...making Linux just a little more fun!
[ In reference to "The Gentle Art of Firefox Tuning (and Taming)" in LG#171 ]
Peter =?utf-8?q?H=C3=BCwe?= [PeterHuewe at gmx.de]
Hi Rick,
although I do not agree on every single aspect of the article I still think its a great article - so thanks for writing it. Especially your note concerning missing license information is quite valid I think.
I'd like to suggest another privacy-extension : Cookie Culler https://addons.mozilla.org/de/firefox/addon/82
This extension automatically cleans all your (normal) cookies when you close
the browser, except the ones you protect. So all those tracking cookies will
be erased (and gone) soon enough 
However there is no license information available on the page, but in the soure it says Version: MPL 1.1
In the comments there is also another extension which presumably does quite the same - however I have not yet tried it myself. https://addons.mozilla.org/de/firefox/addon/11044
/* BEGIN LICENSE BLOCK * Version: MPL 1.1/GPL 2.0/LGPL 2.1
And about BetterPrivacy:
BetterPrivacy — but I would like to specifically disrecommend that solution, because BetterPrivacy is proprietary software for which source code is never even available for inspection.
Are you sure about that? I agree that is not licensed under any free license as the content/LICENSE file states "BetterPrivacy is freeware; Non-commercial use and distribution only!"
however the source IS available (as with all extensions) as they are written in plain javascript/xul - just unzip the .xpi (and sometimes the jar within) and tadaa there's your source.
Or am I wrong about this?
Thanks, Peter
Rick Moen [rick at linuxmafia.com]
Quoting Peter H??we (PeterHuewe@gmx.de):
> although I do not agree on every single aspect of the article I still think > its a great article - so thanks for writing it.
Thank you very much, Peter. I wrote it primarily because I just hadn't seen much coverage of those subjects, and especially about the hazards of installing code from dubious locations.
[BetterPrivacy:]
> Are you sure about that?
I was sure about the licence. The source code auditability was just to the extent of my present knowledge based on what I'd seen.
> however the source IS available (as with all extensions) as they are > written in plain javascript/xul - just unzip the .xpi (and sometimes > the jar within) and tadaa there's your source.Thanks for pointing that out. I'd been searching for information on how one gets to the XUL sourcecode of distributed extensions, and whether it's reduced to bytecode, or what. Even the Mozilla.org pages on the extension interface didn't really make that clear -- so I've now learned something useful.
Of course, this merely means BetterPrivacy could be audited by third parties. The proprietary licensing has the incidental effect that few will ever bother (as one lacks a meaningful right to fork, there's not going to be a Debian package, etc.). Anyway, I happen to like the more modest design of Objectify, for whatever that's worth.
Peter =?iso-8859-1?q?H=FCwe?= [PeterHuewe at gmx.de]
Am Dienstag 02 Februar 2010 04:06:34 schrieb Rick Moen:
> Quoting Peter H??we (PeterHuewe@gmx.de): > > although I do not agree on every single aspect of the article I still > > think its a great article - so thanks for writing it. > > Thank you very much, Peter. I wrote it primarily because I just hadn't > seen much coverage of those subjects, and especially about the hazards > of installing code from dubious locations.
For me it was more interesting because of the privacy aspects, e.g. these strange feedreaders I never use, supercookies etc.
Especially as the EFF released a tool to test the 'uniqueness' of your browser. http://panopticlick.eff.org/index.php
And about better privacy: My alternative solution is a simple script in /etc/cron.daily with the content:
#!/bin/sh rm -rfv /home/user/.macromedia
Should fix atleast some issues
However I'm not yet sure howto clean the DOM localStorage and DOM
sessionStorage.
Is there a way to inspect the contents of the DOM storage?
Thanks, Peter
Rick Moen [rick at linuxmafia.com]
Quoting Peter H??we (PeterHuewe@gmx.de):
> Especially as the EFF released a tool to test the 'uniqueness' of your > browser. > http://panopticlick.eff.org/index.php
Yes, that's a pretty good cross-check, about what your browser reveals to server-end software.
On the earlier point, I should also mention that I inferred lack of inspection access to BetterPrivacy source code in part from the fact that the source code page, https://addons.mozilla.org/en-US/firefox/versions/license/74267, has no link for source code! (It has only the statement "BetterPrivacy is freeware; Non-commercial use and distribution only!") Again, thank you for pointing out that XPIs, themselves, are just zipped XUL source (+ metadata).
> And about better privacy: > My alternative solution is a simple script in > /etc/cron.daily > with the content: > #!/bin/sh > rm -rfv /home/user/.macromedia > >
That certainly covers it, but you might find it over time to be too sweeping. First, only .sol files seem of concern. Also, you may find eventually that some have benign functions you'd rather have persist, such as (oh, and I know I'm reaching, a bit) your per-user settings for Flash-based games.
It may seem unlikely, but I'm just trying not to close off capabilities I might actually want to use, some time. So, my personal inclination would be, as I said, to delete particular .sol files inside ~.macromedia by name, via a weekly cronjob.
> However I'm not yet sure howto clean the DOM localStorage and DOM > sessionStorage.
This actually may be an area where Adobe's online documentation and Flash-based "Flash Settings Manager" may be useful.
> Is there a way to inspect the contents of the DOM storage?
Well, it's just SQLite files, so SQLite itself might be useful. I haven't tried yet, so I really don't have much information (and not a lot has yet been written).
--
Rick Moen "When attributing a quotation to Paris Hilton,
rick@linuxmafia.com the preferred term is 'blame'."
-- FakeAPStylebook
Rick Moen [rick at linuxmafia.com]
----- Forwarded message from Ben Collver <bencollver@gmail.com> -----
Date: Tue, 2 Feb 2010 06:23:49 -0800 From: Ben Collver <bencollver@gmail.com> To: rick@linuxmafia.com Subject: re: The Gentle Art of Firefox Tuning and TamingThank you for publishing The Gentle Art of Firefox Tuning and Taming in the Linux Gazette. It is a well written article!
-Ben
----- End forwarded message -----