Tor Browser disabled NoScript, but can't update

[d0bby]

> Turns out an unrelated 3rd party can suddenly remotely disable Tor anonymity protections at their whim, and possibly endanger TBB users (or deliberately help in deanonymizing them).

> remotely disable Tor anonymity protections [!]

Maybe a 'certificate is expiring soon' warning on the browser side?

Users would know and Mozilla would be forced to keep certs valid.

The inception bar: a new phishing method

[d0bby]

I like how this is a trend now, fake popups, fake url bars.

Maybe _unique_ browser designs would help users.

Don't Talk to the Police – James Duane

[d0bby]

Giving your license/id when asked does not need talking...

Jk, ofc you need to talk, for example to explain that you won't answer questions because you have the right to do so.

Ask HN: What email client do you use?

[d0bby]

Yeah mutt is pretty awesome... but since many mails these days are html you'll go through some trouble!

Adblock Plus filter lists may execute arbitrary code in web pages

[d0bby]

> My hunch tells me this is not good.

After some clicking I found this: https://github.com/uBlockOrigin/uAssets/issues/4080#issuecom... , might be interesting

Adblock Plus filter lists may execute arbitrary code in web pages

[d0bby]

People are talking about uBlock Origin...

I really like it, no doubts it's good and everyone should consider using it.

BUT, since we are talking about uBlock Origin, I'd like to mention another awesome extention Raymond Hill made.

uMatrix (https://github.com/gorhill/uMatrix)

uMatrix alone is very powerful, and will prevent most ads.

Yes you as a user need to do the work, but the result is better.

If you like the idea of uMatrix, you may also look at NoScript!

Actually, I live almost ad free using NoScript + uBlock Origin for at least 2 yrs.

$rewrite... what a dumb feature btw!

[darkpuma]

I find uMatrix+uBO (with uMatrix set to block everything by default and uBlock Origin set to it's default easy mode) to be best setup. Ads virtually never get through, and most websites don't need javascript at all to read the articles so my uMatrix whitelist is actually surprisingly small.

Password Reset and Web-Cache Poisoning (and a Little Surprise in RFC-2616)

[d0bby]

"How does a deployable web-application know where it is? Creating a trustworthy absolute URI is trickier than it sounds. Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP)"...

How many hours do you reCAPTCHA per week?

[d0bby]

I'm using it with a VPN rn, it's working fine. But yeah using a VPN/TOR increases the risk profile (or whatever they call it). It even slows down the animation of loading new images, it drives me crazy.

How many hours do you reCAPTCHA per week?

[d0bby]

I'm trying it out right now. Works! I heard about people using Googles Speech-to-Text to solve the audio challenge some time ago... ty for showing this 1!

How many hours do you reCAPTCHA per week?

[d0bby]

I'm trying to do so too, but it's hard. But it's hard to find alternatives for some sites...

[db48x]

Agreed. In fact, there's still one that I use which has recaptcha, but it won't be a problem unless I ever have to log in again. As long as I still have a valid cookie I won't have to, but I guess I can't count on that lasting forever...