[RESOLVED] NoScript 1.9.9.05 and Yahoo mail problem

[Tom T.]

(The only other thing to note is that typically in the past ... even though I don't save logins, my Yahoo sessions would remain logged in - for extended periods of time, say days - perhaps so long as my initial browsing session remained active. Though just over the last number of days, I have noticed that I do have to log in again <the usual login dialog>, though that may be a change on Yahoo's end causing this.

Perhaps it was ...

Code: Select all

Currently you are signed out every:   [b]2 weeks[/b]

)

I leave unchecked the "Keep me logged in" box. Session cookie only, and logged out at end of each use. No permanent cookies on this machine, ever. The browser is closed frequently, which clears all private data, and the machine is shut down each night, unlike some users who apparently don't reboot for months or until an update requires it.

this cable provider reneged on their promise and started assigning permanent static IPs

Unless you truly have a static IP (different from a dynamic IP that simply remains the same), you can (should be able to) change your IP.

Mac MakeUp 1.95d

Procedure something like this.
Spoof your MAC (Mac MakeUp)...
Clone the newly generated MAC in to your router (MAC Address Clone).
Reset modem/router.
(Should <may/hopefully> then have provided you with a new IP, http://www.whatismyip.com/.)

You are correct about dynamic that isn't changed, in this situation. It used to be that a day or so with the modem off would draw a new IP, but now they tell you a week or so. No good.
I finally found a user-friendly rep who told me one or two ways to force a change, at least temporarily. (Plus, there's always wardriving lol! ) And lately, they do seem to be changing it occasionally. I used to keep a record of how often. Maybe I'll start again.

I did try changing my MAC address once, and it indeed forced an IP change. However, it broke something else, I don't immediately remember what. The site you linked makes it apparent that there's a lot more to it than just a single change.

I do know of whatismyip. There is also Steve Gibson's Shields Up!, a real-time firewall and port-vulnerability testing tool, which has the advantage of being over https, and also of telling you not only your IP, but also the "machine name", or "reverse DNS" assigned by your ISP. There is more talk about that at the linked site. It goes something like "user123axbc.cable.ISP.com" Apparently, some ISPs who use random DHCP will assign a static machine name, which wipes out all the cookie control in the world. Fortunately, my ISP seems to assign these machine names randomly and/or change them frequently.

I might start monitoring the changes in IP again. However, I lead a really dull cyber-life anyway, and don't go to too many "interesting" places (except this forum, of course); it's just general principle against the data-mining ad agencies and trackers. Thanks for the input.

And there's always wardriving.

[therube]

If several of the numbers from your current IP address (xx.xxx.xxx.x) appear in the machine name, then it is likely that the name is only related to the IP address and not to you.

https://www.grc.com/x/ne.dll?bh0bkyd2

Happens to be in my case. All the times I've been to grc (not all that many, but enough), I never picked up on that.

[Tom T.]

If several of the numbers from your current IP address (xx.xxx.xxx.x) appear in the machine name, then it is likely that the name is only related to the IP address and not to you.

https://www.grc.com/x/ne.dll?bh0bkyd2

Happens to be in my case. All the times I've been to grc (not all that many, but enough), I never picked up on that.

But does your IP address change, or is it too a non-changing one, in which case the reverse DNS name wouldn't change, and would uniquely identify you globally?

Or I assume you use the tool mentioned to change your MAC address frequently, eh?

[therube]

Yes, I have a dynamic IP that does not change.
Yes, I use the tool every once in a while - perhaps once a month.

[GµårÐïåñ]

dynamic ip that does not change is a fallacy. dynamic=changing, static=not changing, therefore dynamic not changing is an impossibility.

[Tom T.]

dynamic ip that does not change is a fallacy. dynamic=changing, static=not changing, therefore dynamic not changing is an impossibility.

This is getting into hair-splitting over terminology, but here's the explanation: As mentioned, my ISP told me that if I didn't power on the modem for a week or so, then when I did, it would draw a new IP from its pool of availables, because another user (perhaps a new subscriber) would probably have taken mine.

This interval used to be much shorter -- about 24-36 hours to get a new IP -- but I believe that more and more people are just leaving the modem powered on 24/7. (Waste of electricity, to me.) So there is less shuffling. And so long as I do power it on every day, which I do unless on vacation or something, I was getting the same IP for months at a time.

But still, therube is correct. It is dynamic, in that it is not permanently assigned to me forever (or for so long as I'm with that ISP). But it was becoming non-changing, with longer and longer intervals required to cause a change. So since I used it every day, it was a non-static (non-permanent) IP that was not changing.

All I have to do, e. g., is unplug the router from the modem and hard-wire the machine's Ethernet cable directly to the modem (during a power-off cycle). Then when powered back on, the modem finds a different device with a different MAC address (the computer versus the router), and obtains a different IP.

If truly "static IP", that modem would *always* have the same IP no matter what was attached to it, right?

Cheers.

[GµårÐïåñ]

Dynamic IP is one that changes and static is one that does not, correct. Static ips are convenient and useful in some cases but nowadays with IPv6 updated DNS references, it is not as crucial to have a static ip to make sure resources are available, its more for accountability. However, just because a dynamic ip "could" be left on the same line for 3-5 days at a time, never a month, the modem need not be always unplugged to get a new ip. Many ISP that are worth their soul will have a policy that will force a new ip even if you do not turn off the modem/router because it uses PPPoE and therefore there is an authentication cycle during which it WILL assign a new ip unless it was issued less than 24-72 hours ago (depending on the lease time set by the isp) and therefore could end up same. It is already allocated to you in their NAT table, so might as well keep it. However, none of this means that you have your ip for longer than 5 days tops. Every time the ISP gateway is recycled or rebooted or refreshed, it pushes out updates to the clients and at the next natural authentication cycle, you get a new ip. The only exception seems to be cable providers who tend to be using the older protocol of excite@home when static ips were given to customers and even with the official dynamic ips, they often times will assign a pool of ips to customers subject to little change. Why most people who are concerned with privacy will avoid cable providers. The draw for them is the higher initial speed, unfortunately people don't realize the more of their neighbors gets on cable, the slower their internet becomes. For cable providers it is more beneficial to assign you an ip that can be connected to you since most people will run servers or download or upload or share media and they want to be able to trace it back to you should they get a subpoena. In the end DSL provides the most stable speed and reliable bandwidth over time and in the long run average. SO depends on what you are looking for I guess. Anyway, I wasn't splitting hair, its that the statement was wrong, regardless of how long you get to hold on to the ip.

[Tom T.]

However, none of this means that you have your ip for longer than 5 days tops.

I had had it for several months, which is why I complained to them.

Every time the ISP gateway is recycled or rebooted or refreshed, it pushes out updates to the clients and at the next natural authentication cycle, you get a new ip. The only exception seems to be cable providers who tend to be using the older protocol of excite@home when static ips were given to customers and even with the official dynamic ips, they often times will assign a pool of ips to customers subject to little change.

Exactly what I was saying. Whatever the mechanism, the IP wasn't changing.

Why most people who are concerned with privacy will avoid cable providers.

Cable providers *can* do true dynamic HCP if they *want* to. When I first inquired about switching from dial-up, they said they definitely did. That's why I said previously that they reneged on their promise.

The draw for them is the higher initial speed, unfortunately people don't realize the more of their neighbors gets on cable, the slower their internet becomes.

My ISP seems to have enough bandwidth that it's not a problem.

For cable providers it is more beneficial to assign you an ip that can be connected to you since most people will run servers

Their first "customer service" rep, who wasn't truly a tech rep, just "is it plugged in?" etc., tried that same BS on me, telling me "Most of our customers prefer static IPs". I told him that the overwhelming majority of their customers had no idea what an IP address is, much less even know their own IP or whether it changes. Remember, we're talking about Average User-land, not the tech-savvy people who inhabit these particular waters.

most people will run servers

Aaarghh! How dangerous! Why would an AHU (average home user) be running a web server? Firewalls etc. are to block all unsolicited inbound traffic.
If you need a chat or IM client, then Yahoo or AOL, etc. will be the necessary intermediary, and they need to know only your "present' IP to negotiate that connection, not which IP you had six moths ago.

If you're running a business from your home, as I imagine you might be, G., then yes, you'd need a web server. But then, the ISP will charge you the higher business rate, and give you the required static IP.

I use Hamachi VPN for chat and instant message. That uses a completely different, permanently-assigned IP, unrelated to my modem's IP, in the unassigned 5.x.x.x space.

Leaving inbound ports open is dangerous. As my ZoneAlarm UI says, "Very few programs require server rights." Hamachi Client Tunneling Engine is the *only* program on my computer that is given server rights. Because the connection is encrypted, the network requires a strong password to join (known only to its members; very difficult to brute-force), and the data themselves are encrypted, then so long as I choose to trust Hamachi, then it can have server rights. *No* other program. Period.

or download or upload or share media and they want to be able to trace it back to you should they get a subpoena.

They keep logs of which customer was assigned which IP at any given moment. So if a subpoena arrives, demanding the usage records of Tom T., they can go through those logs and find every bit of his traffic. Doesn't happen that often, anyway.

In the end DSL provides the most stable speed and reliable bandwidth over time and in the long run average.

DSL too offers varying speeds, depending on how much you want to pay. I have a friend who switched from the same cable provider I use, with its 7 MB max, to a DSL with a 750 kbps max. In ordinary browsing, it's not a huge difference. But when you get a 40MB MS update, or the latest edition of OpenOffice, which is a 150 MB download, there is a *huge* difference. We've both seen it. But if DSL works for you, cool.

SO depends on what you are looking for I guess. Anyway, I wasn't splitting hair, its that the statement was wrong, regardless of how long you get to hold on to the ip.

*I* was splitting hairs in that the distinction was a quite fine one, but that after considering what therube said, he was correct. If the IP *ever* changes without you requesting it to do so, even once a month, then it's not true static IP.

Cheers!

[GµårÐïåñ]

However, none of this means that you have your ip for longer than 5 days tops.

I had had it for several months, which is why I complained to them.

Then they seriously screwed up and had a malfunctioning lease administration system and that can be considered a huge "failure to reasonably ensure customer privacy" which is directly from the FCC statute. There was a lawsuit against AOL/Time Warner for failure to secure their network traffic information.

Every time the ISP gateway is recycled or rebooted or refreshed, it pushes out updates to the clients and at the next natural authentication cycle, you get a new ip. The only exception seems to be cable providers who tend to be using the older protocol of excite@home when static ips were given to customers and even with the official dynamic ips, they often times will assign a pool of ips to customers subject to little change.

Exactly what I was saying. Whatever the mechanism, the IP wasn't changing.

Horrible! deplorable, glad aol/tw got sued, who is your provider?

Why most people who are concerned with privacy will avoid cable providers.

Cable providers *can* do true dynamic HCP if they *want* to. When I first inquired about switching from dial-up, they said they definitely did. That's why I said previously that they reneged on their promise.

It is sad they can just outright lie like this.

The draw for them is the higher initial speed, unfortunately people don't realize the more of their neighbors gets on cable, the slower their internet becomes.

My ISP seems to have enough bandwidth that it's not a problem.

Yeah but they throttle it at the switch and if you push it hard enough, you'll notice the bottleneck build up.

For cable providers it is more beneficial to assign you an ip that can be connected to you since most people will run servers

Their first "customer service" rep, who wasn't truly a tech rep, just "is it plugged in?" etc., tried that same BS on me, telling me "Most of our customers prefer static IPs". I told him that the overwhelming majority of their customers had no idea what an IP address is, much less even know their own IP or whether it changes. Remember, we're talking about Average User-land, not the tech-savvy people who inhabit these particular waters.

Well that was an ignorant thing for them to say.

most people will run servers

Aaarghh! How dangerous! Why would an AHU (average home user) be running a web server? Firewalls etc. are to block all unsolicited inbound traffic.
If you need a chat or IM client, then Yahoo or AOL, etc. will be the necessary intermediary, and they need to know only your "present' IP to negotiate that connection, not which IP you had six moths ago.

I don't know but alot do and most of the time its a small business that has the know how just doesn't want to pay for an expensive T1 or commercial DSL line that is more expensive without the benefit. So not always an AHU, plus using services like dyndns.org, you can have a dynamically changing ip associate with the domain name and have very little if any noticeable lag time. It almost instantly updates and they simply follow because the DNS will resolve it.

If you're running a business from your home, as I imagine you might be, G., then yes, you'd need a web server. But then, the ISP will charge you the higher business rate, and give you the required static IP.

No, I am not running a business from home, however, I do have a very extensive network that has multiple up and down links with various servers that handle all kinds of traffic. I maintain a network at home that rivals most mid-side corporate entities. I have 20+ years of email, im, letters, files, notes, video, audio, pictures, etc, etc, that adds up to a nearly 4 TB NAS to just handle the data with another distributed 2 TB for processing and application servers and replication, etc, etc. I use my network speed of 6+MBps (which rivals almost a fractional T1 on a DSL) for the nearly entire 5.46 (actual) it gives me.

I use Hamachi VPN for chat and instant message. That uses a completely different, permanently-assigned IP, unrelated to my modem's IP, in the unassigned 5.x.x.x space.

Nice, that's in a protected range (sort of) so its pretty sweet.

Leaving inbound ports open is dangerous. As my ZoneAlarm UI says, "Very few programs require server rights." Hamachi Client Tunneling Engine is the *only* program on my computer that is given server rights. Because the connection is encrypted, the network requires a strong password to join (known only to its members; very difficult to brute-force), and the data themselves are encrypted, then so long as I choose to trust Hamachi, then it can have server rights. *No* other program. Period.

Yes but my network has nearly 6 ports open for inbound and outbound and yet every possible scan of my ip will return stealth, meaning nothing. All the processing is done internally for valid requests and the rest are shadowed and ignored showing stealth. Securing ports is not as difficult as tools like ZA like to make them because otherwise there wouldn't be a market for their product. the AHU, will be scared into believing it.

or download or upload or share media and they want to be able to trace it back to you should they get a subpoena.

They keep logs of which customer was assigned which IP at any given moment. So if a subpoena arrives, demanding the usage records of Tom T., they can go through those logs and find every bit of his traffic. Doesn't happen that often, anyway.

Correct but a little known secret used by many of the ISPs to save space and reduce data management, the information is purged on almost as regular a base as the renewal of the lease and almost always blamed on the fluctuation of the data to user assignment. However, more recently, companies like AT&T have taken it upon themselves, also Google, to save EVERYTHING and voluntarily offer it over to the government civilian surveillance project, even when a legal request has not been made. Someone actually sued AT&T and won but the case was sealed by federal district court 9 under the statute of national security.

In the end DSL provides the most stable speed and reliable bandwidth over time and in the long run average.

DSL too offers varying speeds, depending on how much you want to pay. I have a friend who switched from the same cable provider I use, with its 7 MB max, to a DSL with a 750 kbps max. In ordinary browsing, it's not a huge difference. But when you get a 40MB MS update, or the latest edition of OpenOffice, which is a 150 MB download, there is a *huge* difference. We've both seen it. But if DSL works for you, cool.

Well I get 6-8 variable rate which consistently produces 5.4+ which is more than any cable user (actual bandwidth) can match as of yet. They don't tell people that the high bandwidth is _IF_ no one else is on the line, and often 6-10 people if not an entire 4 block radius use the same up/downstreams. The fact is that right this minute I have 8 torrents for a total of 46GB downloading right now with my bandwidth near capacity and this is my numbers:
Usually at night time, I do the large transfers so the bandwidth is not just sitting idle, it gets used and I can distribute the computing burden so it is not competing for critical traffic. I am much happier than people on cable and they convert over in droves so I know it will eventually catch up with most people. If not then they are the few lucky ones who don't use enough of the bandwidth to notice a difference.

SO depends on what you are looking for I guess. Anyway, I wasn't splitting hair, its that the statement was wrong, regardless of how long you get to hold on to the ip.

*I* was splitting hairs in that the distinction was a quite fine one, but that after considering what therube said, he was correct. If the IP *ever* changes without you requesting it to do so, even once a month, then it's not true static IP.

actually that's what I said, if it changes its dynamic and therefore not static, therube said it was dynamic but static. Anything that can change anytime on its own without a user input, its dynamic. Wow this probably the longest message I have had the patience to write.

[Cora]

I also have problems accessing my Yahoo account with NoScript enabled. I use No Script 1.9.9.11. (I will open a new post which includes this issue, however I wanted to add my comment to this thread.)

Once logged in, a page appears which indicates there is a problem accessing Yahoo's new version and to try the Classic view. I can access the Classic view, however when I open an email only the header appears. Once I disable NoScript I am allowed to access Yahoo's newer version as well as read all of my emails.

Thanks,

Cora

[Giorgio Maone]

Once logged in, a page appears which indicates there is a problem accessing Yahoo's new version and to try the Classic view. I can access the Classic view, however when I open an email only the header appears. Once I disable NoScript I am allowed to access Yahoo's newer version as well as read all of my emails.

Are both yahoo.com and yimg.com allowed?

[Tom T.]

Latest "help" from Yahoo:

Hello Tom,

Thank you for contacting Yahoo! Customer Care. Before I go into
addressing your concern, I'd like to first apologize for the delay in my
responding to your inquiry. We are committed to answering your questions
as quickly and accurately as possible. However, we are currently
receiving unusually high volumes which caused the delayed response.

I understand that you are having trouble accessing your Yahoo! Mail
account as you are sent to the login screen over and over. I am very
sorry to hear this and I do apologize for the inconvenience.

Not true. As per OP, the login screen is accepted and replaced by a screen asking to verify password only.

I have analyzed your message and it is best addressed by our Account
Verification team. To protect account security, this team requires
specific information about your Yahoo! account that you provided during
sign-up or when you last updated your account, so I will need to ask you
to contact them directly to provide the necessary info to resolve your
issue.

Cut and paste the link below to send an email with all of the
information an agent needs to respond within 12-24 hours:

http://help.yahoo.com/l/us/yahoo/edit/a ... neral.html

NOTE: Please do not reply to this message. Submitting an email through
the form is the best way to get your answer.

Gee, thanks, Yahoo. First request was on 4 October. Two weeks, and we're back to where we started.

[nagan]

Why is it that this thread is 3 pages long and I do not have any problems with Yahoo mail.Can anyone please say how to replicate the problem ?

[therube]

And what problem is that?
The problem I saw became apparent with one particular NoScript build. It's description identified in the first few threads of this post.
It has since been corrected, so the problem no longer exists.

Others (Tom, I think it was) may have a somewhat different problem where he has seen the password verification request prior to the onset of the problem initially discussed in the thread.

[Tom T.]

...Others (Tom, I think it was) may have a somewhat different problem where he has seen the password verification request prior to the onset of the problem initially discussed in the thread.

Correct.

FWIW, I recently received this reply from Yahoo!

Hello Tom,

Thank you for contacting Yahoo! Mail Customer Care.

Unfortunately, if you are experiencing issues with Yahoo! and a third
party script/program, you will need to contact them for further support
as we cannot tell you how to troubleshoot a script/program that we did
not create.

I apologize that we cannot help you further.

Thank you again for contacting Yahoo! Mail Customer Care.

Regards,

Rhiannon

Yahoo! Mail Customer Care

I was pondering whether to pursue it, but it seems to be happening much less often lately. Still cannot reproduce it at will, and it's now a rather minor annoyance, so rather than figure out where the problem lies, I'll drop it and mark this as Resolved. Strange that no one else is experiencing it. (Yes, I did get it on Fx 3.5.3 as well -- also very randomly.)