I used that, too, but switched to Cookie Monster because it's easier to configure, IMHO.luntrus wrote: CookieSafe
And I'd like to add Secure Login which is a good companion for Noscript.
I used that, too, but switched to Cookie Monster because it's easier to configure, IMHO.luntrus wrote: CookieSafe
AgreedTom T. wrote:@Giorgio: Please ignore the moronic slanders and stay focused on what you are doing with NoScript. Then, "res ipsa loquitur" (it will speak for itself... to anyone with an open mind). IIRC, it was Isaac Asimov who said, "Never try to teach a pig to sing. It wastes your time and annoys the pig". Don't argue with the pigs. Make NS the best it can be, and let those with awareness or an open mind use it, and let the morons become part of botnets, bank accounts drained, etc. </preach>
I have actually used this for a while and have mentioned it a few times along with RefControl. The only complaint I had about it was that it was not being developed anymore and I don't have sufficient knowhow of Fx internals to work on it.And thanks for the mention of SafeHistory. I became very active here too recently to have read the "old, old news", but installed it on your advice. I'm surprised it's not being actively maintained, being a product of the prestigious Stanford University, apparently. Perhaps someone that you trust could find a way to integrate this into NS, as you are so busy? I can find volunteers.
Yes it can but it would be much harder, not worth the time and involve a whole lot of guessing.Can a history-sniffing attack truly work if I clear ALL data in "clear private data/settings" in between website visits? No details needed, just yes or no -- just curious.
Thanks as always.
Agreed, my point exactly.Giorgio Maone wrote:Yes.
But does anybody really do that?
A bit of a pain in the ass but it works effectively and have been using this hack for a long time, I just forget to restore it sometimes when I ditch and create a new profile.It makes turning on off the new Fx 3.5 layout.css.visited_links_enabled about:config preference to false sound like a convenient fix
(Yes, in Firefox 3.5 you can actually defeat this attack at the price of not seeing any history feedback inside the pages you visit).
As soon as I looked at it, I liked what I saw, and installed it.tlu wrote:I'm a long-time user of RefControl - a good tool, indeed.Tom T. wrote: Will look at Ref Control, thanks.
Well, I had the same problem with SafeHistory when I used it. E.g., in forums no threads were marked as read when using the back button. So it seems whatever you use there is always a drawback.Giorgio Maone wrote: It makes turning on off the new Fx 3.5 layout.css.visited_links_enabled about:config preference to false sound like a convenient fix
(Yes, in Firefox 3.5 you can actually defeat this attack at the price of not seeing any history feedback inside the pages you visit).
That was an implementation bug, not a design one: the concept of SafeHistory is that sites can "know" if a certain page has been visited or not only if you actually visited that page by navigating from the current site. Therefore forum thread links on the forum itself should obviously be highlighted.tlu wrote:Well, I had the same problem with SafeHistory when I used it. E.g., in forums no threads were marked as read when using the back button.
Thanks, good to know. So it would be really great if you could take over its development and/or integrate it in NoScript if time permits.Giorgio Maone wrote:That was an implementation bug, not a design one: the concept of SafeHistory is that sites can "know" if a certain page has been visited or not only if you actually visited that page by navigating from the current site. Therefore forum thread links on the forum itself should obviously be highlighted.tlu wrote:Well, I had the same problem with SafeHistory when I used it. E.g., in forums no threads were marked as read when using the back button.
I don't share your opinion in this case and seems like I am not the only one…Giorgio Maone wrote:Very well thought fix
Could you elaborate? Who are the others, and what are their arguments?dhouwn wrote:I don't share your opinion in this case and seems like I am not the only one…Giorgio Maone wrote:Very well thought fix