Question about telemetry...

Board for discussions around the Basilisk web browser.

Moderator: Basilisk-Dev

User avatar
byskuit
Moongazer
Moongazer
Posts: 9
Joined: 2022-08-27, 17:27

Question about telemetry...

Unread post by byskuit » 2022-08-27, 17:36

Basically, I just don't like telemetry. I was also drawn to UXP so that I could have greater control over my browser. You may have your own opinion on telemetry, like what counts as telemetry, and whether it's actually bad or not, and that's fine.there is one thing about Basilisk that caught my attention: it periodically makes connections to "static.afterburst.com" on idle, even after disabling OCSP*, automatic updates, and geolocation. I havn't found a way to disable it. What purpose does this serve, and is there a way to kill it?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32923
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Question about telemetry...

Unread post by Moonchild » 2022-08-27, 17:41

Pale Moon servers are primarily hosted on afterburst, our VPS provider. The traffic you see isn't telemetry; it's most likely the various periodic checks for updates to add-ons, user-agents, or plugin/driver blocklist. Basilisk, even under new management, would still use some Pale Moon services in that respect (and that's been OKed by me). You can go out of your way to disable everything but it's benign traffic.
"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb

User avatar
byskuit
Moongazer
Moongazer
Posts: 9
Joined: 2022-08-27, 17:27

Re: Question about telemetry...

Unread post by byskuit » 2022-08-27, 18:40

Well, that's the thing about "disabling everything." The weird part is that I followed the same steps that I would for disabling everything on Pale Moon (which works for my intended purposes), since I figured (as of this point in time) it was closely related enough, except that one connection still persists, which must make it unique to Basilisk. Right? I don't suppose you would really be the person I should be asking for this kinda thing, but I'm not crazy, right?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32923
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Question about telemetry...

Unread post by Moonchild » 2022-08-27, 20:34

I'd say use wireshark and check exactly what the request is.
byskuit wrote:
2022-08-27, 18:40
I don't suppose you would really be the person I should be asking for this kinda thing, but I'm not crazy, right?
Well since afterburst was mentioned I thought I'd at least let you know that's where Pale Moon servers are hosted and that it's not some wildly foreign host, most likely.
"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb

User avatar
andyprough
Lunatic
Lunatic
Posts: 361
Joined: 2020-05-31, 04:33

Re: Question about telemetry...

Unread post by andyprough » 2022-08-27, 21:17

byskuit wrote:
2022-08-27, 17:36
"static.afterburst.com" on idle, even after disabling OCSP*, automatic updates, and geolocation. I havn't found a way to disable it.
Could you just add it to disallowed domains in uBlock or eMatrix or Adblock?
Self-compiled Pale Moon on Libre-antiX GNU/Linux respin, 32-bit and 64-bit, and on Hyperbola GNU/Linux 64-bit

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32923
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Question about telemetry...

Unread post by Moonchild » 2022-08-27, 21:36

By the way, as a side note, disabling OCSP is a really bad idea. Almost everyone uses OCSP stapling these days which means there won't be any record of your visit at the CA's OCSP servers. Disabling it will not alert you if there is a cert chain issue (revoked cert, etc.) because CAs really don't use the CRL method anymore as it's very resource intensive and doesn't scale. So you're effectively risking connecting to bad actors while it does not provide any privacy benefit.
"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4155
Joined: 2015-12-09, 15:45
Contact:

Re: Question about telemetry...

Unread post by moonbat » 2022-08-29, 00:13

Off-topic:
Also, if you're coming here after finally getting tired of Chromezilla, there's a few dark patterns that you'll have to unlearn from expecting, since Pale Moon does not follow them.
To wit -
  • There's no telemetry, analytics or tracking built in. The default homepage provider, start.me has some Google analytics but that is on them, not the Pale Moon team, and the homepage can be changed the usual way in preferences (i.e. without having to dick around in about:config)
  • There's no point asking to add this or that feature in imitation of Firefox - since Pale Moon retains the extension system that they ditched, such features are better served by extensions so that exactly those that want them will use them and it isn't forced onto all users. So there is no built in adblocking since there are several extensions that do the job, and no third party service integration like Pocket.
  • With over 200 extensions (and forked versions of popular older Firefox ones), you'll be able to find an equivalent as long as it isn't something tied to an online service, so look at the available addons before asking if this or that Firefox extension will work here. (Current Firefox web extensions obviously won't work here unless explicitly rewritten, and that's something to ask the extension author, not the browser's development team)
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Basilisk-Dev
Moonbather
Moonbather
Posts: 55
Joined: 2022-03-23, 16:41

Re: Question about telemetry...

Unread post by Basilisk-Dev » 2022-08-29, 16:13

As far as the Basilisk servers are concerned I do not collect any analytics/telemetry at all. The web server does log IP addresses just in case I need to troubleshoot performance problems (for example blocking a malicious IP address DDoSing the site), but I don't actually do anything with the data. The logs are rotated every week on Sunday at 0:00 UTC.

Basically, I don't collect or want any of your data.

If you want to see exactly what requests the browser sends in the background you can setup mitmproxy by following these instructions (the linked website has some other questionable content on there but this link is pretty good). Doing this will allow you to see the content of all requests, even TLS encrypted requests. I recommend doing this on a clean profile and after you're done with your testing delete the profile you used to test.
Basilisk Project Owner

viewtopic.php?f=61&p=230756

User avatar
frostknight
Apollo supporter
Apollo supporter
Posts: 38
Joined: 2022-08-10, 02:25

Re: Question about telemetry...

Unread post by frostknight » 2022-09-07, 04:37

andyprough wrote:
2022-08-27, 21:17
byskuit wrote:
2022-08-27, 17:36
"static.afterburst.com" on idle, even after disabling OCSP*, automatic updates, and geolocation. I havn't found a way to disable it.
Could you just add it to disallowed domains in uBlock or eMatrix or Adblock?
Off-topic:
Yeah... about that, ublock origin's legacy version has stalled somewhat, going to make a reply on that elsewhere in the future
@Basilisk-dev
Off-topic:
I somehow doubt mozilla beat google to the punch on something like this...

Same with microsoft as well...

sounds too much like bs.
But for the @OP
Off-topic:
I hope you are aware, that on a hardware level alone, this malware surveilence is already more of an issue than is reasonable, on this problem alone, aka, even on x86, the spyware already does insane stuff like this probably once every minute or something insane like that.

But even then, you may just want to be aware, most ISPs and possibly the World Wide Web as a whole, tend to be embedded with a massive amount of built in malware, mostly spyware, which also has a lot of insecurities as well. Turns out backdoors do more than just give information to the developers, copyright holders, corporations and governments...

To put it simply, with the amount of proprietary malware, out there, even on the hardware level, even with backdoor free hardware, disabled or nonexistant + something akin to coreboot and an operating system based on BSD or Linux or if you prefer GNU/Linux, then, you could assume any number of things probably.

The simplest answer for me has been:

Avoid insanely complex software when possible as well as backdoored operating systems or other insecure software.

At this point, Palemoon developers are the main alternative to the mainstream browsers and few other exceptions without one or other more serious problems, exist.

I am sure Moonchild tries harder than most other developers to provide something that is nowhere near as halfassed as the competition.

To sum it up, I don't think this is at all Moonchild's fault, as there is only so much that one can do to safeguard people from such things.

This is just part of a larger issue that is facing the world as a whole.
Imagine they take evidence out of context to disappear someone, or someone like an actual authoratarian rises to power, etc... this is just the tip of the iceberg of why privacy matters!


@Moonchild
The only email provider in USA that did the right thing, was lavabit, its a shame that mozilla got tainted so quickly after its creation.

Hence why palemoon has a giant purpose especially now.

User avatar
andyprough
Lunatic
Lunatic
Posts: 361
Joined: 2020-05-31, 04:33

Re: Question about telemetry...

Unread post by andyprough » 2022-09-07, 04:47

frostknight wrote:
2022-09-07, 04:37
Yeah... about that, ublock origin's legacy version has stalled somewhat, going to make a reply on that elsewhere in the future
Yes, development on uBlock origin legacy has stalled, but at the same time it should still be perfectly capable of blocking any domain that you ask it to. Beyond that, ηMatrix and Adblock are both still being actively developed, and they can both also block domains for you.
Self-compiled Pale Moon on Libre-antiX GNU/Linux respin, 32-bit and 64-bit, and on Hyperbola GNU/Linux 64-bit

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 4777
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: Question about telemetry...

Unread post by Night Wing » 2022-09-07, 11:53

@ frostknight

If I'm not mistaken, the maintainer (JustOff) for uBlock Origin's legacy version, he lives in (or what is left of it)............Ukraine. And if you follow worldwide current events concerning Ukraine, this might be the reason he is not around at the moment since I have not seen any of his posts on the Internet in quite some time.
Linux Mint 21 (Vanessa) Xfce With Linux Pale Moon, Linux Waterfox, Linux Firefox
MX Linux 21.2.1 (Wildflower) Xfce With Linux Pale Moon, Linux Waterfox, Linux Firefox

User avatar
somdcomputerguy
Lunatic
Lunatic
Posts: 283
Joined: 2014-02-23, 17:25
Location: Greenbrier County, West Virginia
Contact:

Re: Question about telemetry...

Unread post by somdcomputerguy » 2022-09-07, 21:39

Night Wing wrote:
2022-09-07, 11:53
If I'm not mistaken, the maintainer (JustOff) for uBlock Origin's legacy version, he lives in (or what is left of it)............Ukraine. And if you follow worldwide current events concerning Ukraine, this might be the reason he is not around at the moment since I have not seen any of his posts on the Internet in quite some time.
Off-topic:
I believe I have mentioned this before, but I hope he and his family are safe and ok.
:cool: -bruce /* somdcomputerguy.com */
'If you change the way you look at things, the things you look at change.'

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4155
Joined: 2015-12-09, 15:45
Contact:

Re: Question about telemetry...

Unread post by moonbat » 2022-09-08, 03:16

Regardless of JustOff's current situation, his fork of uBO works great in Pale Moon thanks to the latter having a stable codebase that doesn't change on a whim every fortnight as per the fashion introduced by Chrome. Make sure you have a decent set of filters and you're covered where adblocking is concerned.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
frostknight
Apollo supporter
Apollo supporter
Posts: 38
Joined: 2022-08-10, 02:25

Re: Question about telemetry...

Unread post by frostknight » 2022-10-03, 00:12

Night Wing wrote:
2022-09-07, 11:53
@ frostknight

If I'm not mistaken, the maintainer (JustOff) for uBlock Origin's legacy version, he lives in (or what is left of it)............Ukraine. And if you follow worldwide current events concerning Ukraine, this might be the reason he is not around at the moment since I have not seen any of his posts on the Internet in quite some time.
I am aware of this actually, I just am wondering though, why gorhill, cannot give anyone else temporary ability to commit stuff till justoff can return.

It's just kind of weird, ya know?

Unless, gorhill also lives in Ukraine

I am not really all that sure, to be honest.

User avatar
frostknight
Apollo supporter
Apollo supporter
Posts: 38
Joined: 2022-08-10, 02:25

Re: Question about telemetry...

Unread post by frostknight » 2022-10-03, 00:31

moonbat wrote:
2022-09-08, 03:16
Regardless of JustOff's current situation, his fork of uBO works great in Pale Moon thanks to the latter having a stable codebase that doesn't change on a whim every fortnight as per the fashion introduced by Chrome. Make sure you have a decent set of filters and you're covered where adblocking is concerned.
Yeah, that is true, which is a good thing. I hope JustOff is okay as well.



Moderator note: strongly political tangential post content removed. Please mind your post content. See forum rules.

User avatar
Basilisk-Dev
Moonbather
Moonbather
Posts: 55
Joined: 2022-03-23, 16:41

Re: Question about telemetry...

Unread post by Basilisk-Dev » 2022-10-03, 16:22

Hey guys,

Can we please move the political discussion to the appropriate sections on the forum? I don't think the fact that JustOff is Ukrainian and Ukraine is at war with Russia is directly related to the Basilisk browser.

Thank you!
Basilisk Project Owner

viewtopic.php?f=61&p=230756

User avatar
frostknight
Apollo supporter
Apollo supporter
Posts: 38
Joined: 2022-08-10, 02:25

Re: Question about telemetry...

Unread post by frostknight » 2022-10-04, 19:51

Basilisk-Dev wrote:
2022-10-03, 16:22
Hey guys,

Can we please move the political discussion to the appropriate sections on the forum? I don't think the fact that JustOff is Ukrainian and Ukraine is at war with Russia is directly related to the Basilisk browser.

Thank you!
Oh, sorry...

I didn't think that was a problem.

User avatar
pale guru
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2021-11-06, 11:10
Location: Tyskland

Re: Question about telemetry...

Unread post by pale guru » 2022-10-17, 20:57

byskuit wrote:
2022-08-27, 17:36
is there a way to kill it?
You can use Wireshark to spot the unwanted domains/requests and use a simple DNS block in your router. All Fritzes and OPNsense can do that.
… tanning in dimmed LCD light. – Evry 1′s a beginner, baby, that's the truth…

Post Reply