|
The new webextension Stylish doesn't seem to have the same tracking/theme-query code that the chrome version has? This is confusing. Also neither that nor stylus have the ability to do UI theming, which sucks. userChrome.css is so much less convenient.
|
# ¿ Nov 14, 2017 22:11 |
|
|
# ¿ Apr 18, 2024 15:29 |
|
Klyith posted:Um, why? What are you worried that SimilarWeb will do with your web history that's worse than what google does? If anything, shouldn't you be more worried about the company that knows far more than just your web history, including aspects of your finances, health, and social relationships? Klyith posted:In that case, please pick between: * you know you can block facebook/google tracking everything, right? It's easy and built in to many ad blockers.
|
# ¿ Nov 14, 2017 22:15 |
|
Other than push notifications, service workers enable a good offline mode for websites. No idea what they're needed for on street view. Overall it has uses but it's a minor feature.
|
# ¿ Dec 1, 2017 23:28 |
|
Craptacular! posted:So it seems Adguard is choosing to not block anti-adblock scripts that come with paywalls (e.g. please turn off your browser or buy a subscription), due to the fact that they're based in the EU and a German court apparently ruled that getting around a paywall is theft.
|
# ¿ Jan 5, 2018 23:38 |
|
Ola posted:Technically, downloading emails over POP3/IMAP is more modern that sending physical paper into a metal box attached to your property, but it seems to have more in common with that era than this. Downloaded email is to the internet age what the bronze axe was to the industrial age. It will be a pretty nippy afternoon in Hecksville before I use anything but webmail for that tiresome form of communication. The base functionality of IMAP is basically the same as webmail. Everything lives on the server, and it grabs emails when you open them.
|
# ¿ Aug 13, 2018 15:56 |
|
Ola posted:Your login cookies are thankfully protected by the unique key the browser generated when you logged in. If another app you installed could just passively fetch your logins without the originating apps approval, any app you install could do so silently without telling you, and leak it to Vladimir Putin instead. If it's something trivial like "I want my match.com font to be big" or "I approve of Instagram's GDPR policy", those are ok. And I'd certainly expect this window to import the cookies: If it doesn't work then there's always using an extension to export them like https://chrome.google.com/webstore/detail/cookiestxt/njabckikapfpffapmjgojcnbfjonfjfg I'm sure there's some way to import that that's quantum-compatible, never had to do it myself.
|
# ¿ Sep 6, 2018 23:04 |
|
Jewel Repetition posted:Can't you just tell the browser to export the key too? "Quantum" is the new versions of firefox, 57+. The extension search is awful and doesn't distinguish between ones that still work and ones that don't. One of these should do what you need: https://addons.mozilla.org/en-US/firefox/addon/a-cookie-manager/ https://addons.mozilla.org/en-US/firefox/addon/cookie-quick-manager/
|
# ¿ Sep 7, 2018 08:17 |
|
Jewel Repetition posted:Neither of those work. Is it just impossible to import a session from one browser to another? Ola posted:Yes, it's made that way on purpose so hackers don't steal all your money. Any program on your account can pop open the Login Data database and grab the password data. There is some encryption, but it's just based on being logged in as you, any program you run can decrypt it. Firefox stores passwords in logins.json, encrypted with a key in key4.db. A master password can prevent access when firefox is shut, but most people don't have that. In both cases, the encryption is largely for obfuscation. There is no proper security isolation between two non-admin programs on the same desktop account.
|
# ¿ Sep 9, 2018 01:23 |
|
Ola posted:Active logins are cookies, not stored passwords. I never save passwords, but I could have my cookies stolen. I'm no expert on this, but I know that it's protected enough that a browser swap won't easily import active logins because the cookie also depends on http headers, hard-/software signature and similar. But a dedicated attack might be able to. It's something that should probably be protected better, since it's pretty bad if it succeeds, it can bypass 2-factor authentication etc. For any other headers or values, a malicious program could just make a copy of whatever they're based on. isndl posted:Any website with an eye for security is going to use encrypted cookies to prevent attacks like Firesheep. In addition to the risk of the cookie being broadcast in the clear over WiFi, there's potential cross-site scripting attacks that could steal your cookie data. By encrypting your data as a countermeasure against these types of attacks it also becomes non-trivial to simply copy your cookies over to a new profile, i.e. everything is working exactly as intended.
|
# ¿ Sep 9, 2018 12:41 |
|
isndl posted:HTTPS does prevent Firesheep but doesn't secure data stored in browser cookies so you're still vulnerable to XSS. Encrypting a cookie helps prevent XSS because the data in the cookie is garbage data without decryption. You can copy the cookie to a new profile, but depending on whether the server matches that data with a browser fingerprint of some sort it may or may not be functional. But you should almost never have personal data in the cookie to begin with. You don't put the password in the cookie, you put a session ID. I usually only hear about encrypted cookies in the context of making sure nothing can tamper with them. That encryption doesn't itself do anything to stop someone from stealing your login. The XSS site doesn't need to understand the cookie to pretend to be you. When you talk about browser fingerprints, do you have anything in mind that can't be copied very easily? And can you name sites that do this to validate cookies? I've never seen a cookie get invalidated when I change user agent, for example. Dylan16807 fucked around with this message at 19:30 on Sep 9, 2018 |
# ¿ Sep 9, 2018 19:23 |
|
Nalin posted:The problem is that SA has this CSS: Hmm, but SA still doesn't scroll anchor if I use userContent.css to disable that line.
|
# ¿ Mar 23, 2019 04:08 |
|
Nalin posted:Set this to true: It seems to highlight individual posts, is that good or bad? How can you tell what counts as a scrollable frame? Inspecting the page shows that the modification worked and that it did get rid of the high level overflow:hidden.
|
# ¿ Mar 23, 2019 05:52 |
|
Nalin posted:I'm not sure then! Highlighting just a single post should mean that it found an anchor point that it can use to resist page flow changes.
|
# ¿ Mar 23, 2019 18:15 |
|
Klyith posted:I think if you started with the goal of a thing designed to fall through the cracks in an org chart, certs is what you'd come up with. Also nobody ever wants to put in a system that will start complaining about certs before they expire, in increasingly loud ways.
|
# ¿ May 6, 2019 03:56 |
|
Ornedan posted:Is there anything like Tab Mix Plus for current Firefox or am I stuck on Waterfox for now? Main things I need from TMP are the multi-row tab listing and not loading tabs until interacted with.
|
# ¿ Jun 1, 2019 22:31 |
|
Ihmemies posted:How do you guys even use twitter? It is even worse than facebook, you can't browse it at all: I manually navigate to twitter.com/search when necessary, but yes the site does hate you and everyone. Especially the anti-bot feature or whatever it was that makes you load the page twice.
|
# ¿ Jul 25, 2019 09:34 |
|
Knormal posted:Does anyone have a CSS hack to hide the hamburger button on 71? The one at https://github.com/Aris-t2/CustomCSSforFx doesn't seem to work anymore. Or rather it does, but it also hides the search box and any neighboring buttons you put up there. Looking at the code they use: code:
(Technically I'm on 72, in case they made a change and then reverted it or something.)
|
# ¿ Dec 5, 2019 22:01 |
|
Ola posted:No I don't. I wish all web sites conformed to the best accessibility standards and everyone on the web had the same ease of use. If a global zoom level helps, that's good. But bad design and poor accessibility isn't just about size, and zoom often breaks the layout. I have more or less perfect vision, but I often find myself using reader view, because many web sites are such utter shitpiles. And a site following accessibility standards won't do anything for "I just need it all bigger".
|
# ¿ Feb 16, 2020 20:45 |
|
Lambert posted:Zoom increases the size of the elements around the picture, and the picture itself is scaled to the window size. Everything works as expected. Zoom is page zoom, not a magnifier. Yeah. If I set my screen/window to 720p, versus if I set my screen/window to 1440p and zoom to 200%, that page looks exactly the same. That's what zoom is supposed to do. The CSS pixels get bigger, but the window is now fewer CSS pixels wide. If you want to have a virtual window size that's bigger than your actual window, that would also be a possible feature, but it would have weird issues like double scroll bars on some pages.
|
# ¿ Feb 18, 2020 21:00 |
|
D. Ebdrup posted:I know it's intentional, I'm saying I don't like it. You've been able to make an in-page click put the entire page full screen for a decade now, and I don't think it's caused any horrible problems so far.
|
# ¿ May 15, 2020 23:09 |
|
Is it too much to hope for Microsoft/github to stand by their users here and deliberately reject the takedown?
|
# ¿ Nov 3, 2020 15:42 |
|
Blue Footed Booby posted:Is he saying that introducing a bug to block an exploit is "underhanded"?? The opposite. It's underhanded to try to get a bug fixed to enable an exploit. Edit: Blue Footed Booby posted:Edit: oh my god, was the bug report originally filed by the guy who invented the tracking trick? Yep!
|
# ¿ Feb 19, 2021 21:56 |
|
Klyith posted:edit: since this was a mega efb, I'm gonna elaborate on this one bit of my original post: And as far as technical measures go, you can defeat those third party scripts if you have the right browser settings and security. But to prevent server-side tracking requires a VPN too. (Or certain configurations of carrier-grade NAT). So while VPN advertisements shouldn't imply they are sufficient to prevent tracking, they're a pretty necessary part of preventing tracking.
|
# ¿ Feb 20, 2021 06:37 |
|
KozmoNaut posted:I honestly don't think a majority of the people who use Firefox daily, think the latest UI changes are particularly offensive. The other important question is whether there's a significant fraction of people that think it's a particularly good change.
|
# ¿ Jul 15, 2021 19:09 |
|
Hargrimm posted:Firefox never stores duplicate history entries for multiple visits to the exact same URL. The "places" database which drives history has one row for each unique URL, and if you visit it again it just increments the visit counter by 1, it doesn't create a separate row. Wordle is the same site and URL every time so it won't appear multiple times in the history. It's less an exact audit log of every site you visit in perfect order and more an aggregation of all the sites you've visited, ordered by the recency of your latest visit. Otherwise there would be heaps of duplicate entries for every time you refreshed your Twitter feed or whatever. I really wish it would store the first time I visited a site too. There's even an "added" column in the UI that's always blank. Trying to dig through a past bunch of sites gets extra annoying when I have to open them all up in private windows so the history entries don't jump around. And for what it's worth the duplicates in chrome have never bothered me and chrome doesn't store actual refreshes.
|
# ¿ Feb 13, 2022 01:25 |
|
As a reminder, the other and more targeted way to fix it is stuffing this in stylus or usercontent:code:
|
# ¿ Feb 25, 2022 19:41 |
|
|
# ¿ Apr 18, 2024 15:29 |
|
Serephina posted:I was about to say that "as long as the UI has a scale setting it shouldn't matter", then realized that I don't know of any way of doing that to the browser's UI. System-wide yes, webpage content yes, but not the browser UI. I guess it's not needed if your OS's UI is consistent across applications, but webrowsers are often their own ecosystem so that may not apply to everyone. Or anyone. You can scale the entire browser with layout.css.devPixelsPerPx, at least.
|
# ¿ Mar 24, 2022 06:26 |