LSO cookies and FP Detective

[morganism]

This is pretty sweet.

https://www.cosic.esat.kuleuven.be/publ ... e-2334.pdf

http://www.informationweek.com/security ... ?print=yes

DNNSEC for duckduckgo
http://dnssec-debugger.verisignlabs.com/duckduckgo.com


When i save HTML pages, these javascripts tend to be saved in the page files.
I would like to block em out of saved pages too.
I Know these are actively blocked from running by NoScript, but would like to figure out how to keep them, (and GA.JS ,etc) from being saved to the computer pages too.

Any ideas ?

[barbaz]

When i save HTML pages, these javascripts tend to be saved in the page files.
I would like to block em out of saved pages too.
I Know these are actively blocked from running by NoScript, but would like to figure out how to keep them, (and GA.JS ,etc) from being saved to the computer pages too.

Any ideas ?

use mozilla archive format (latest version requires gecko 17 or later despite what they say)
https://addons.mozilla.org/seamonkey/ad ... ve-format/

[morganism]

thanks, have that installed, but havn't started the single file saves yet.

Didn't realize it would strip out JS.

Will give it a try.

[Thrawn]

You could also save as 'Web Page, HTML only', right?

[barbaz]

You could also save as 'Web Page, HTML only', right?

no
AFAIK that way you got the page *on your local computer* running arbitrary scripts and trying to make these requests to the remote server

mozilla archive format will download everything and replace all scripts with this

Code: Select all

/* Script removed by snapshot save */

much better, no?

[barbaz]

hmm, maf seems to save flash embeds regardless of allowed state in noscript at the time of save
best to use it in combination with a content blocker it doesn't bypass, such as simpleblock, so you don't download plugin-based active content (meaning "crapware" in this context) that may then run on your machine
(in this case noscript will block it automatically)

[Thrawn]

AFAIK that way you got the page *on your local computer* running arbitrary scripts and trying to make these requests to the remote server

Well, if there are inline scripts, and if you have allowed file://, then yes.

[morganism]

Ok, will try that simple block

What do i use to open a MAFF file to check for widgets?
At least with the double file HTML, i can open the _ file to delete by hand.

[barbaz]

It's a standard zip file, so your system's graphic archive manager should work.

I should also warn you that SimpleBlock isn't that easy to figure out and the only help documentation is the "Developer's Comments" section on the AMO page. But once you get used to it, it's a great layer of defense-in-depth for situations like this.

[morganism]

sometimes i want to save the pics inline.
had to go back to using Hack the Web, and save page htm complete.

Now, if i don't go back and delete the JS, am still afraid they can run on opening.

https://www.mozilla.org/security/announ ... 13-75.html

[barbaz]

Now, if i don't go back and delete the JS, am still afraid they can run on opening.

As Thrawn said, not if you didn't Allow file:// in NoScript.