Security configurations, doubts.

General project discussion.
Use this as a last resort if your topic does not fit in any of the other boards but it still on-topic.
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
User avatar
kalemoon
Moongazer
Moongazer
Posts: 10
Joined: 2022-07-21, 10:44

Security configurations, doubts.

Unread post by kalemoon » 2022-07-21, 18:57

[From the Spanish forum].

Hi all,

I have been using Palemoon for some time but I had never before opened an account for this Forum; the thing is that now I have been reinstalling/reconfiguring the browser again, and since I set it as 'default' (I definitely left Firefox forever) there are some things that I do not understand and I would like to be clarified by those of you who are more knowledgeable.

In the 'Security' section there are two incomprehensible options for me, I'm not an expert, I'm just a simple user, the first one reads something like this:

a) Enable 'Upgrade insecure request'.

And then it continue with:

b) Enable HTTP 'Alternative services' for CO

In the second section, in 'Advanced', there is another one that I don't understand and I don't know what to do:

c) 'Detect restricted network access'.

My question is whether or not I should check all of them and, could someone please, explain to me briefly and, in a simple to understand way, what these option means. Why are they not already checked if they are so important?.

One more last question:

Whom are the current managers/administrators, owners of this Palemoon project?.

Thanks for the attention and sorry for my ignorance in these matters, any feedback is appreciated.

Regards!.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security configurations, doubts.

Unread post by Moonchild » 2022-07-21, 19:19

Both A and B fall under "opportunistic encryption" and they are different ways of handling the transition behaviour from http to https "everywhere and always".

Click the help button in the preferences dialog on that page for a description

C has the browser try to detect if an internet connection is behind a captive portal (e.g. on public wifi where you have to agree to terms before using the internet). Since this is a less common usage scenario for Pale Moon it's disabled by default, also because it may not be accurate and requires a connection to a Pale Moon server which people tend to be skittish about for the reasons explained in the thread linked below.

Also, I am primarily responsible for Pale Moon and own the project and rights. Administration duties are shared with core community members to an extent. Why do you ask?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
andyprough
Astronaut
Astronaut
Posts: 700
Joined: 2020-05-31, 04:33

Re: Security configurations, doubts.

Unread post by andyprough » 2022-07-21, 19:20

I don't know these myself, but I've searched the forum for some answers for you. I think from what I'm reading that they all should remain disabled.
kalemoon wrote:
2022-07-21, 18:57
a) Enable 'Upgrade insecure request'
According to this post by Moonchild, it sends a request which some websites will comply with to upgrade some items on the webpage from http to https: viewtopic.php?p=166730#p166730

This apparently should not be necessary, as https pages should contain only https linked items.
b) Enable HTTP 'Alternative services' for CO
According to this post, it was an older transitional technology for upgrading http to https which has been compromised and is disabled by default and should not be used: viewtopic.php?f=1&t=27552&p=221376#p221376
c) 'Detect restricted network access'.
There's a lot of info on this option here: viewtopic.php?f=3&t=23101&p=176374#p176374

It should not be used unless necessary. It may be necessary to allow connection to some public wifi hotspots, apparently.

User avatar
kalemoon
Moongazer
Moongazer
Posts: 10
Joined: 2022-07-21, 10:44

Re: Security configurations, doubts.

Unread post by kalemoon » 2022-07-21, 20:58

I understand then that I should do absolutely nothing and leave it as it is is the best thing to do. ;)

The project/administration issue is because I see that some Firefox extensions apply here and others do not, like UBlock Origin ... I didn't know if you were a branch of them or if you were independent, from what you tell me it seems to me that you guys are something totally separate.

Thank you very much for your kind replies.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security configurations, doubts.

Unread post by Moonchild » 2022-07-21, 23:58

kalemoon wrote:
2022-07-21, 20:58
I didn't know if you were a branch of them or if you were independent
viewtopic.php?f=24&t=4163
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
kalemoon
Moongazer
Moongazer
Posts: 10
Joined: 2022-07-21, 10:44

Re: Security configurations, doubts.

Unread post by kalemoon » 2022-07-22, 07:52

Thanks! :clap:

Locked