Privacy-aware search engine to replace Scroogle

General discussion about web technology.
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Post by Tom T. »

Identities Infinite wrote:I never knew you visually-orientated people miss so much.
I thought I mentioned a little bit back in our discussions that in F4+, opening the Find toolbar moves the onmouseover link destination from lower left to lower right, and that I didn't even see it for a long time. It had been in the lower left for so many years, going back to my first Firefox in ... early 2000s? Can't remember. I assumed that the Find bar obscured it, because I never looked anywhere else. After all, why would a developer do something so illogical? [sticks out tongue] In the F3 that I still prefer to use, the link destinations stay on the left no matter what.

Yes, the sighted are heavily oriented to visual, going back to caveman days. Humans don't have the sense of smell that animals do, and many prey animals walk quietly, or else they don't live long. <wink> So we came to rely on the slightest visual cue -- a movement of a few leaves, or a change in the pattern of the forest -- for survival.

One hates to trot out stereotypes, but is it not true that if one sense is diminished or not present, the others try to compensate? The sightless listen more acutely and train their fingers to read the fine distinctions of Braille. Those without hearing must become more visually aware of their surroundings. Before cell phones with "vibrate" were common, multiple flashing lights in the home could signal a visitor at the door or a voice-to-text message coming over the teletype. Etc.
I went back with no cookies. Firstly, I entered the full e-mail address; secondly, pressed Sign In; thirdly, pressed the return to original Hushmail link since it always switches back for some reason;
Whoa. Switches back to what? The username [email address] page, https www dot hushmail?
It doesn't move directly to the Password-Authenticate-Enable Java page? Index, I think it was?
If not, we need to find out why.
fourthly, the page which I copied shows up. In the NoScript | Blocked Objects sub-menu I hear the following items:
<snip>
Temporarily allow *@https://www.hushmail.com
Temporarily allow *@https://www.hushmail.com (https://www.hushmail.com)
Temporarily allow unknown@https://www.hushmail.com (https://www.hushmail.com)
Temporarily allow unknown@https://www.hushmail.com

Does the asterisk mean everything?
yes
Why are there 2 of the last ones: unknown and asterisk?
The second example of each, the longer one, specifies both a source and a destination.
I allowed the /appletFrame.php object and after it reloaded there is revealed a edit field with no name but with the digit 1 in it. I have no idea what that is.

I got that using the tab key, too. If I remember correctly [acronym: IIRC], it was a Search field or something. I'm not there right now; wanted to give an interim answer, as I have some other obligations. And oh my, lose an hour due to the start of Daylight Saving Time. It's still *winter*! [shreik!]
My guess is I must allow all other frames for it to work so let me do that. I just did that and after reloading it reveals a few onmouseover links that point to the help system: 4 to be exact on their own line. Why I have no idea.
From memory, different categories or major topics of help. Will recheck when time permits.
Let me allow the other frame now. Upon doing that and after the reload in that frame it contains the passphrase field, Authenticate button and links that say enable Java and explain
Bingo. Do the enable Java one, and we're almost there.
Here is the page as I know it with those 3 <FRAME> elements allowed. I did not turn on Java yet.
There is a known issue with phpBB that long links get truncated, and don't display properly. This is why it is better to wrap your list in code tags, if that is not too inconvenient. It "locks" the characters, white space, etc. URL tags work well for individual links, but in a list like what followed here,

Code: Select all

 is better. 
[quote]Hushmail
Please enter your passphrase:   
Authenticate
Enable Java | Explain
Try the new Hushmail
  showLogin frame end[/quote]
Perfect. That is where we want to be. 
[quote]Let me now enable Java. I did and the Java item is not yet in the system tray. However, this is where I notice the unknown frame and up top the <APPLET> element. I assume that is on what I should click.[/quote]
As said before, you are seeing what I cannot see <big grin>, unless I look in the source code myself. Never had occasion to before. 
[quote]First the page then the blocked objects sub-menu:
Hushmail
<snip>
<FRAME>, unknown@https://www.hushmail.com/hushmail/blankContentFrame.php?PHPSESSID=0FBDE6CD76B9C6E28744CB43D863E22B
blankContentFrame frame end[/quote]
Again, the longer links get truncated, but I understand what was meant.
[quote]The blocked objects sub-menu now contains:
Temporarily allow *@https://www.hushmail.com
Temporarily allow *@https://www.hushmail.com (https://www.hushmail.com)
Temporarily allow java-vm@https://www.hushmail.com (https://www.hushmail.com)
Temporarily allow java-vm@https://www.hushmail.com
Temporarily allow java-vm@https://www.hushmail.com/.../com.hush.core.security.applet.HushEncryptionEngine

I will just press Enter on the <APPLET> placeholder on the page since I do not know which of the 3 to pick.[/quote]
As said before, *any* of them will work. So would the star, which as you correctly surmised, is "all". Fortunately that is the only first-party code object that Hush tries to load, so the *star* works, too. Any of the java-vm is fine. The last one, which ends in "core.security.applet.HushEncryptionEngine" is the most informative for the cautious or curious user, and on a site that doesn't have one's absolute trust, or which has many different types of blocked objects, we should be as selective as possible. But we must trust Hush, else why use it? Just don't allow the third-party script from google-analytics. The [url=http://hackademix.net/2009/01/25/surrogate-scripts-vs-google-analytics/]Surrogate Script[/url] will take care of that one while protecting your privacy. 
[quote]I did that and the Java Platform, Standard Edition item is now in the system tray.[/quote]
Ta-da! [Do you know that expression?] How about, "Hip, hip, hooray!" Or "Voila"! ... maybe just "success at last". [smile ear to ear]
And you did NOT have to downgrade your Java runtime version, did you? 

Are you at last able to use the Java-encrypted Hush now? 
If so, we'll work on the rest another time. Just want to know if we at least got it working. 

[I assume that there is no person or institution so trusted that they could assist by reading the screen themselves, so that they can report and see it as I do, and help interpret my comments compared to what JAWS sees? It *would* be easier on all, and get us to where you find Hush easy to use on your own, but if not, then on we go... Cheerio.]
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.27) Gecko/20120216 Firefox/3.6.27
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

Whenever I type in https://hushmail.com it goes to the sign-in page with the link towards the bottom to see the New Hushmail [this is without cookies]. When I input my full address and press the only button it goes to the next page with the same field plus the passphrase field. Towards the top there is a link to return to the original Hushmail so I must press that for the Java applet to be available.

I can not seem to use it correctly. It says * time has elapsed but never asks me to install anything. It never does much of anything after that and I am now using 6 update 31. There is nobody trusted enough to read the screen for me. I would NEVER allow Google Analytics to run at all; it is untrusted and for ever will be. Unfortunately, so many sites rely on the GoogleAPIS site I had to allow it back on the whitelist. Apparently it is just as much depended on for AJAX I am guessing it is as jQuery.

Next time I will use the code tags; I did not know about the truncation bug.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120310 Firefox/12.0a2 Firefox/12.0a2
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

Why am I not able to read this topic? I used to and received a reply notification but when I went there it said I am not authorised to read the forum.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120310 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

Identities Infinite wrote:Whenever I type in https://hushmail.com, it goes to the sign-in page with the link towards the bottom to see the New Hushmail

I always use https://www.hushmail.com. Try that and see if it works differently. Also, if I type only www.hushmail.com, it auto-redirects me to the https at the same address. When I tried your address, I got a Firefox warning that "This connection is untrusted. We cannot confirm that it is secure." So please try the other.
[this is without cookies].
I *really* think that you need to allow cookies for all of this to work, or at least, to work most efficiently. That has probably been part of the problem all along.
Since I am privacy-sensitive as you are, I allow their cookies for session-only [as with all other cookies that I choose to allow]. Thus, they are dumped when you log out of Hush and close the browser before going elsewhere. Getting a new cookie on the next login, for that session, is no big deal, really.
I can not seem to use it correctly. It says * time has elapsed but never asks me to install anything. It never does much of anything after that and I am now using 6 update 31.
I thought that in the last post, you got the Java system tray icon, indicating success?

As mentioned, while the Java applet is trying to load, there is only a visual indicator in the form of standard download-warning boxes. And the NoScript icon has a little red blotch on its normal blue-and-white, indicating some blocked object. So you just have to know that after clicking or otherwise activating the "Enable Java" link, wait about three seconds, then navigate the NoScript Blocked Objects menu as per previous post.

I was going to work on an ABE rule, but it looks like we have a setback here. Please try all of the above, and let's confirm that you have working e-mail from Hush, with the Java encryption.
Unfortunately, so many sites rely on the GoogleAPIS site I had to allow it back on the whitelist.
Personally, I prefer just to temp-allow [TA] it, as I don't visit that many sites that require it. But given the additional inconvenience, I can understand whitelisting it.
Next time I will use the code tags; I did not know about the truncation bug.
Neither did I, until December 27, 2011, when I posted this thread about it.
Identities Infinite wrote:Why am I not able to read this topic? I used to and received a reply notification but when I went there it said I am not authorised to read the forum.
Another case of spam. We have a private sub-forum, available only to administrator and moderators, to which most spams are sent, instead of just deleting it.
The reason is that different usernames may be correlated with one IP address, and different IP addresses may be correlated with one username. So this provides for more thorough banning of both username and IP. One more task of your tireless and diligent Support Team. [wink]

If it happens again after clicking a notification link, just assume that it was a spam post and delete that notification. Presumably, the board software knows that you tried to visit it, so if there are legitimate subsequent posts, you should still be notified.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.27) Gecko/20120216 Firefox/3.6.27
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

It says * time has elapsed and keeps increasing. The Java item stays in the system tray but I thought the page should change or something instead of just doing not much of anything. I do not know what should happen.

I was able to post in that topic before. It is the one where I think 13 about:config options were explained and me saying something about a compiled HTML file. It was never private before.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120311 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

Identities Infinite wrote:It says * time has elapsed and keeps increasing. The Java item stays in the system tray but I thought the page should change or something instead of just doing not much of anything. I do not know what should happen.
Again, I believe this issue to be related to refusing [session] cookies from Hushmail.
Also, please try the login address that I suggested, which was https://www.hushmail.com versus https://hushmail.com.

Yes, once the java icon is in the system tray, it should take you back to the passphrase-entry page, with that field and the "authenticate" button.
Please remember that the Internet is "stateless", and a Web server does not know that you are the same person who requested a previous document or page from that site. Many users share the same IP address at Internet cafes, college dormitories, public libraries, etc. This was one of the early and legitimate reasons for using cookies: To identify the same user throughout a single session, whereas identification by IP address alone is not reliable.

It's how one can browse at, say, Amazon, before logging in, and add items to one's cart. What if someone else using the same IP - let's say you're at a hotel or wireless hotspot -- were also browsing and adding items to cart? Yes, cookies certainly can be misused, and have been, but you *must* let Hush know that you are the same entity who just allowed Java. Remember, they haven't yet received your passphrase. Please enable Hush session cookies and see if this issue persists.
I was able to post in that topic before. It is the one where I think 13 about:config options were explained and me saying something about a compiled HTML file. It was never private before.
You can still post in it. I did not go into greater detail before, because my posts are long enough already. [wink]
The notification that you received was that there was a reply to your post. That reply was *spam*. It was moved to the non-public storage location for spam posts. When you clicked "If you want to view the newest post made since your last visit, click the following link", it attempted to take you to the spam reply. But you're not allowed in the spam depot. If it happens again, go back to the notification e-mail, and click "If you want to view the topic, click the following link:". You may have to check for multiple posts since your last post.

I'm sorry about the inconvenience, but I'm sure you agree that we must delete spam. As said before, the creation of a repository was an idea discussed and implemented well after the forum itself was started, and it does enhance the thoroughness of banning. The notification is automatic. I must get several notifications every day of a reply that turns out to be spam. Often, another moderator has already deleted it. Since I have access, I am automatically taken to the deleted post -- yuk! [smile]. But if has not yet been deleted, then I do so. So while these notifications are annoying, they help the team delete spam much more rapidly.

Spam itself is annoying. We all have to live with the collateral damage.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.27) Gecko/20120216 Firefox/3.6.27
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

When I go to that exact site with no cookies but allowed them in Firefox I receive the following page:

Code: Select all

Hushmail – Free Email with Privacy
Hushmail – Free Email with PrivacySign Up | Billing | Upgrade | Contact Us	| Help
list of 3 items
Home
 
About
 
Services
list end

Sign up for free secure email
Hushmail offers private, secure free email accounts. Email is encrypted and spam/virus scanned. Learn more

Sign up for free email »

Secure email at your domain
Hushmail Business lets you manage unlimited accounts and customize Hushmail. Learn more

Start for $9.99 »

Hushmail Mobile
Keep your email private, everywhere you go.

m.hush.com

Our new look
Coming soon: A new Hushmail that’s faster and easier to use.

See the new Hushmail

Sign in to webmail
Enter your full email address:
  
Sign In »
list of 4 items
Sign up for free email

Upgrade to Premium

Hushmail Business

Hush Secure Forms
list end

System status:
 All systems are stable and running 

How secure is Hushmail?
Home | Services | About | Help

© 1999-2012 Hush Communications Canada Inc. 
Terms | Privacy | Disclaimer | Sitemap | Contact Us | Blog | Follow Hushmail on Twitter
When I input my e-mail address in and press the button it takes me to

Code: Select all

Hushmail - Free Email with Privacy
Home | Mail | Billing | Return to original Hushmail

Hushmail - Free Email with Privacy

Email address
 
e.g. timmy@hushmail.com

Passphrase
Passphrase
Can't remember your passphrase?

Stay signed in for one week  
Sign in
appletFrame frame
appletFrame frame end
 
hushmail/blankiframe frame
hushmail/blankiframe frame end
The Passphrase field is repeated because I entered nothing in them [the first is the form field's label but I do not know why JAWS does that]. Notice the Return to original Hushmail towards the top. That is why I have to click the link. Then the address is https://www.hushmail.com/hushmail/index ... _username=«…». I omitted my e-mail address. When I enable Java it is stuck at 5 seconds elapsed and does not change. I am not sure why.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120313 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

They have a lot of pages, and I can't find one offhand that exactly matches your second page.
The 'Return to original hushmail" leads me to believe that you have somehow configured your account default to the new GUI, which we learned does not yet accept java.
Or the wrong button is being clicked after entering your address. Upon entering your address in that field, tab *once*, then click "Enter" on your computer.
This takes me to the proper page without fail.
Once there, perhaps you can reset the default to original hushmail, or ask support to do it for you, using any e-mail account anywhere.
Otherwise, I cannot reproduce what you describe.
Did you whitelist Hush cookies in Firefox Tools, Options, Privacy, Accept cookies from sites--Exceptions? Enter in the top field,

Code: Select all

www.hushmail.com 
and click "Allow for session", then "close", which is the last box on the page.
After "allow for session", the tab movements are: allow, [the first item in your list], "remove site", "remove all sites", "close", where "close" equals "OK".
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

There exists no option to set whichever GUI as the default. I will ask the support staff about this too. If I press Tab whilst focused on the e-mail address field that is the same button I have been clicking and the only one there. The support staff keep telling me to send more feedback good or bad because they say they can use it. Kelly G. is the only entity contacting me and he/she seems to like all the e-mails I send.

I do the same for software for which I really want a licence. It worked for a few and others it does not or I receive no response. Saves me money and the software for which I want registration information I actually use almost daily. My current mission is BCWipe and I really hope they respond. I think you once said you use Eraser and I contacted Joel so accessibility improvements should be implemented in the future.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120313 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

Identities Infinite wrote:There exists no option to set whichever GUI as the default. I will ask the support staff about this too.
OK. It was just strange that you showed a link, "Return to original hushmail." I've never seen this, unless I deliberately clicked to try the new GUI. In the meantime, perhaps try clicking that "return" link, which presumably ensures the old GUI? Then see if you are able to log in with email address and/or activate java.

Didn't you report before that you had successfully found the java icon in system tray? What has changed since that success?
I think you once said you use Eraser and I contacted Joel so accessibility improvements should be implemented in the future.
Good. The world needs more people who work to make it better.
I would think that a product's responsiveness to requests for accessibility [or to all genuine and valid user feedback, for that matter] would be a measure of whether one would want that product. I hope Giorgio and our Support Team are perceived as living up to that standard.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

The process I explained with those truncated page frames about which you let me know was all after I pressed Enter on that link. I allowed cookies for www.hushmail.com so that is not the problem. There is nothing I must change in the Java Control Panel is there?
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120313 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

Identities Infinite wrote:There is nothing I must change in the Java Control Panel is there?
I've never had to, but in looking at it, I just realized that you use a lot of proxies. Open the Control Panel. On the General tab, click "Network Settings".
The default setting, which is what I use, is "Use browser settings". The next radio button is "use proxy server". Clicking it opens [turns from gray to white, indicating writable area] fields for "address" and "port". There is an "advanced" button next, which opens a sub-page for specific address and port for specific protocols. Top down: http, secure, FTP, socks. Next is a checkbox: "use same proxy server for all protocols". To me, doing this would be the same as not using the advanced settings at all, since server address and port were generally specified on the Network Settings tab.

Back on "advanced", there is a label, non-focusable, but the tab moves the cursor into the field below it: "exceptions: Do not use proxy server for addresses beginning with [textarea field]. Unfortunately, you can tab that infinitely, and it just keeps moving the cursor to a place for a new entry. Below are the instructions that JAWS probably can't read, "Use semicolon to separate entries". Then you or JAWS or NVDA will have to find the OK button, since Tab just keeps looping in the entry area. Hopefully, you won't need this anyway.

The other choices, back on Network Settings, if you tab past "Advanced", are "bypass proxy server for local addresses", and "Use automatic proxy configuration script". Clicking the latter radio button opens a text field, and Tab puts the cursor there: "Script location". Tabbing past that offers "Direct connection" radio button. Then "OK" and "cancel". Either one takes you back to the main General tab, where you can click Tab key until reaching "OK" and "Cancel", either of which closes Java Control Panel.

The proxy issue was probably the problem. See if that fixes it.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

I can simply create a profile for Hushmail in the AnonymoX panel to use the IP address which was assigned by my provider. That is the good thing about the extension; I use that for private torrent trackers where I would probably be warned at best for browsing with a proxy.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120313 Firefox/12.0a2 Firefox/12.0a2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Privacy-aware search engine to replace Scroogle

Post by Tom T. »

OK. So, does it work now?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Identities Infinite
Senior Member
Posts: 124
Joined: Sun Feb 19, 2012 10:27 pm
Location: Behind A Script

Re: Privacy-aware search engine to replace Scroogle

Post by Identities Infinite »

No, no it did not; it still froze this time at 15 seconds. Instead of enabling my temper to worsen and my fuse to blow I am now giving up and remaining with Earlybird and IMAP.
Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120313 Firefox/12.0a2 Firefox/12.0a2
Post Reply