InformAction Forums

Thanks, Giorgio - I was looking in the wrong place. It states it consists of one HTML and one CSS file I'll admit my ignorance here: these files weren't just floating around somewhere on the internet, for them to work they had to be maybe injected in some websites, either on the fly by MTM or tamper...

Adding Accept from chrome: right after the domain, as you suggested, does work. Still, the only error message that I can see without that line is the one I've posted above, there's nothing like that long message you've posted - maybe there's also some interaction with uBlock or some other addon at p...

(..) Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website . It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Ro...

I can't say for sure, but I'm afraid that in their view some legitimate extensions (=never so far involved in compromises/attacks) do cross this ideal line and should therefore be axed just to avoid any potential issue in the future. They seem to have been grown kinda intolerant of what some extensi...

This is the error message in the console NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0xxxxxx (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.responseStatus] the actual number would be 0x80040111 but that is triggering the forum antispam filter. which appears related to this line aRequest.respo...

OK, thanks for the info. There is a security issue (as pointed out here https://forums.informaction.com/viewtopic.php?f=23&t=8870#p45810) with just having a rule of "Accept from moz-nullprincipal:" I thought so, even if it was just a hunch - I don' t really understand this stuff... but...

I was going to report this issue, looks like it's still there in NoScript 2.9.5.2rc5 . With a simple rule such as Site .informaction.com Accept from SELF .noscript.net Deny at first just eliminating the leading dot on the first line seems to work, but then eventually ABE will unexpectedly trigger a ...

(...) What sorts of existing extensions will not be possible to port, exactly? And if these are not (all) malicious extensions, why can't WebExtensions provide the needed functionality? My suspicion is that, apart from the general will to over-simplify and flatten the browser, they probably don't w...

On a related note, I can't actually see in the prefs.js files all the surrogate entries that are visible in about:config using the "surrogate" keyword in the search field.

But that's what I meant exactly: my apologies if it wasn't so clear... the "free stuff" thing was actually referred to them. And thinking of it again, if *I* thought about this, they No need to give away free help and code samples to people who want to fingerprint you . must have figured t...

OK, thank you very much.

Ok, but could you explain in layman's terms if this feature could be considered a drop-in replacement for the original (removed) Firefox feature? Furthermore, the code looks a bit different to me: noscript.surrogate.noplugin.exceptions = noscript.surrogate.noplugin.replacement = Object.definePropert...

barbaz wrote:Yes and no. It depends on the purpose of your ABE rules.
I'm not giving more information in a public thread.

Well yes, I can understand that: no need to give away free stuff.

How would someone detect ABE rules? I can detect Javascript on/off and the NoScript addon, but not ABE rules. I think this is impossible. This is the same with iptables rules. Maybe not : although ABE is generally described as a firewall for convenience, I think it's not just comparable to an iptab...

We know that websites can kinda easily detect if you are using NoScript (well, scripts are blocked...) so much so that I often spot some specific "noscript" elements in page sources (maybe they are adding those to "unbreak" the page if scripts are blocked?) : but can they also de...