QtD 0.1 is out!

John Reimer terminal.node at gmail.com
Thu Feb 5 20:00:55 PST 2009 

Hello Bill,

>> http://adblockplus.org/en/subscriptions  I'm not exaggerating when I
>> say that for a few months before I found that addon, using the web
>> was so bad I was *very* close to abandoning use of the web entirely.
>> 
> What kind of sites do you go that are so bad?  I find things a little
> annoying without FlashBlock, and I have Firefox's default popup
> blocking on, but with those two things, I don't see much of anything
> all *that* annoying in my day-to-day web use.  So I'm wondering if it
> has to do with the sites you frequent or something?  Or is it just
> your threshold for tolerating an ad or two is so much lower than mine?
> 
> --bb
> 


It's not always about the class of sites anymore.  Although naturally, there 
will be a higher incident of problems among certain types of sites.  The 
problems are starting to prevalent among many types of sites since these 
locations, commercial or otherwise, are "pushing" a lot more than they use 
to.  Many elements (like flash) are not necessarily visible, but still gather 
"permanent" information on you, and it doesn't seem to matter if you had 
your cookies disabled or not.


I use noscript with firefox (which also allows control of Java and Flash). 
 I completely agree that the use of JavaScript is pretty evil these days. 
 Even worse is that websites are taking advantage of so many people that 
are rather ignorant of how to protect themselves.  I have found some sites 
that are quite surfable without javascript: I'm very impressed when I see 
this because it says volumes about their good manners and respect for the 
user.  I must admit that I also get greatly irritated when I come across 
websites that are inoperable without javascript.  I often will refuse to 
use them... unless I really must.  Contrary to popular opinion, javascript 
does not appear to be a dire necessity for a fast, usable website (though, 
I also admit there are certain good applications for it).


Javascript is one of the worst potential security breeches today /especially/ 
because of all the websites that force you to keep it enabled.  Unfortunately, 
most people have become so dependent on it that they can't think of giving 
it up just to have more privacy and security.   Yet disabling JavaScript 
remains one of the most highly recommended ways to eliminate a whole spectrum 
of attacks that regularly can sneek through all your anti-virus and anti-malware 
software.   And the attacks can come from websites that normally would be 
harmless because sometimes they get "injected" (I don't know how) with evil 
Javascript that is just waiting to be run in your browser.


Flash is also a secret horror.  The funny thing is that the blocking of cookies 
has long been controllable in most browsers, but little is said about flash 
"local shared objects" that can accomplish the same sort of tracking in a 
much more hidden medium.  Even worse is that there is much less stricture 
on these objects (like expiry dates and storage size).  There is a way to 
limit these LSO's but few people seem to know or think about this being necessary. 
 A simple google search on Flash cookies gives a fair amount on interesting 
information on this. 


Incidentally Google is another one to keep your eye on; and while I don't 
want to sound alarmist, I think Google will eventually could turn out to 
be one of the greatest security/privacy concerns on the web over the next 
few years.  They have managed to spread their influence everywhere by getting 
people excited on various ideas, and it's amazing to see that almost every 
website out there is linked to Google in sort of way or use a "free" Google 
feature (google analytics for one).  All these "free" services are concerns. 
  It seems Google is very clever... a little too clever for my liking.


Overall, I think the web is a mess... a dangerous mess, and it's getting 
worse as fast as people are becoming ignorant: the gap expands even faster 
in the relative sense.   I'm guessing the security and privacy risk it presents 
to the public will only get worse as we eat up the freebies, for which most 
of us have developed a taste from the bountiful supply of the information 
age.  There's a general apathy that has grown along side it all.


-JJR


PS.  I've found a few good ways to view both outgoing and incoming internet 
communications. Any sort of port logging is both interesting and educational. 
 A couple good pieces of software to monitor these things are PeerGuardian2 
(not only useful for p2p ... just generally useful to see incoming/outgoing 
traffic) and PortReporter (a Microsoft tool).  Both allow you to see what 
kind of probes occur over time, including what your computer is doing to 
communicate with the outside world, perhaps even when you don't intend it 
to. :P

More information about the Digitalmars-d-announce mailing list