On 06/13/2015 11:11 AM, jd1008 wrote:> All your browsing history, all cookies ...etc are open books > as far as many javascripts are concerned.Javascript can use CSS attributes to see if you've visited a specific URL, which is unfortunate, but that's a long way from saying that your history is an open book. Javascript cannot directly access your history. A script cannot enumerate all of the sites you've visited, it can only test specific, complete URLs. As far as cookies go, you're even further from the truth. A script can only access cookies whose domain matches the origin of the script.
On Sat, 2015-06-13 at 12:11 -0600, jd1008 wrote:> For example, all browsers execute the javascript called > googleusercontent.com > > Please read this page: > http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.comIn FF I use Ad Block Plus to block the world's biggest spying operation, Google. Currently 11 Google sites from google-analytics.com to googleusercontent.com Aware Mozilla get vast millions of USD from Google, now probably exceeding $100m, I don't use snooping and recording 'safe browsing' from Google either. -- Regards, Paul. England, EU. England's place is in the European Union.
On Fri, June 12, 2015 3:09 pm, Always Learning wrote:> > On Sat, 2015-06-13 at 12:11 -0600, jd1008 wrote: > >> For example, all browsers execute the javascript called >> googleusercontent.com >> >> Please read this page: >> http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com > > In FF I use Ad Block Plus to block the world's biggest spying operation, > Google. Currently 11 Google sites from google-analytics.com to > googleusercontent.com > > Aware Mozilla get vast millions of USD from Google, now probably > exceeding $100m, I don't use snooping and recording 'safe browsing' from > Google either. >As I already said, guys, do check tor project website: https://www.torproject.org/ Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Always Learning wrote:> > On Sat, 2015-06-13 at 12:11 -0600, jd1008 wrote: > >> For example, all browsers execute the javascript called >> googleusercontent.com >> >> Please read this page: >> http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com > > In FF I use Ad Block Plus to block the world's biggest spying operation, > Google. Currently 11 Google sites from google-analytics.com to > googleusercontent.com > > Aware Mozilla get vast millions of USD from Google, now probably > exceeding $100m, I don't use snooping and recording 'safe browsing' from > Google either.Yeah. I never enable google-analytics. When I want to see a website that's got a ton of inclusions, I selectively temporarily enable only what I think I'll need (which of those stupid things has the text? which the pic?), and when you enable disqus, for example, *then* you have to reopen noscript, because only then in disquscdn visible. Annoyances, but... and I never enable the ads. mark
On 06/12/2015 11:57 AM, Jonathan Billings wrote:> On Sat, Jun 13, 2015 at 10:55:47AM -0600, jd1008 wrote: >> The most offensive problems of using browsers is that >> they do not tell you nor ask your permission when javascripts >> spy on your entire storage contents. > Huh? You've been misinformed. Certainly there have been exploits > against browsers to bypass the sandbox, but this isn't the default > configuration in any browser I know of.guration or no,Configuration or no, the developer told me the bottom line scoop. FF, SM, IE, ....etc, all execute javascripts like obedient slaves.> >> I had asked a java developer at Sun Microsystems about >> what Sun means when it says that Java runs in a sandbox? >> Just what is the sandbox? >> I also asked if browsers that execute javascripts are retricted >> to this notion of a sandbox that does not leak out into >> the rest of the system. >> >> He said the "sandbox" is the entire storage on your computer. > Java != JavaScript. It's a common misconception. Perhaps that's why > this java developer might have answered the way he did, although I'm > fairly certain Java sandboxes can also be restricted (although I'm norowsers > Java developer) so they don't have access to the entire storage of > your computer. Certainly, simple UNIX permissions prevent both Java > and browsers from getting access to the *entire* storage on your > computer, unless they're used to exploit some other vulnerability. > > If you're concerned about JavaScript, I suggest looking into the > NoScript firefox extension.All your browsing history, all cookies ...etc are open books as far as many javascripts are concerned. For example, all browsers execute the javascript called googleusercontent.com Please read this page: http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com Be INFORMED!!
On 06/12/2015 01:01 PM, Gordon Messmer wrote:> On 06/13/2015 11:11 AM, jd1008 wrote: >> All your browsing history, all cookies ...etc are open books >> as far as many javascripts are concerned. > > Javascript can use CSS attributes to see if you've visited a specific > URL, which is unfortunate, but that's a long way from saying that your > history is an open book. Javascript cannot directly access your > history. A script cannot enumerate all of the sites you've visited, > it can only test specific, complete URLs. > > As far as cookies go, you're even further from the truth. A script > can only access cookies whose domain matches the origin of the script. >Why do you make such statements without knowing the intrinsics??? How in tarnation do you explain this: http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com Malware is installed where it can be executed. Since that is the case, what makes you think JS cannot access your browsing history??
On 06/12/2015 01:01 PM, Gordon Messmer wrote:> On 06/13/2015 11:11 AM, jd1008 wrote: >> All your browsing history, all cookies ...etc are open books >> as far as many javascripts are concerned. > > Javascript can use CSS attributes to see if you've visited a specific > URL, which is unfortunate, but that's a long way from saying that your > history is an open book. Javascript cannot directly access your > history. A script cannot enumerate all of the sites you've visited, > it can only test specific, complete URLs. > > As far as cookies go, you're even further from the truth. A script > can only access cookies whose domain matches the origin of the script.Your final line is not true.