly. Half of the "PoC" (key generation) works, because the keygen element is designed to work without scripts. However the part where he forces the form to be submitted in the onload event, causing an endless loop (the form gets submitted and the keygen process restarts) fails, bec...

@Tom T.:
did you try to clear your previously set cookies first?

Anon wrote:What about an option in the menu to either enable/disable (by checkbox {default on})

NoScript Options|Notifications|Display the release notes on updates, see FAQ 2.5.

If the page you're watching is allowed (Temporarily allow) and tinyread.com is allowed, the bookmarklet should work. Current NoScript version can run the TidyRead bookmarklet on untrusted pages as well as long as you've got tinyread.com in your whitelist, but with an important limitation: after the ...

@ ubuntu user : please ignore therube's last post, he was referring to the general behavior of most FlashGot download manager adapters. The gwGet's is a special one, since gwGet accepts only one URL on the command line but inherits the recursive features of wGet. Therefore, in the "FlashGot All...

How are your cookie settings in FlashGot Options|Privacy, in Internet Explorer and in FlashGet (since FlashGet doesn't support direct cookie passing, FlashGot passes them to IE where FlashGet can read them, then deletes them).