Page 1 of 1

Secret Agent issues

Posted: 2017-01-18, 12:25
by miroR
I've prepared a clean demo about issues with the Palemoon addon Secret Agent (without "Spoofer", as I mistakenly call it in the message below), but I only want to publish it after, if possible, the author sees my (primitive) research on those issues, so he can act on it first.

However!...

However, I have tried to contact the author, and I really have to demonstrate, in unequivocal terms, that I did try to contact the author... because...

Because, as it says in the bottom of the decrypted conversation from the trace when I sent my filled in form from:
https://dephormation.org.uk/enquiries/enquiry.php
stream 8 wrote: Message was accepted for delivery.
It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.
So, if anybody can tell the author, who, according to the above, may not have received it regardless that it was sent, that I'm waiting another day or so, for him to try and contact me in return, I'll be very greatful!

( After a day or so, I will publish my research on the page below, which at this time does not contain the research itself. Maybe just to say this for now: for non-experts, and I am one, the issue that I think I identified can cause some distress in the use of Palemoon.)

My mail is seen well, and the text of the message is there as well, on:

http://www.croatiafidelis.hr/foss/cap/cap-170117-SA/

Thanks!

Re: Secret Agent issues

Posted: 2017-01-19, 14:53
by miroR
I'm working on posting the (simple, almost trivial) research of mine, and it is a little embarassing... The author hasn't contacted me (or I have not received what he, theoretically, might have sent), so this is final call if anybody knows the author get him to try and contact me... It is a little embarassing... but I won't repeal it later...
Thanks!

Re: Secret Agent issues

Posted: 2017-01-19, 19:53
by miroR
My (almost trivial) research:
Secret Agent Palemoon Addon Issues
http://www.croatiafidelis.hr/foss/cap/cap-170117-SA/
is now posted.

If my conclusions are correct in that research, and I sure need to hear real programmers have a say on it, then I believe it should be noted that it should be mentioned in the documentation of the Secret Agent add-on that either it should not be used when one does stuff like subscribing to some page, or logging into some forum, or the add-on should be re-written to account for issues of this kind.

(
Right after I solved that bug-wget subscription, I finally was able to log into the Palemoon forum as well! --TBH, I had the issue of inability to log into Palemoon forum for longer before, with Palemoon, and also previously with Firefox, so that one is more complex, likely.
)

Need to take some rest now. Comments welcome.

Re: Secret Agent issues

Posted: 2017-01-20, 04:35
by miroR
Improved the page:
http://www.croatiafidelis.hr/foss/cap/cap-170117-SA/
as there were links missing and explanations unclear. Should be possible for even hard-working newbies to understand the issue.

Re: Secret Agent issues

Posted: 2017-01-20, 10:00
by New Tobin Paradigm
Are you advertising your own site excessively for a reason?

Re: Secret Agent issues

Posted: 2017-01-21, 03:04
by miroR
Matt A Tobin wrote:Are you advertising your own site excessively for a reason?
No, I'm not advertising.
How can it be advertising, when it only costs me, time and resources?

I honestly believed this was useful to show, as pretty likely some users must have abandoned using Palemoon, because this add-on is attractive on the outside, but, as my study apparently shows, and maybe even proves, that add-on must have caused lots of misbehavior like the one in my study.

I believed this was a contribution of the kind that you suggested that I do in:
Tracking protection and NSS SSL secrets logging (two security questions)?
viewtopic.php?f=26&t=12544&p=103866#p103793

(A [contribution of the kind that you suggested], because while being myself too poor to be contributing financially, a research though, in this case, I was able to do, since I am somewhat on terms with tracing and SSL-decryption...)

I still do not see how else I could have presented my study... It certainly wouldn't fit in this forum...

LATER NOTE:
But I think, after spending some time writing my reply here, only after some time, I believe you regard my repeating of the link in question as advertising... And you are right, I shouldn't have repeated it. But you really can attribute it to my old age. I'm 60, and if my mind really was more agile, I wouldn't have repeated the link, I would have just said I updated and clarified the research... Sorry!
LATER NOTE END.

My intentions have been honest here, and I have been and will continue to be respectful to the Pale Moon team.

Re: Secret Agent issues

Posted: 2017-03-18, 22:18
by Eurythrace
This seems to be the best place to ask this question. I apologize if it is not.

I am using PM 27.2.0 x64 Portable with the Secret Agent plug-in. My difficulty is trying to understand how Secret Agent interacts with PM's native general.useragent.override.domain name & general.useragent.site_specific_overrides preferences. The best that I can see is that Secret Agent always overrides the native PM settings when it is enabled/active. The issue gets tricky in that to make PM compatible with certain sites, there apparently needs to be a site specific user agent string defined for that site. Secret Agent does have a Host White List, but that list can only have one user agent string defined for all hosts. Is there any known way to integrate these two user agent overrides?

Yes, the obvious answer is awkward, in that Secret Agent can be disabled for sites that need unique user agent strings, but that means closing tabs where Secret Agent is desired first, then disabling it, then opening the unique site. Only when done with the one unique site, can Secret Agent then be re-enabled. Annoying and cumbersome.

Related question is verification that if the general.useragent.site_specific_overrides preference is set to false, then only the single user agent override string is used, just like with Secret Agent's Host White List, regardless of how many unique site specific user agent strings are defined in preferences?

And is PM 27.2.0 still most generally considered compatible with FF 45.0? Or can a more recent version of FF be used?

Also, why in heaven's name do the PM default user agent override strings use Firefox/xx.9 instead of xx.0??? Mozilla went to great lengths years back to drop all sub-level version numbering to reduce browser fingerprinting. Is it strictly to identify that PM is not FF?

Thanks in advance.

Re: Secret Agent issues

Posted: 2017-03-18, 22:35
by dark_moon
The useragent is set to firefox 24.9 because of compatibility.
You can change the useragent to firefox compatibility or gecko compatibility or nativ Pale Moon.

Re: Secret Agent issues

Posted: 2017-03-19, 02:09
by Eurythrace
dark_moon wrote:The useragent is set to firefox 24.9 because of compatibility.
You can change the useragent to firefox compatibility or gecko compatibility or nativ Pale Moon.
Thank you sincerely, dark_moon, but that is not addressing my core concerns about how Secret Agent is inter-operating with the native PM user agent overrides; and how the native PM user agent overrides actually work.

Also, I think in the latest version of PM, the native user agent string for my OS & CPU is:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.9) Gecko/20100101 Goanna/3.2 Firefox/45.9 Palemoon/27.2.0

One further thing I am noticing is that Secret Agent is clearing all the default site specific user agent strings to empty, but on the next PM startup they are restored back to the defaults. It looks like the last release of Secret Agent was 2016-12-22. Does anyone know if it is still being actively maintained? Because if so, I think it would be wonderful to integrate Secret Agent with the PM site specific user agent overrides, so that Secret Agent's Host White List becomes a key pair: domain and user agent string. Then PM's site specific user agent strings could also be easily modified using the Secret Agent interface instead of about:config - which Secret Agent seems to be trashing anyway, until a fresh load of PM occurs, as previously stated.

If not, could a fork be made of Secret Agent that would do such integration? I am clueless about how to make extensions, myself.

Thanks in advance.

Re: Secret Agent issues

Posted: 2017-03-19, 03:27
by Eurythrace
Follow up.

I figured out how to see the Secret Agent Javascript code and indeed, it does seem to go through ALL site specific user agent overrides and delete/clear them.

The code is copyright by Peter John.

Code: Select all

         //----------------------------------------------------------------------------------------------------
         // restore default user agent override preferences for all domains
         clearGlobalUserAgentOverrides: function() {

            // Remove general.useragent.override
            var generalUserAgentPreferences = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService);
            generalUserAgentPreferences = generalUserAgentPreferences.getBranch("general.useragent.");

            try {
               generalUserAgentPreferences.clearUserPref("override");
            } catch (e) {
               dump("SecretAgent: Exception;" + e.message + "\n");
            }

         },
and

Code: Select all

         //----------------------------------------------------------------------------------------------------
         // restore default user agent preferences for all domains
         clearAllDomainSpecificUserAgentOverrides: function() {

            var generalUserAgentOverridePreferences = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService);
            generalUserAgentOverridePreferences = generalUserAgentOverridePreferences.getBranch("general.useragent.override.");

            // Remove general.useragent.override.*
            generalUserAgentOverridePreferences.getChildList('', {}).forEach(SecretAgent.clearDomainSpecificUserAgentOverrides);

            try {
               generalUserAgentOverridePreferences.deleteBranch("");
            } catch (e) {
               dump("SecretAgent: Exception;" + e.message + "\n");
            }

         },

         //----------------------------------------------------------------------------------------------------
         // restore default user agent preferences for a given domain
         clearDomainSpecificUserAgentOverrides: function(domain) {

            var generalUserAgentOverridePreferences = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService);
            generalUserAgentOverridePreferences = generalUserAgentOverridePreferences.getBranch("general.useragent.override.");

            // Remove general.useragent.override.<domain>
            // This may leave some third party overrides in place, these are cleared on exit
            try {
               generalUserAgentOverridePreferences.clearUserPref(domain);
            } catch (e) {
               dump("SecretAgent: Exception;" + e.message + "\n");
            }

         },

and

Code: Select all

         //----------------------------------------------------------------------------------------------------
         onPageUnload: function(e) {

            var domain = e.originalTarget.domain; // document domain that triggered "onload" event

            // Remove the override for this domain. This may leave some third party overrides in place, so we clear all residual overrides afterward
            // Removing this value avoids generating a list in the preferences settings of every domain visited
            SecretAgent.clearDomainSpecificUserAgentOverrides(domain);

         },

It looks like it should be fairly simple to just stop doing this, but again, I am a total neophyte with extensions.