+ Reply to Thread
Page 14 of 14 FirstFirst ... 4121314
Results 196 to 209 of 209

Thread: Good Firefox Addons

  1. #196
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by alpacino View Post
    I think this is just a coincidence but a few days after I installed this add-on and nano defender with nano adblocker my firefox is now giving me a very annoying message saying "A web page is slowing down your browser, what do you want to do" then options "stop it" and "wait". Choosing "wait" does nothing. And these are the only three add-ons installed currently.
    I times to times get this kind of message, but related to an other of my installed extension (CanvasBlocker). Did you manage to find the culprit?

    ---------- Post Merged at 03:07 ---------- Previous Post was at 02:45 ----------

    CheckMyHttps


    The extension « CheckMyHTTPS » checks if your HTTPS connections are correctly secured ort not.

    How does it work ?

    During the browser start up, a first test will be made on our website (checkmyhttps).
    A green lock means a secured connection.
    A red lock means that your connection might be listened to...
    If you have any doubt, you are free to check your connection on other HTTPS website by clicking on the lock. Don't forget to make this test on HTTPS websites ! :)

    More detail !

    Normally, a secured website has to prove its identity to your browser by sending a certificate validated by a recognized certificate authority. Interception techniques, to be able to work, generate dynamically forged certificates.

    CheckMyHTTPS checks that the received certificate from a visited HTTPS website matches the certificate seen by a remote server, ensuring no interception is taking place within your local network. This is sufficient to prove the interception.
    In pre-Quantum area, This extension was one of my favorite. On FF quantum, a third party app is required in order the addon perform its job. It didn't work very well though, because of pinning issues which just have been solved in the last version.

    Be aware that the extension can (and, in fact, must) give you "false concerning" results if your AV is MITM-ing you (ie is intercepting your browser's HTTPS requests, for so called "security ressons").
    Last edited by Renk; 03.02.19 at 05:03.
    Reply With QuoteReply With Quote
    Thanks

  2. #197
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    Interesting addon (increasing awareness of certificate fingerprints is a good thing), but what does it ultimately accomplish that browser warnings about invalid certificates don't? Especially for someone like you who is a pro at this

    Be aware that the extension can (and, in fact, must) give you "false concerning" results if your AV is MITM-ing you (ie is intercepting your browser's HTTPS requests, for so called "security ressons").
    I would suggest not using an antivirus that does this, it's a dangerous compromise at best.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  3. #198

    Join Date
    03.05.18
    Location
    X:0;Y:0
    Posts
    124
    Activity Longevity
    0/20 7/20
    Today Posts
    0/5 ssssss124
    Buster: Captcha Solver
    Automatically solves REcaptcha, available for FF, Chrome and Opera

    Link: https://github.com/dessant/buster

    ---------- Post Merged at 17:02 ---------- Previous Post was at 17:00 ----------

    Quote Originally Posted by anon View Post
    If you follow good security practices (Tor or similar, third-party cookies disabled, an anti-canvas addon, something like SecretAgent to randomize your browser's identity)
    I'm looking for more of these, though SecretAgent seems to be abandoned for good as of now, is there anything similiar to it?
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    Renk (03.02.19)

  5. #199
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post
    Interesting addon (increasing awareness of certificate fingerprints is a good thing), but what does it ultimately accomplish that browser warnings about invalid certificates don't? Especially for someone like you who is a pro at this

    I am absolutely not a pro at this (at best an amateur), but as far I understand: If a MITM-ing SSL proxy is standing between you and the web, performing an SSL connection only mean performing an SSL connexion to the SSL proxy, which can snif all private informations yor browser is sending (particularly username/password).

    Sure the point of CAs is to defeat MITM, but the authentication of the connection works by sending to the client an ssl cert created on the fly by the proxy, with the details copied from the "real" ssl cert, but of course signed with a different certificate chain. So if this chain is terminating with one of the browser's trusted CA's, the browser doesn't give any certificate error and this MITM will be completely invisible to the user (*).


    It has already been the case several times.

    * Few years ago, lenovo PC came bundled with the adware app SuperFish that installed its own root CA in the client's trusted root store. An other example was PrivDog.

    * If you are using an HTTPS connection in a corporate environment, a specific corporate root CA may have been installed as well.

    * And as Schneier is noticed, DigiNotar "was either the work of the NSA, or exploited by the NSA". So it's safe to consider that NSA (and other 3-or-more letters governmental agencies) has/have root CA signing key(s).


    Even in these cases, CheckMyHttps is able to indicate that something wrong happened (see Gibson's site too)(**). Alternatively, you can use the app SSLEyes.



    (*) although probably not if the site you (think) you are connecting to uses Extended Validation Certificate or HSTS (and, in that case, you have already truly connected to this site in the past).

    (**) Obviously, a perverse MITM proxy can let the connection to CheckMyHttps web site untouched. In that case, the addon detects nothing wrong. The point is, you can configure the addon to perform its work with the https site you want (that's what I advice).

    ---------- Post Merged at 15:57 ---------- Previous Post was at 15:31 ----------

    Quote Originally Posted by pleasenocheating View Post
    Buster: Captcha Solver
    Automatically solves REcaptcha, available for FF, Chrome and Opera

    Link: https://github.com/dessant/buster

    ---------- Post Merged at 17:02 ---------- Previous Post was at 17:00 ----------



    I'm looking for more of these, though SecretAgent seems to be abandoned for good as of now, is there anything similiar to it?

    Yes, SecretAgent is abandonned. I suggest Chameleon. This addon is a quantum version of RandomAgentSpoofer. It is regularly updated and is optionally faking a lot of stuff. The dev is responsive and open to new features(but I prefer CanvasBlocker for faking Canvas and Audio Api)

    Notice that if you are using Tor network, "good security practices" recommend to use the browser Tor Browser Bundle, and, in that case to not use any faking addon (because faking something in TBB will render you recognizable).
    Last edited by Renk; 03.02.19 at 17:16.
    Reply With QuoteReply With Quote
    Thanks

  6. Who Said Thanks:

    anon (05.02.19)

  7. #200
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Bypass Paywalls

    This addon allow you to... bypass paywalls on some sites (mainly news sites). Currently the sites where this addon is working are:
    The Age (theage.com.au)
    Baltimore Sun (baltimoresun.com)
    Barron's (barrons.com)
    Bloomberg (bloomberg.com)
    Caixin (caixinglobal.com)
    Chemical & Engineering News (cen.acs.org)
    Central Western Daily (centralwesterndaily.com.au)
    Chicago Tribune (chicagotribune.com)
    Crain's Chicago Business (chicagobusiness.com)
    Corriere Della Sera (corriere.it)
    Daily Press (dailypress.com)
    Denver Post (denverpost.com)
    De Tijd (tijd.be)
    The Economist (economist.com)
    Examiner (examiner.com.au)
    Financial Times (ft.com)
    Foreign Policy (foreignpolicy.com)
    Glassdoor (glassdoor.com)
    Haaretz (haaretz.co.il / haaretz.com)
    Hacked (hacked.com)
    Hartford Courant (courant.com)
    Harvard Business Review (hbr.org)
    Het Financieele Dagblad (fd.nl)
    Inc.com (inc.com)
    Irish Times (irishtimes.com)
    La Repubblica (repubblica.it)
    Le Temps (letemps.ch)
    Los Angeles Times (latimes.com)
    Medium (medium.com)
    Medscape (medscape.com)
    MIT Technology Review (technologyreview.com)
    Mountain View Voice (mv-voice.com)
    New Statesman (newstatesman.com)
    Nikkei Asian Review (asia.nikkei.com)
    NRC (nrc.nl)
    Orange County Register (ocregister.com)
    Orlando Sentinel (orlandosentinel.com)
    Palo Alto Online (paloaltoonline.com)
    Quora (quora.com)
    SunSentinel (sun-sentinel.com)
    The Advocate (theadvocate.com.au)
    The Australian Financial Review (afr.com)
    The Boston Globe (bostonglobe.com)
    The Globe and Mail (theglobeandmail.com)
    The Herald (theherald.com.au)
    The Japan Times (japantimes.co.jp)
    TheMarker (themarker.com)
    The Mercury News (mercurynews.com)
    The Morning Call (mcall.com)
    The Nation (thenation.com)
    The New York Times (nytimes.com)
    The New Yorker (newyorker.com)
    The News-Gazette (news-gazette.com)
    The Saturday Paper (thesaturdaypaper.com.au)
    The Spectator (spectator.co.uk)
    The Business Journals (bizjournals.com)
    The Seattle Times (seattletimes.com)
    The Sydney Morning Herald (smh.com.au)
    The Toronto Star (thestar.com)
    The Washington Post (washingtonpost.com)
    The Wall Street Journal (wsj.com)
    Towards Data Science (towardsdatascience.com)
    Vanity Fair (vanityfair.com)
    Wired (wired.com)


    Of course there is no Atlantean Black Magik behind it. For a paywall to be bypassable by the extension, GoogleBot itself has to be able to bypass it:
    New site requests:

    Visit an article on the site you want to bypass the paywall for and copy the article title.
    Open up a new Private window (Ctrl+Shift+P) and paste the article title into Google.
    Click on the same article from the Google search results page. If it loads without a paywall you can submit a request to add the site, otherwise my extension cannot bypass it either.
    Alas it is no longer available on AMO, because someone from Mozilla didn't fully agreed with the purpose of this addon. Now, it is only downloadable from GitHub.
    Last edited by Renk; 04.02.19 at 00:36.
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    Blocker (01.05.19) , H265 (10.02.19) , Butuca (04.02.19)

  9. #201
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    I am absolutely not a pro at this (at best an amateur)
    Well, you're more pro than I am

    as far I understand: If a MITM-ing SSL proxy is standing between you and the web, performing an SSL connection only mean performing an SSL connexion to the SSL proxy, which can snif all private informations yor browser is sending (particularly username/password).

    Sure the point of CAs is to defeat MITM, but the authentication of the connection works by sending to the client an ssl cert created on the fly by the proxy, with the details copied from the "real" ssl cert, but of course signed with a different certificate chain. So if this chain is terminating with one of the browser's trusted CA's, the browser doesn't give any certificate error and this MITM will be completely invisible to the user (*).
    For a CA to issue a certificate that's valid for a domain, you have to prove you own it, usually through an e-mail-based confirmation sent to an address on that same domain, or phone calls and on-site visits for the more expensive EV certs. Wildcard certificates exist, but you can't generate them for stuff like *, *.com, *.example.* or anything that would match domains you haven't proven to own. (This whole system isn't perfect, by the way - a Finnish guy was able to get a valid certificate for live.fi from Comodo - but it's what we have.)

    However, all that and my previous post both assume the client computer is not compromised with malicious root certificate authorities. If that's not given, then anything goes. SuperFish and eDellRoot are just another reason to never keep the preinstalled OS on a new computer, by the way

    Very interesting article that you linked to regarding Diginotar, I wasn't aware of it at all.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  10. #202
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    For a paywall to be bypassable by the extension, GoogleBot itself has to be able to bypass it
    This technique is called "cloaking" and considered black-hat SEO when abused in this manner. Not that it has resulted on penalties for the above-mentioned sites; nytimes.com in particular has a PageRank of 9.

    I use the Googlebot trick a lot on Microsoft, to read their support articles without having to enable JavaScript. Your IP can be cross-checked to ensure you're really a bot, but very few places do this.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  11. Who Said Thanks:

    Renk (09.02.19)

  12. #203
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Ad Nauseam
    This ad-blocker is so good that Google banned it. It's a fork of uBlock, with an interesting feature that other ad-blockers don't have: AdNauseam doesn't prevent content providers from getting paid because the addon silently (and randomly) clicks on (some of (*)) the ads it blocks.

    (*) Adjustable.



    Location Guard
    It basically spoofs/fakes your GeoWifi location. One of it's coolest feature (in my point of view) is that it can automatically fake this location according to the IP of the proxy/vpn you are using.
    Last edited by Renk; 09.02.19 at 19:03.
    Reply With QuoteReply With Quote
    Thanks

  13. Who Said Thanks:

    Mon (10.02.19) , anon (10.02.19)

  14. #204
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    AdNauseam doesn't prevent content providers from getting paid because the addon silently (and randomly) clicks on (some of (*)) the ads it blocks.
    Interesting concept, but I can completely understand why Google banned this addon... it's like printing counterfeit money. On the short run, it will help sites because they get paid for the "fake" clicks. On the long run, it will be harmful because if everyone uses it, said clicks will become meaningless (supposedly there's no way to tell the difference between this and someone who actually clicked on an ad and then closed it), and advertisers will have to decrease their payouts or even shut down.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  15. #205
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post
    Interesting concept, but I can completely understand why Google banned this addon... it's like printing counterfeit money. On the short run, it will help sites because they get paid for the "fake" clicks. On the long run, it will be harmful because if everyone uses it, said clicks will become meaningless (supposedly there's no way to tell the difference between this and someone who actually clicked on an ad and then closed it), and advertisers will have to decrease their payouts or even shut down.


    For sure it's the reason. But the decrease of the payouts can happen only in the long run and if a substantial number of user adopts it. On the short run (as you notice) and on the long run if the number of AdNauseam's users remains very moderate, there will be no loss in trust (ie in the value attributed to a click). So the loss of revenues related to AdNauseam usage is 0 on the short run, and follows a threshold curve on the long run. It is significant that Google has chosen to ban this addon, and leave quiet the other ones, which themselves lead to an loss of revenue on the short and long run, and a loss proportional to the number of users whatever this number is (so no threshold in that case).

    The (well though in my opinion) metaphor of counterfeit money you use is interesting too: Counterfeit money is money not issued by the authority in charge of this production (central banks, and even regular banks). In the case of web adds, this authority is nothing else than each user. And with AdNauseam activated, this authority remains the user. Simply he delegates his money emission's right to an addon, ie to a bunch of code, and suddenly this emission becomes fake money.

    Then, suppose an user has access to an IA (which is only a bunch of code too), and suppose the user trains it in order this bunch of code behaves like an human (possibly like him, possibly exactly like him). If the user delegates the clicking activity to this IA, will these clicks still be fake money?

    This illustrates in my opinion that what is trading in this business is not clicks. It's our mind, our attention, our identity, our desires (and maybe our soul).


    NB: Here are 2 others "traffic spoofing" FF addons:
    Mystique-FF
    This Add-on produces background traffic while you are normally surfing the web, obscuring your real user profile by opening websites at random. There are options that let you define how much and what sort of traffic this Add-on produces.

    TrackmMeNot
    An artware browser add-on to protect privacy in web-search. By issuing randomized queries to common search-engines, TrackMeNot obfuscates your search profile and registers your discontent with surreptitious tracking.
    But as Google is well aware of this addon, if you let the default settings unchanged, you may end in having to solve captchas before each google search request.
    Last edited by Renk; 10.02.19 at 23:35.
    Reply With QuoteReply With Quote
    Thanks

  16. #206
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    For sure it's the reason. But the decrease of the payouts can happen only in the long run and if a substantial number of user adopts it. On the short run (as you notice) and on the long run if the number of AdNauseam's users remains very moderate, there will be no loss in trust (ie in the value attributed to a click). So the loss of revenues related to AdNauseam usage is 0 on the short run, and follows a threshold curve on the long run.
    True.

    It is significant that Google has chosen to ban this addon, and leave quiet the other ones, which themselves lead to an loss of revenue on the short and long run, and a loss proportional to the number of users whatever this number is (so no threshold in that case).
    Well, I don't know which is worse for advertisers. With a regular blocker, at least they know the advertisements were blocked and not loaded. Here, they know they loaded, but not if they were seen and ignored by a real person, seen and ignored by the addon, clicked by a real person or clicked by the addon.

    The (well though in my opinion) metaphor of counterfeit money you use is interesting too: Counterfeit money is money not issued by the authority in charge of this production (central banks, and even regular banks). In the case of web adds, this authority is nothing else than each user. And with AdNauseam activated, this authority remains the user. Simply he delegates his money emission's right to an addon, ie to a bunch of code, and suddenly this emission becomes fake money.

    Then, suppose an user has access to an IA (which is only a bunch of code too), and suppose the user trains it in order this bunch of code behaves like an human (possibly like him, possibly exactly like him). If the user delegates the clicking activity to this IA, will these clicks still be fake money?

    This illustrates in my opinion that what is trading in this business is not clicks. It's our mind, our attention, our identity, our desires (and maybe our soul).
    It's the automation that makes this "wrong", in my opinion. You're supposed to only click on stuff that interests you in some way, that's the expected behavior. No one clicks on all the ads they see, nor do they click on random ones they don't care about, so having an addon do the very same is not correct.

    Conversely, if there was an AI that could scan advertisements, click on relevant ones, purchase/subscribe the products/services offered and evolve its knowledge and decision process, all in the same manner as its creator, that would be acceptable. But whether such a thing will ever be possible is outside the scope of this discussion

    NB: Here are 2 others "traffic spoofing" FF addons:
    Mystique-FF

    TrackmMeNot

    But as Google is well aware of this addon, if you let the default settings unchanged, you may end in having to solve captchas before each google search request.
    TrackMeNot is probably the earliest addon ever made for this task, I recall using it on Firefox 1.5.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  17. #207
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Google Unlocked

    This addon will complete your search results on Google in retrieving removed links from Lumen DataBase in order to help you to find some interesting stuff...
    Last edited by Renk; 01.05.19 at 00:28.
    Reply With QuoteReply With Quote
    Thanks

  18. #208
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Just found that:

    FreeLeech
    If you are an user of a private tracker. You know that is difficult to maintain a proper ratio.

    Under windows they are a couple of software (ratiomaster, mRadio etc...) to cheating and report fake upload to tracker to avoid loose ability to download.

    This add on does the same thing but in Firefox and cross platform (windows/mac/linux).

    How is it working ?

    The bittorrent protocol is basic and trust the user (his torrent client) too report the uploaded data.
    So this extension reports fake upload values and keeps your ratio up and running. (...)
    What are you thinking about it???
    Reply With QuoteReply With Quote
    Thanks

  19. #209
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,370
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39370
    Quote Originally Posted by Renk View Post
    Just found that:

    FreeLeech


    What are you thinking about it???
    I haven't actually tried it, but I don't expect a browser addon to offer the same levels of usability and security as the programs we have here.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread
Page 14 of 14 FirstFirst ... 4121314

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •