Ghostery
Moderators: FranklinDM, Lootyhoof
Re: Ghostery
There is a search function in the upper right corner of the forum page. I highly recommend you search before posting. Your questions might end up answered before you actually ask them.
http://forum.palemoon.org/viewtopic.php ... t=ghostery
http://forum.palemoon.org/viewtopic.php ... t=ghostery
Nichi nichi kore ko jitsu = Every day is a good day.
Re: Ghostery
Unfortunately, it seems that Ghostery has sold out! :(
Apparently, with v6.xx you have to connect to their site just to be able to go through the damn settings!
Also, they want users to set up an account with them now.
I'm still using v5.4.4.1, which is the last PM compatible version:
https://addons.mozilla.org/en-US/firefo ... 4.1-signed
..but I fear that they've stopped issuing tracker library updates for old versions now, forcing people into using their new spyware build!
If so, this would be typical behaviour for software that has turned to the dark side!
The latest library for v5.4.4.1 is currently dated Feb.24.2016..
We'll just have to wait and see what happens.
Apparently, with v6.xx you have to connect to their site just to be able to go through the damn settings!
Also, they want users to set up an account with them now.
I'm still using v5.4.4.1, which is the last PM compatible version:
https://addons.mozilla.org/en-US/firefo ... 4.1-signed
..but I fear that they've stopped issuing tracker library updates for old versions now, forcing people into using their new spyware build!
If so, this would be typical behaviour for software that has turned to the dark side!
The latest library for v5.4.4.1 is currently dated Feb.24.2016..
We'll just have to wait and see what happens.
Re: Ghostery
Search Ghostery 5.4.4.1-signed
For now Ghostery team is not planing to expand Ghostery for palemoon ( this is replay from ghostery tem support)
For now Ghostery team is not planing to expand Ghostery for palemoon ( this is replay from ghostery tem support)
Re: Ghostery
Tomaso wrote:Unfortunately, it seems that Ghostery has sold out!
Off-topic:
Isn't it by nature sold out, in that it was originally owned by someone who sold it to a company whose business model is to improve the lot of advertisers? Plenty of stories out there about Ghostery's business model and claims about its selling of the statistics it gathers from its users to advertisers, so that they can improve their targeting, etc. I've never trusted that extension from the start in relation to privacy and wonder why it's held in such high regard by many, considering who owns it and what they do with the information they gather.
Isn't it by nature sold out, in that it was originally owned by someone who sold it to a company whose business model is to improve the lot of advertisers? Plenty of stories out there about Ghostery's business model and claims about its selling of the statistics it gathers from its users to advertisers, so that they can improve their targeting, etc. I've never trusted that extension from the start in relation to privacy and wonder why it's held in such high regard by many, considering who owns it and what they do with the information they gather.
Re: Ghostery
I must admit, even their homepage has a concerning look to it.[Gort] wrote:I've never trusted that extension
But there are limits to what can be tolerated!superA wrote:The same occurs to all privacy extensions out there, more or less.
With the release of Ghostery v6.xx, being tracked by Google etc. now seems like the lesser of two evils.
Can't help but see the irony in this.
Re: Ghostery
I looked into Ghostery's 'updatable.js' file and found this difference between the old and new versions:Thehandyman1957 wrote:I can't even get that far.
Ghostery v5.4.4.1:
Code: Select all
if (this.db.version && options.version && options.version == this.db.version) {
Code: Select all
if (this.db.version && options.version && options.version < this.db.version) {
I've created a modified XPI file that contains this fix, but I don't know if I should post it here considering Ghostery's custom license agreement and all:
https://addons.mozilla.org/en-US/firefo ... y/license/
Any thoughts on this?
--
EDIT1:
This part pretty much prevents me from sharing the modified XPI file here:
..but as stated, it IS legal to modify it yourself, for personal use.Unless you have express written permission from the Company, you may not: (i) use the Services in any way that violates this EULA, (ii) distribute the Services or any portion thereof to any third parties, (iii) disassemble or reverse engineer the Services or any part or portion thereof for any purpose, other than for reviewing the code for personal review, (iv) adapt, edit, change, modify, transform, publish, republish, distribute, or redistribute the Services or any elements, portions, or parts thereof, without limitation, in any form or media
Doing so is really simple:
https://addons.mozilla.org/en-US/firefo ... 4.1-signed
2) Extract the XPI file with an archiver, like 7-Zip:
http://www.7-zip.org/
3) Edit the following file with the fix that I posted above (Notepad will do just fine):
resources\ghostery\lib\updatable.js
4) Repack all files/folders into a ZIP archive with any name.
5) Change its file extension from ZIP to XPI
6) Install the modified build by dragging the XPI file into Pale Moon's 'Extensions' window (Tools > Add-ons > Extensions).
-Done!
--
EDIT2:
Don't bother with the instructions above.
As it turned out, the new library updates aren't compatible with old Ghostery versions:
viewtopic.php?f=46&t=11442&start=20#p80597
Last edited by Tomaso on 2016-03-11, 18:55, edited 2 times in total.
Re: Ghostery
I went through your steps 5 times and this is what it gives me every time.
Re: Ghostery
Did you make sure to keep the exact same folder structure when repacking?Thehandyman1957 wrote:I went through your steps 5 times and this is what it gives me every time.
--
EDIT:
Also.. is your archiver up-to-date?
I ran some tests just now, and I successfully extracted and repacked ghostery-5.4.4-an+sm+fx.xpi (no corruptions) with the following programs, under Win8.1:
* 7-Zip v15.14
* WinRAR v5.31
* WinZip v18.0 (file extension had to be changed from XPI to ZIP before extracting)
Also note that you must repack as ZIP, not as 7Z, RAR or anything else!
Re: Ghostery
Hello, Tomaso. Is it that your xpi is not signed?Tomaso wrote:ghostery-5.4.4-an+sm+fx.xpi
Re: Ghostery
Well, the link for Ghostery v5.4.4.1 says "signed" at the end.Burning Sun wrote:Is it that your xpi is not signed?
I believe that the .1 version numbering confirms this..
Weren't those .1's added when Mozilla started to enforce signing as a requirement?
Nothing else, besides signing, were changed in those .1 releases, that's why it's even missing in the file name.
When installing, it says "Author not verified", but so does all extensions in Pale Moon.
Anyway, this came to mind:
http://forum.palemoon.org/viewtopic.php?f=29&t=11322
..so I tried downloading ghostery-5.4.4-an+sm+fx.xpi using a US proxy, to see if I got a different file.
The file was identical though (same hash as the one that I downloaded before).
If you can't get this hack to work, you must be doing something wrong!
Re: Ghostery
Apparently, this is what's happening, using my signed firefox@ghostery.com.xpi (May 2015) as the example:Thehandyman1957 wrote:I went through your steps 5 times and this is what it gives me every time.
[appears to be corrupt]
In a signed xpi, there is META-INF\manifest.mf which contains a hash for every file. The hash can be used to check if a file has been changed. A hash is something like a checksum. A checksum works roughly like the following: imagine that you have a file which contains the numbers 1, 2, 3, 5, 10. You also include notice that the sum should be 21, so then I can tell pretty much if the file has been changed/corrupted just by adding the numbers in the file for myself and comparing. That explains the corrupted error.
Now what if someone were to change the 5 to a 6 and also change the checksum to 22? I couldn't tell there was a change, except that the hashes have been digitally signed. That's one reason why there is in META-INF\mozilla.mf a signature for the hashes. There is also the certificate (mozilla.rsa) that was used to do the signing. So now I can tell if a hash was changed.
* A hash is a cryptographic version of a checksum. Actually, in manifest.mf there are two hashes for every file: MD5 (weaker) and SHA-1 (stronger).
** There is no meta-inf any xpi that I make with the cfx SDK.
Re: Ghostery
I specifically pointed out that you have to get Ghostery v5.4.4.1 (ghostery-5.4.4-an+sm+fx.xpi) from April 22, 2015!Burning Sun wrote:using my signed firefox@ghostery.com.xpi (May 2015)
Re: Ghostery
You know more about that than I do, I've only really been paying close attention to extensions for the last two weeks or so since coming to this forum. That's since I'd heard about the crackdown that Mozilla is doing.Tomaso wrote: Weren't those .1's added when Mozilla started to enforce signing as a requirement?
I haven't tried it myself. Maybe later. But being able to change files seems to go against the whole purpose of having signatures.If you can't get this hack to work, you must be doing something wrong!
I'd read somewhere on the forum that people delete the META-INF directory, I haven't tried that at any time.
Re: Ghostery
No need to get excited. I was talking in my post to handyman about why he was possibly getting the corruption notice.Tomaso wrote:I specifically pointed out that you have to get Ghostery v5.4.4.1 (ghostery-5.4.4-an+sm+fx.xpi) from April 22, 2015!Burning Sun wrote:using my signed firefox@ghostery.com.xpi (May 2015)
Re: Ghostery
Editing worked fine for me. The fact that the addon is signed and the files are hashed (which is probably also because of the signing?) does not make any difference. (Pale Moon does not enforce addon signing, after all.)
I'm not entirely sure if this workaround actually fixes the update or just makes the addon claim that it updated, because I think that after updating the number of trackers did not change. I might mis-remember though, or the new list just happens to be the same length - I did not investigate any further yet.
As for:
Depending on where you live, laws might make this clause invalid. But you (and others) should be aware that modifying the extension might not be as legal as you seem to think.
I'm not entirely sure if this workaround actually fixes the update or just makes the addon claim that it updated, because I think that after updating the number of trackers did not change. I might mis-remember though, or the new list just happens to be the same length - I did not investigate any further yet.
As for:
You seem to misunderstand. The licence says: "you may not disassemble or reverse engineer [...] for any purpose, other than for reviewing the code for personal review". In other words, you may look at the source code for personal use. However, "you may not adapt, edit, change, modify [...] without limitation, in any form or media".Tomaso wrote:EDIT:
This part pretty much prevents me from sharing the modified XPI file here:..but as stated, it IS legal to modify it yourself, for personal use.Unless you have express written permission from the Company, you may not: (i) use the Services in any way that violates this EULA, (ii) distribute the Services or any portion thereof to any third parties, (iii) disassemble or reverse engineer the Services or any part or portion thereof for any purpose, other than for reviewing the code for personal review, (iv) adapt, edit, change, modify, transform, publish, republish, distribute, or redistribute the Services or any elements, portions, or parts thereof, without limitation, in any form or media
Depending on where you live, laws might make this clause invalid. But you (and others) should be aware that modifying the extension might not be as legal as you seem to think.
Re: Ghostery
I wonder if by not enforcing signing, PM also ignores hashes. If so, why would handyman see that notice?Toa-Nuva wrote:Editing worked fine for me. The fact that the addon is signed and the files are hashed (which is probably also because of the signing?) does not make any difference. (Pale Moon does not enforce addon signing, after all.)
I'm not entirely sure if this workaround actually fixes the update or just makes the addon claim that it updated, because I think that after updating the number of trackers did not change. I might mis-remember though, or the new list just happens to be the same length - I did not investigate any further yet.
Depending on where you live, laws might make this clause invalid. But you (and others) should be aware that modifying the extension might not be as legal as you seem to think.
There is a Ghostery directory in your profile that contains the db files. The dates should presumably verify if an update occurred.
I'd also wondered if Ghostery's license prohibition from changing anything is actually enforceable.
[edit: changing anything for personal use... the whole thing reminds me of what happened with DVDs years ago]
Re: Ghostery
Moonchild is not a big fan of Mozilla's signing policy:Burning Sun wrote:being able to change files seems to go against the whole purpose of having signatures.
http://forum.palemoon.org/viewtopic.php ... =40#p55250
I weren't. :)Burning Sun wrote:No need to get excited
Me neither.Toa-Nuva wrote:I did not investigate any further yet.
Well, you should consider my instructions as strictly informational.Toa-Nuva wrote:modifying the extension might not be as legal as you seem to think.
If you choose to modify the extension, you do so on your own responsibility!