Press allow to verify - spamware blocked by Pale Moon

[Lunokhod]

I have seen this sort of thing before, but did not pursue it.
I searched on Google:
"pakku" Arch forum
having set it to results up to one week in the past. One result was shown:

Yay aur helper
mouhammadwora.com › yay-aur-helper

19 hours ago - Put simply, Yay is an Arch User Repository, or AUR -- a helper for managing packages ... Examples of these AUR helpers include yay, pakku, and Aurutils. ... all the discussion, questions and support that's already taking place on the forums.

But when I clicked on the link it took me to https://fres-news.com/?p=gbtdayrtgm5gi3bpgm3dk and said Human verification, press allow to verify, that you are not a robot.
I have seen this sort of page before, but there is nothing to click on. So I tried it in Chromium, and this opened a little window at the top saying do you want to allow notifications from this site, and I clicked allow, and there were a couple more boxes like that popped up and I clicked allow on those too. Finally it took me, not to the advertised search result, but to this page which wanted me to add some spamware malware download to my browser!
https://extension.advancedsearchlab.com ... c=9rirzwp2

Thank goodness Pale Moon blocks this garbage!

So if you can't get past the click allow to verify, that you are not a robot page, then you aren't missing anything.

[Admin]

This is an example of what advertising companies are now pushing for (no pun intended): abusing the "push notifications" system. By clicking "allow" you have now opted in to receiving ads through push notifications right to your desktop without even visiting an ad-supported site. The revenue from it will go directly to the scammers/malware peddlers. I'd check Chromium to see which push notifications you are allowing and remove any you didn't explicitly subscribe to.

Pale Moon, thankfully, disables the DOM push API by default. So does Basilisk.

[Lunokhod]

Restarting Chromium I had a couple of notification boxes appear, one stayed onscreen even when Chromium was closed and said YOUR NORTON HAS EXPIRED click here to renew, funny, I don't have a Norton.

Code: Select all

$ ps -ax
...
2778 ?        Sl     0:00 /usr/lib/xfce4/notifyd/xfce4-notifyd
$ sudo kill -s SIGKILL 2778

That fixed my Norton.

Then:

Code: Select all

$ rm -r .config/chromium
$ rm -r .cache/chromium/
Rebooted
$ sudo pacman -Rs chromium
$ sudo pacman -S chromium

As I only try things now and again in Chromium there was no reason not to remove the whole profile. No more unwelcome notifications now.

[moonbat]

Off-topic:
Note the inversion of control compared to RSS feeds - where the user decides what sites to follow and how often to check them for updates. No surprise Chrome went with this instead where a website can shove notifications at you at their whim, and Firefox has followed suit.

[Lunokhod]

I turned off notifications in Chromium. I have sometimes seen requests to allow notifications on Pale Moon, for example on online mail pages. Clicking on the info bit it said this was not recommended or well supported in Pale Moon. It isn't a feature I've been using, so I toggled this to false in about:config to turn it off completely:
dom.webnotifications.enabled;false
On this test site, where before the Authorize button created an allow notification popup, now it does nothing.
https://www.bennish.net/web-notifications.html
Hopefully that won't break any site functionality in other ways. The notification daemon is used to point out low battery levels, and also when Pale Moon has finished building, so I don't want uninstall it from the desktop completely.

[Moonchild]

web notifications != push notifications.

[Moonraker]

Case of better the devil you know with me.I foolishly installed chromium when facebook was giving an issue with palemoon and i noticed that even when totally logged out of facebook i was still getting notifications from there.F*****g hell does chromium ping facebook servers even when closed.!!!.?.I have subsequently removed the google/chromium garbage and use firefox as a back up browser.

[Lunokhod]

Most advice on disabling notifications (for Chrome / Chromium and Firefox) seems to simply disable all notifications, rather than making a distinction between web and push:
https://blog.malwarebytes.com/security- ... ng-abused/
Although web seems to be more limited, as it (possibly) only works when the browser is open, and may not allow interaction in the notification:
https://stackoverflow.com/questions/348 ... erspective
I'm not entirely sure though, I haven't found any simple answers on this.
After disabling the web notifications via about:config in Pale Moon I can still see in my email page tab title when a new email is delivered and I am looking at another tab, which is the only "notification" type thing I use and am aware of, so that must not rely on the web notification system at all.
All the browsers that use push notification seem to use a service worker which runs when the browser is closed, the other server you connect to stores some info about you as well, although I don't know exactly what.

[Moonchild]

web notifications = the web page you have open (either foreground or background tab) can send you a desktop notification. This only allows notifications when you are actually having the notifying site open/loaded, since it's a direct active page API.
push notifications = the web page can send you notifications if your browser is open, regardless if you have the page open in a tab or not. This works by having a persistent connection to a push server which serves you these notifications. This does not work if your browser is closed because the browser needs to be running to display notifications.

The intended/design use of the latter is so e.g. webmail can notify you of new mail arriving when you are running your browser even when you don't have the webmail site open in a tab.
The abuse comes in when people are tricked into allowing push notifications from random (ad) push servers that can push ads as notifications to your desktop whenever the browser is running and have guaranteed delivery of the ads the next time the browser is started, even when people are no longer visiting the spamsite that made them enable push notifications for them to begin with. It's usually also less than straightforward to remove individual push notification subscriptions in browser options.

I suggest if you don't know what terms mean you look them up instead of guessing All of this is documented on the web.
(e.g. look up what a service worker is. You're obviously misunderstanding that too)