Pale Moon blocks privacy enhancing addons like noscript, citing this rationale for blocking such an imporant addon:
NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited, NoScript will cause display issues and functional issues.
So, it looks like Pale Moon's developers are actively working against the intrests of its privacy-concerned users, and would rather allow websites to execute malicious ECMAScript programs on unsuspecting user's machines, than to be blamed for a broken website. To disable this blocklist, set extensions.blocklist.enabled to false in about:config.
when I search for extensions.blocklist in about:config in basilisk, I get several results, including URLs for basilisk and mozilla.
Why?
not only are you compromising user security by sending requests to mozilla and basilisk, but you are also opening up basilisk to censorship. please remove this or explain why it is included.
also why would you include spyware features in Pale moon? How much did you get paid?
What that site claims in nonsense and grossly over-exaggerated. I've already written to the site owner about this but unfortunately they have neither responded to my mail nor changed the reported "spyware" misinformation. I left it up to them to make up their dam mind but they should at least try to be accurate in their information if they claim to be a spyware info resource.
For the record, my response to their inaccuracies:
I find the fact that you classify Pale Moon as "spyware" because of the
fact that our websites are currently still ad-sponsored (due to lack of
donations) rather blown out of proportion. The whole article seems to be
written by an extremist who would classify ANY website with an ad and
ANY software that by design displays web content of such sites to be
top-rank spyware...
The definition of spyware is that is is DESIGNED to spy one the user.
Pale Moon is not, and we go through quite some lengths to choose as
privacy-conscious features and services as possible. The fact that the
application by its very nature is able to display ads to the user as
part of web content does not make it spyware.
Most of your complaints are due to having 1 RTB ad on default-loaded
pages. Why is it there? because articles like yours have hindered
adoption of Pale Moon since its inception, and have prevented regular
enough income for the project to kick AdSense to the curb.
Its "terrible start page" has been a feature requested by our users.
They WANTED a customizable start portal and our partnership with
start.me was the result. If you don't like it, switch the home page to
something else. Done.
> Blocking privacy-enhancing addons
Did you read the actual info page about our NoScript entry (at
warning level, so a simple one-time confirmation will enable it
permanently) on the blocklist? I guess you didn't because you go off on
a rant about "[our developers] actively working against the intrests of
its privacy-concerned users". Such b***s***.
> Auto-updates
If you think that we use any of these auto-updates to track anything or
share any of this data with anyone else, then please read our privacy
policy. You couldn't be more wrong.
> Pale Moon connects to Mozilla's geolocation services.
No, it does not. On top, it does not send any data beyond the
already-public IP address to the geolocation server in use, and does not
request more than the absolute minimum data in response, to keep
unneeded privacy-sensitive data off the wire.
> OCSP querying
This is a normal part of certificate checking, and is avoided in most
cases if the server staples the OCSP responses. Individual OCSP
connections are increasingly in the minority. Your article conveniently fails
to mention this. Stapling has been a thing for a good number of years
now and is widely adopted.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Also, what does that page have to do with Basilisk? it's about Pale Moon.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
So it uses a blocklist, is there something wrong with that?
Is NoScript on the (Basilisk) blocklist? (No.)
Is a blocklist a good thing? (Yes.)
Without some sort of mechanism, like a blocklist, you might find a user given away the store - after installing a malicious extension.
(And just what is the likelihood of something like that happening? Mozilla & Security, Heh.)
