Pale Moon SSE, Security, Privacy and You

[Lorien]

Since this topic apparently conserns people, lets discuss our views and opinions.

...It all began here.

[Mercury]

Since you're interested in my opinion (don't know why; I'm hardly an authority here)...

I might be called a minimalist. Noscript is all I use security-wise, though I go hard with it and even remove the default whitelisted sites and only add the barest minimum to read the pages I'm interested in. This sometimes breaks pages completely, but there's more out there to read. I try to be smart about the sites I visit.

I have four extensions in all: NoScript, Old Location Bar, Open Link In..., and VLC YouTube Shortcut.

Minimalism.

So you're able to entrust to NS your important layer of security without a second thought after GM secretly manipulated its code a few years back, aren't you?

I have to trust that the people writing the software I use aren't out to get me. That applies to Noscript as much as Pale Moon itself. As for the shenanigans a few years back, what happened was stupid and unethical, but I think the creator who's been already been exposed and burned might be more inclined, not less, to keep honest in the future.

What about:
- granular filtering
- element hiding
- list of page elements
Don't you need all of that useful features?

Apparently not.

Also, do you possibly belong to the HOSTS file fan-club too?

Nope!

[Drugwash]

What I'm gonna say may not directly relate to Pale Moon or add-ons, but it's still related to the web experience and so with the browser that can or cannot change some things in favor of the user.
I'm referring here to Google and the way they sneaked into our virtual life. Nowadays there is almost no (important or not) webpage/forum board/blogging patform/whatever that doesn't make use of Google search, Google fonts, Google APIs, Google AJAX and so on. Well, personally I'm fed up with this Google meddling in my affairs and after a bad experience of e-mails confirmed as sent but missing from the list and never reaching the receiver I decided to not only delete my GMail account but block everything pertaining to Google from reaching my machine(s).

Well, this has to do with the browser and add-ons, because generally blocking is done in different layers, starting with the HOSTS file and going through add-ons such as NoScript, Ghostery, Request Policy, YARIP, Yes Script, QuickJava, Redirect Cleaner, GreaseMonkey scripts and maybe others I don't know and never used. People around keep talking about uBlock Origin lately but I've once tried that thing for a few minutes and ditched it after not being able to find its logic, intuitivity and user-friendliness. Personally I don't like the overautomatized things that leave the user out of the equation - call me a control freak.

As mentioned back in the topic that spawned this discussion I'm not much interested in security as most people understand it, that is fear of having their credit card numer/password hacked and other similar things directly related to real life. I don't do any such activity online. However, it's a matter of principle to have some privacy online and I feel Google's interference is against that. Not that they'd be the only ones but they're the most visible, in my opinion.

Now, on top of that there's also the traffic overhead. You'd say a few kB-worth of a script is no big deal. Well, it may be for those with a metered connection, when each page downloads independently the same scripts or different versions of them, redownloads them on refresh and for security reasons cache is always flushed at session end, manually or on a timer - depending on add-ons and their settings. Same goes for ads and other page elements that the user simply doesn't care for and which unnecessarily clog the bandwidth. And there still are many users around the world (such as myself) with old, underpowered machines, struggling to stay connected to the world without being choked by all this overhead. The discussion started with the SSE version of Pale Moon, which is inherently necessary to people operating such modest machines. So I'd say this is all about security, privacy and decency altogether.

Please note that I'm currently running the Atom/XP build of Pale Moon on an early Pentium4 machine under XP so I'm not sure how all of the ad-ons mentioned above would perform under the SSE (or IA32) version. Time allowing I'm gonna test them all on my old Duron machine with the IA32 version of Pale Moon, see if they behave correctly (or work at all), which may offer a hint as to their performance under the SSE version. In the mean time other opinions would be welcome.

[Lorien]

Since you're interested in my opinion (don't know why; I'm hardly an authority here)...

Because I assumed since you're the author of the build, and thus knows it better than anyone else, from the practical standpoint, it would be reasonably to ask.

Then what's your opinion, guys, on the security concept that says restricting executionals to system and programs folders only, in addition to running internet-facing applications in some sort of virtualized environment like Sandboxie, using a good firewall, and allowing scripts in the trusted sites only protects you from 99% malware out there, without a need for antivirus and anti-something else, since you trust the applications you install into your system in the first place - and thus saving lots of resourses, especially for older and slower computers, like SSE ones. Do you agree with that?

[Lorien]

...And running everything under LUA/SUA credentials on the daily basis, in addition to the above-mentioned.
I forgot, sorry.

Off-topic:

Since you're interested in my opinion (don't know why; I'm hardly an authority here)...

Because I assumed since you're the author of the build, and thus knows it better than anyone else, from the practical standpoint, it would be reasonably to ask.

Besides, it's an incredibly snobby "community", with obvious communication problems, and only you have answered all of my questions here so far in a decent way.

[Mercury]

Because I assumed since you're the author of the build, and thus knows it better than anyone else, from the practical standpoint, it would be reasonably to ask.

This is simply incorrect. I just pass a few magic words to the compiler and it spits out a glob of bytes. The intricacies of the program are way beyond me; certainly Moonchild would know way more about your copy of Pale Moon than I would.

Off-topic:

Besides, it's an incredibly snobby "community", with obvious communication problems, and only you have answered all of my questions here so far in a decent way.

Heh. Well, thanks.

(...) Do you agree with that?

I'll pass on answering anything specific here, because again I don't think I'm qualified to answer. Some of the decisions I make in running my system are probably horrible by common security standards. If I were designing an OS, it would use executable whitelists and programs would be expected to work without having rabid tentacles flopping around the system smashing things. In my view there is no excuse - zero - for something like a font to be capable of being a vector of infection. Any program whose purpose is to display documents - that includes a web browser - should by fundamental design be incapable doing anything harmful to the system.

It's a sad, sad reality that this is not the case.

[Lorien]

Ok then, thanks for taking time to answer, and sorry if I bothered you.
If someone has something else to say here, please feel free to do so.

[Moonchild]

Since you asked, I do take offense to your assertion that the whole of the community would be "snobby".
Since you are generalizing there, something you really shouldn't do

I think expecting an answer on a forum board is reasonable, but thinking people are actively ignoring your questions when you don't (or don't get an answer you expect) is the other extreme. People can have plenty of reasons not to give an answer (you expect). Not in the least because they may not have time, have no real opinion on the matter, don't want to repeat what was already discussed elsewhere, or simply want to avoid causing strife by having apposite opinions.

[Lorien]

I'm sorry if I offended you, Moonchild, but you simply have no idea (and better not) how I feel each time I visit this place.
So maybe the problem's in me, indeed, and I need to visit a therapist. But what happened to this guy, shows that I'm not the only one who feels in a somewhat similar way here.
Something to reflect upon.

[New Tobin Paradigm]

Lorien, that is a completely unique situation. If you did follow that thread before key parts were blanked you would have seen that it was appreciated just needed some tweaking as a few (not quite correct) assumptions were made but overall was a pretty good base of instructions.

Citing one singular example which proves your point isn't going to fly because those involved in that situation know what actually happened, you do not. Considering it was, as I said, unique.. You are simply going to have to try harder to justify your claims.

[Moonchild]

I'm sorry if I offended you, Moonchild, but you simply have no idea (and better not) how I feel each time I visit this place.

Maybe I do know how you feel, and maybe I don't - there's no way for you to know how I feel either. So please don't try to pull that card on me.
And how do you think it should make people (in this case every other member of the community) feel when you call them names? Is feeling offended not a reasonable response to that?

Ultimately, if you feel the community forum in any way causes you emotional grief, then it is your free choice to not visit. It's not a requirement for using the browser.

[Lorien]

And how do you think it should make people (in this case every other member of the community) feel when you call them names? Is feeling offended not a reasonable response to that?

But despite my asking above, except you, nobody said they were offended in any way, neither here, nor in my PM, at all.
And why do you think is that, in your opinion?

[half-moon]

And how do you think it should make people (in this case every other member of the community) feel when you call them names? Is feeling offended not a reasonable response to that?

But despite my asking above, except you, nobody said they were offended in any way, neither here, nor in my PM, at all.
And why do you think is that, in your opinion?

To be honest, I was offended. A lot of the users around here are friendly and making over-generalizations about the community doesn't help your "case" at all.

[Lorien]

Oh, so there's the "case" against me already? Very friendly indeed

But since we have started speaking out opinions in the name of a lot of supposed "others" here, then let me remind you please, that there are a lot of actual users here, who joined not as long ago as you did, most of whom are very inexpirienced technically, probably runnig this browser for the very first time, lost and confused in this big forum - what would they think/feel about "oh so friendly" you, who didn't even bother to go and give a simple answer by your standards, but taking their time to blame me for speaking out against this kind of "friendliness", instead?

P.S. And the real over-generalization is "the community offended" itself.

[Moonchild]

And how do you think it should make people (in this case every other member of the community) feel when you call them names? Is feeling offended not a reasonable response to that?

But despite my asking above, except you, nobody said they were offended in any way, neither here, nor in my PM, at all.
And why do you think is that, in your opinion?

maybe because nobody wanted to start a flame war, which was the risk of responding to something as controversial as this.
Considering no matter what is said you'll always find a way to turn it around, I think it's better that you just leave the community that you cannot appreciate far behind, and move on to other fora where you can feel welcome and not have your tender soul hurt by perceived "snobism".

[Clasof56]

"Considering no matter what is said you'll always find a way to turn it around, I think it's better that you just leave the community that you cannot appreciate far behind, and move on to other fora where you can feel welcome and not have your tender soul hurt by perceived "snobism".

I agree 100%.