Ghostery

General discussion, compatibility and contributed extensions.

Moderators: satrow, FranklinDM, Lootyhoof

Haarlock

Ghostery

Unread post by Haarlock » 2016-03-05, 00:39

Can someone either tell me how to make ghostery compatible with PM, or where to find a PM compatible variant?

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1072
Joined: 2014-02-02, 22:15
Location: Chicago, IL, USA

Re: Ghostery

Unread post by Nigaikaze » 2016-03-05, 01:02

There is a search function in the upper right corner of the forum page. I highly recommend you search before posting. Your questions might end up answered before you actually ask them.

http://forum.palemoon.org/viewtopic.php ... t=ghostery
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-05, 02:49

Unfortunately, it seems that Ghostery has sold out! :(

Apparently, with v6.xx you have to connect to their site just to be able to go through the damn settings!
Also, they want users to set up an account with them now.

I'm still using v5.4.4.1, which is the last PM compatible version:
https://addons.mozilla.org/en-US/firefo ... 4.1-signed
..but I fear that they've stopped issuing tracker library updates for old versions now, forcing people into using their new spyware build!
If so, this would be typical behaviour for software that has turned to the dark side!
The latest library for v5.4.4.1 is currently dated Feb.24.2016..
We'll just have to wait and see what happens.

User avatar
opensource
Newbie
Newbie
Posts: 5
Joined: 2016-03-05, 02:35

Re: Ghostery

Unread post by opensource » 2016-03-05, 02:52

Search Ghostery 5.4.4.1-signed

For now Ghostery team is not planing to expand Ghostery for palemoon ( this is replay from ghostery tem support)

Thehandyman1957

Re: Ghostery

Unread post by Thehandyman1957 » 2016-03-05, 04:31

I can't even get that far. Mine says this when I try to update.
Screenshot - 3_4_2016 , 9_29_28 PM.png

User avatar
[Gort]
Apollo supporter
Apollo supporter
Posts: 40
Joined: 2016-02-13, 00:18
Location: UK

Re: Ghostery

Unread post by [Gort] » 2016-03-05, 05:56

Tomaso wrote:Unfortunately, it seems that Ghostery has sold out! :(
Off-topic:
Isn't it by nature sold out, in that it was originally owned by someone who sold it to a company whose business model is to improve the lot of advertisers? Plenty of stories out there about Ghostery's business model and claims about its selling of the statistics it gathers from its users to advertisers, so that they can improve their targeting, etc. I've never trusted that extension from the start in relation to privacy and wonder why it's held in such high regard by many, considering who owns it and what they do with the information they gather.

superA
Lunatic
Lunatic
Posts: 308
Joined: 2014-07-03, 12:34
Location: Greece

Re: Ghostery

Unread post by superA » 2016-03-05, 09:48

The same occurs to all privacy extensions out there, more or less.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-05, 10:04

[Gort] wrote:I've never trusted that extension
I must admit, even their homepage has a concerning look to it.
superA wrote:The same occurs to all privacy extensions out there, more or less.
But there are limits to what can be tolerated!
With the release of Ghostery v6.xx, being tracked by Google etc. now seems like the lesser of two evils.

Can't help but see the irony in this.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-05, 11:13

Thehandyman1957 wrote:I can't even get that far.
I looked into Ghostery's 'updatable.js' file and found this difference between the old and new versions:

Ghostery v5.4.4.1:

Code: Select all

if (this.db.version && options.version && options.version == this.db.version) {
Ghostery v6.0.2:

Code: Select all

if (this.db.version && options.version && options.version < this.db.version) {
After changing == to <, library updates work again for v5.4.4.1 :)

Image

I've created a modified XPI file that contains this fix, but I don't know if I should post it here considering Ghostery's custom license agreement and all:
https://addons.mozilla.org/en-US/firefo ... y/license/
Any thoughts on this?

--

EDIT1:
This part pretty much prevents me from sharing the modified XPI file here:
Unless you have express written permission from the Company, you may not: (i) use the Services in any way that violates this EULA, (ii) distribute the Services or any portion thereof to any third parties, (iii) disassemble or reverse engineer the Services or any part or portion thereof for any purpose, other than for reviewing the code for personal review, (iv) adapt, edit, change, modify, transform, publish, republish, distribute, or redistribute the Services or any elements, portions, or parts thereof, without limitation, in any form or media
..but as stated, it IS legal to modify it yourself, for personal use.
Doing so is really simple:
1) Download 'ghostery-5.4.4-an+sm+fx.xpi' here (right-click on the "Add to Firefox" button and choose "Save Link As..."):
https://addons.mozilla.org/en-US/firefo ... 4.1-signed
2) Extract the XPI file with an archiver, like 7-Zip:
http://www.7-zip.org/
3) Edit the following file with the fix that I posted above (Notepad will do just fine):
resources\ghostery\lib\updatable.js
4) Repack all files/folders into a ZIP archive with any name.
5) Change its file extension from ZIP to XPI
6) Install the modified build by dragging the XPI file into Pale Moon's 'Extensions' window (Tools > Add-ons > Extensions).
-Done!


--

EDIT2:
Don't bother with the instructions above.
As it turned out, the new library updates aren't compatible with old Ghostery versions:
https://forum.palemoon.org/viewtopic.ph ... =20#p80597
Last edited by Tomaso on 2016-03-11, 18:55, edited 2 times in total.

Thehandyman1957

Re: Ghostery

Unread post by Thehandyman1957 » 2016-03-06, 04:24

I went through your steps 5 times and this is what it gives me every time.
Screenshot - 3_5_2016 , 9_07_15 PM.png

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-06, 09:13

Thehandyman1957 wrote:I went through your steps 5 times and this is what it gives me every time.
Screenshot - 3_5_2016 , 9_07_15 PM.png
Did you make sure to keep the exact same folder structure when repacking?

--

EDIT:
Also.. is your archiver up-to-date?
I ran some tests just now, and I successfully extracted and repacked ghostery-5.4.4-an+sm+fx.xpi (no corruptions) with the following programs, under Win8.1:
* 7-Zip v15.14
* WinRAR v5.31
* WinZip v18.0 (file extension had to be changed from XPI to ZIP before extracting)

Also note that you must repack as ZIP, not as 7Z, RAR or anything else!

Burning Sun

Re: Ghostery

Unread post by Burning Sun » 2016-03-06, 12:33

Tomaso wrote:ghostery-5.4.4-an+sm+fx.xpi
Hello, Tomaso. Is it that your xpi is not signed?

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-06, 13:46

Burning Sun wrote:Is it that your xpi is not signed?
Well, the link for Ghostery v5.4.4.1 says "signed" at the end.
I believe that the .1 version numbering confirms this..
Weren't those .1's added when Mozilla started to enforce signing as a requirement?
Nothing else, besides signing, were changed in those .1 releases, that's why it's even missing in the file name.
When installing, it says "Author not verified", but so does all extensions in Pale Moon.

Anyway, this came to mind:
http://forum.palemoon.org/viewtopic.php?f=29&t=11322
..so I tried downloading ghostery-5.4.4-an+sm+fx.xpi using a US proxy, to see if I got a different file.
The file was identical though (same hash as the one that I downloaded before).

If you can't get this hack to work, you must be doing something wrong!

Burning Sun

Re: Ghostery

Unread post by Burning Sun » 2016-03-06, 13:55

Thehandyman1957 wrote:I went through your steps 5 times and this is what it gives me every time.
[appears to be corrupt]
Apparently, this is what's happening, using my signed firefox@ghostery.com.xpi (May 2015) as the example:
In a signed xpi, there is META-INF\manifest.mf which contains a hash for every file. The hash can be used to check if a file has been changed. A hash is something like a checksum. A checksum works roughly like the following: imagine that you have a file which contains the numbers 1, 2, 3, 5, 10. You also include notice that the sum should be 21, so then I can tell pretty much if the file has been changed/corrupted just by adding the numbers in the file for myself and comparing. That explains the corrupted error.

Now what if someone were to change the 5 to a 6 and also change the checksum to 22? I couldn't tell there was a change, except that the hashes have been digitally signed. That's one reason why there is in META-INF\mozilla.mf a signature for the hashes. There is also the certificate (mozilla.rsa) that was used to do the signing. So now I can tell if a hash was changed.

* A hash is a cryptographic version of a checksum. Actually, in manifest.mf there are two hashes for every file: MD5 (weaker) and SHA-1 (stronger).

** There is no meta-inf any xpi that I make with the cfx SDK.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-06, 14:03

Burning Sun wrote:using my signed firefox@ghostery.com.xpi (May 2015)
I specifically pointed out that you have to get Ghostery v5.4.4.1 (ghostery-5.4.4-an+sm+fx.xpi) from April 22, 2015!

Burning Sun

Re: Ghostery

Unread post by Burning Sun » 2016-03-06, 14:07

Tomaso wrote: Weren't those .1's added when Mozilla started to enforce signing as a requirement?
You know more about that than I do, I've only really been paying close attention to extensions for the last two weeks or so since coming to this forum. That's since I'd heard about the crackdown that Mozilla is doing.
If you can't get this hack to work, you must be doing something wrong!
I haven't tried it myself. Maybe later. But being able to change files seems to go against the whole purpose of having signatures.

I'd read somewhere on the forum that people delete the META-INF directory, I haven't tried that at any time.

Burning Sun

Re: Ghostery

Unread post by Burning Sun » 2016-03-06, 14:08

Tomaso wrote:
Burning Sun wrote:using my signed firefox@ghostery.com.xpi (May 2015)
I specifically pointed out that you have to get Ghostery v5.4.4.1 (ghostery-5.4.4-an+sm+fx.xpi) from April 22, 2015!
No need to get excited. I was talking in my post to handyman about why he was possibly getting the corruption notice.

Toa-Nuva
Fanatic
Fanatic
Posts: 182
Joined: 2015-06-04, 18:12

Re: Ghostery

Unread post by Toa-Nuva » 2016-03-06, 14:11

Editing worked fine for me. The fact that the addon is signed and the files are hashed (which is probably also because of the signing?) does not make any difference. (Pale Moon does not enforce addon signing, after all.)

I'm not entirely sure if this workaround actually fixes the update or just makes the addon claim that it updated, because I think that after updating the number of trackers did not change. I might mis-remember though, or the new list just happens to be the same length - I did not investigate any further yet.

As for:
Tomaso wrote:EDIT:
This part pretty much prevents me from sharing the modified XPI file here:
Unless you have express written permission from the Company, you may not: (i) use the Services in any way that violates this EULA, (ii) distribute the Services or any portion thereof to any third parties, (iii) disassemble or reverse engineer the Services or any part or portion thereof for any purpose, other than for reviewing the code for personal review, (iv) adapt, edit, change, modify, transform, publish, republish, distribute, or redistribute the Services or any elements, portions, or parts thereof, without limitation, in any form or media
..but as stated, it IS legal to modify it yourself, for personal use.
You seem to misunderstand. The licence says: "you may not disassemble or reverse engineer [...] for any purpose, other than for reviewing the code for personal review". In other words, you may look at the source code for personal use. However, "you may not adapt, edit, change, modify [...] without limitation, in any form or media".

Depending on where you live, laws might make this clause invalid. But you (and others) should be aware that modifying the extension might not be as legal as you seem to think.

Burning Sun

Re: Ghostery

Unread post by Burning Sun » 2016-03-06, 14:19

Toa-Nuva wrote:Editing worked fine for me. The fact that the addon is signed and the files are hashed (which is probably also because of the signing?) does not make any difference. (Pale Moon does not enforce addon signing, after all.)

I'm not entirely sure if this workaround actually fixes the update or just makes the addon claim that it updated, because I think that after updating the number of trackers did not change. I might mis-remember though, or the new list just happens to be the same length - I did not investigate any further yet.

Depending on where you live, laws might make this clause invalid. But you (and others) should be aware that modifying the extension might not be as legal as you seem to think.
I wonder if by not enforcing signing, PM also ignores hashes. If so, why would handyman see that notice?

There is a Ghostery directory in your profile that contains the db files. The dates should presumably verify if an update occurred.

I'd also wondered if Ghostery's license prohibition from changing anything is actually enforceable.
[edit: changing anything for personal use... the whole thing reminds me of what happened with DVDs years ago]

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ghostery

Unread post by Tomaso » 2016-03-06, 14:25

Burning Sun wrote:being able to change files seems to go against the whole purpose of having signatures.
Moonchild is not a big fan of Mozilla's signing policy:
http://forum.palemoon.org/viewtopic.php ... =40#p55250
Burning Sun wrote:No need to get excited
I weren't. :)
Toa-Nuva wrote:I did not investigate any further yet.
Me neither.
Toa-Nuva wrote:modifying the extension might not be as legal as you seem to think.
Well, you should consider my instructions as strictly informational.
If you choose to modify the extension, you do so on your own responsibility!

Locked