privacy and security
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
privacy and security
hello
version 28.8.0 show greprefs.js
in this test:> https://browserleaks.com/firefox#more
help only this plugin:
https://addons.thunderbird.net/en-US/th ... dl-popular
^^ work in pale moon
in new firefox,torbrowser and seamonkey is Invisible this file.
version 28.8.0 show greprefs.js
in this test:> https://browserleaks.com/firefox#more
help only this plugin:
https://addons.thunderbird.net/en-US/th ... dl-popular
^^ work in pale moon
in new firefox,torbrowser and seamonkey is Invisible this file.
-
- Pale Moon guru
- Posts: 35650
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: privacy and security
FYI: "greprefs" are the platform preferences that are common to all UXP applications and provide 0 privacy or security information about individual installations. It is not possible to get any sort of profile information or non-generic data that lives outside of the browser or extensions through it, so it is not a leak.
The price of blocking resource:// URIs from content is the inability for any extension to use extension and browser resources in page content -- which is exactly why Mozilla waited for the version that killed all "legacy" extensions to put this denial of loading resource:// URIs in Firefox; they knew that it would break many, many powerful extensions by preventing them from putting custom controls in page content.
Also, this has already been discussed before on the forum -- it's old news and you could have found it by searching the forum before posting
The price of blocking resource:// URIs from content is the inability for any extension to use extension and browser resources in page content -- which is exactly why Mozilla waited for the version that killed all "legacy" extensions to put this denial of loading resource:// URIs in Firefox; they knew that it would break many, many powerful extensions by preventing them from putting custom controls in page content.
Also, this has already been discussed before on the forum -- it's old news and you could have found it by searching the forum before posting
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
Re: privacy and security
ok thx...
please add i new vesrion is possible...new funcion dissable all OSCP services taplink and others
check this:
https://scotthelme.co.uk/revocation-is-broken/
bot nets used oscp = attacking peoples
proff:
https://www.abuseipdb.com/check/93.184.220.29
^^^ this bot net attacking webbrowsers (active OSCP) = false certificate ocsp.digicert.com and crl4.digicert.com
please add i new vesrion is possible...new funcion dissable all OSCP services taplink and others
check this:
https://scotthelme.co.uk/revocation-is-broken/
bot nets used oscp = attacking peoples
proff:
https://www.abuseipdb.com/check/93.184.220.29
^^^ this bot net attacking webbrowsers (active OSCP) = false certificate ocsp.digicert.com and crl4.digicert.com
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: privacy and security
I'm really not sure what you're trying to ask here. Do you have privacy concerns with using OCSP, or with how the browser handles revocation, or something else?
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Re: privacy and security
I don't understand either. And AbuseIPDB is a reporting and API usage website for bad connections, etc. I use the API myself at my website. Meet the confidence score and you're 403ed. My script also reports to AbuseIPDB just like Fail2ban, etc. So in a nutshell, the AbuseIPDB is NOT a browser related thing at all. It's a server thing for websites.
Have a look at these three websites concerning browser fingerprints.
https://panopticlick.eff.org/
https://browserleaks.com/webrtc#webrtc-disable
https://ipx.ac/run
Also, you may want to turn on the canvas.poisondata in about:config. I have had it on for years and have had no trouble with websites.
Have a look at these three websites concerning browser fingerprints.
https://panopticlick.eff.org/
https://browserleaks.com/webrtc#webrtc-disable
https://ipx.ac/run
Also, you may want to turn on the canvas.poisondata in about:config. I have had it on for years and have had no trouble with websites.
-
- Board Warrior
- Posts: 1277
- Joined: 2017-06-06, 07:38
Re: privacy and security
You can disable OCSP check in Pale Moon settings, if that is what you want.
Go to Preferences -> Advanced -> Certificates and uncheck "Use OCSP to confirm the current validity of certificates".
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
Re: privacy and security
oscp staplink disable possible : plugin or about:config
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
Re: privacy and security
uncheck OSCP and...
check this plugin:
https://addons.palemoon.org/addon/pm-commander/
go to security/ssl / you see stapling OSCP still default active
check this plugin:
https://addons.palemoon.org/addon/pm-commander/
go to security/ssl / you see stapling OSCP still default active
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
Re: privacy and security
if active oscp:
bot net attacks all MAC, LINUX, WINDOWS systems wherever OSCP is enabled.
creating a new process tcp and a new connection remote: and attacking systems
digicert.com is trusted
webrowser is trusted (firewall)
ocsp.digicert.com or crl4.digicert.com is trusted in webbrowser but false ..remote new process: from: 93.184.220.29 = ocsp.digicert.com or crl4.digicert.com (BOT NET)
bot net attacks all MAC, LINUX, WINDOWS systems wherever OSCP is enabled.
creating a new process tcp and a new connection remote: and attacking systems
digicert.com is trusted
webrowser is trusted (firewall)
ocsp.digicert.com or crl4.digicert.com is trusted in webbrowser but false ..remote new process: from: 93.184.220.29 = ocsp.digicert.com or crl4.digicert.com (BOT NET)
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: privacy and security
I'm going to do my best to decipher/translate these...
Yes. Disabling OCSP entirely can be done using Adesh's instructions. Disabling OCSP stapling can be done through Pale Moon Commander or about:config.
If you disable OCSP completely, the stapling preference will be ignored, so you don't need to worry about its value.
"Is it possible to disable OCSP stapling through an add-on or through about:config?"
Yes. Disabling OCSP entirely can be done using Adesh's instructions. Disabling OCSP stapling can be done through Pale Moon Commander or about:config.
"If you disable OCSP, why does the "Use OCSP Stapling" preference still appear as checked in Pale Moon Commander?"fixmen wrote: ↑2019-12-26, 10:22uncheck OSCP and...
check this plugin:
https://addons.palemoon.org/addon/pm-commander/
go to security/ssl / you see stapling OSCP still default active
If you disable OCSP completely, the stapling preference will be ignored, so you don't need to worry about its value.
I'm really confused about this one... can you please rephrase the question?fixmen wrote: ↑2019-12-26, 12:21if active oscp:
bot net attacks all MAC, LINUX, WINDOWS systems wherever OSCP is enabled.
creating a new process tcp and a new connection remote: and attacking systems
digicert.com is trusted
webrowser is trusted (firewall)
ocsp.digicert.com or crl4.digicert.com is trusted in webbrowser but false ..remote new process: from: 93.184.220.29 = ocsp.digicert.com or crl4.digicert.com (BOT NET)
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
-
- Hobby Astronomer
- Posts: 26
- Joined: 2019-12-23, 16:08
Re: privacy and security
I mean adding a new function in the certificates tab "disable oscp staplinkg"
-
- Pale Moon guru
- Posts: 35650
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: privacy and security
I don't see a point in doing that. Stapling OCSP responses is a Good Thing™ and you can already disable it if you insist in about:config.
Also, crl*.digicert.com is not a BOT NET connection at all. It's a server os a certificate authority that serves certificate revocation lists (the older method prior to OCSP)
Methinks you are being paranoid about normal connections made to check and verify the validity of SSL certificates. I'll summarize the tech for you:
Also, crl*.digicert.com is not a BOT NET connection at all. It's a server os a certificate authority that serves certificate revocation lists (the older method prior to OCSP)
Methinks you are being paranoid about normal connections made to check and verify the validity of SSL certificates. I'll summarize the tech for you:
- OCSP stapled responses: you want this wherever possible if you are concerned about CAs tracking you (which is unlikely). A stapled OCSP response is served by the https server you are connecting to and is a cryptographically-signed OCSP response attached to the certificate with short validity that verifies the certificate is verified and authenticated for use (i.e. a verification it is valid, issued by the CA and not revoked). This streamlines the validity checking without having to connect to other servers than the ones you are already connecting to.
- OCSP lookups: if not stapled, an OCSP lookup is performed to verify the validity of a certificate directly with the designated server operated by the CA. The type of verification is the same as with a stapled response but you request it from the CA directly, instead.
- CRL lookups: If you use further fallback because OCSP isn't/can't be used and it's not stapled, then the browser can perform a lookup by requesting a certificate revocation list, which is a list of all certificates that have been revoked by the CA. This is considerably slower because you request a potentially large list, not a specific host, and not all CAs support this anymore because of the bandwidth such a thing would require.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite