this post was submitted on 02 Aug 2024
51 points (100.0% liked)

linuxmemes

21172 readers
909 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    top 50 comments
    sorted by: hot top controversial new old
    [–] [email protected] 10 points 3 months ago

    [Richard Stallman] usually does not browse the web directly from his personal computer. Instead, he uses GNU Womb's grab-url-from-mail utility, an email-based proxy which downloads the webpage content and then emails it to the user.

    If you're not doing this you're not properly paranoid.

    [–] [email protected] 9 points 3 months ago (5 children)

    Librewolf, but I'd argue it's more of a Firefox/web debloater reason. No pocket, no VPN ads. I would have said that the only issue is that it is a pain to update, but they added a windows updater and software repos, so I would almost recommend it over stock firefox for normies.

    And I use tor to search stuff that contains sensitive data like my location... Or when a website is blocked

    [–] [email protected] 6 points 3 months ago (1 children)

    This is the argument I keep using for why people should use Linux more. The fact you have to run updater software for each piece of software is so stupid. It's a horrible solution to a poorly designed problem. On Linux I just tell my package manager to update everything and it takes care of it all. There's no need for the user to be handling all of that, and it also shouldn't have to update in starting the application because that's when the user wants to use it, not wait for an update.

    (For reference: it's the same thing as on your phone where it tells you the number of things that need updated and you just tell it to update whenever you feel like it.)

    [–] [email protected] 0 points 3 months ago (4 children)

    Windows has had winget for a while now. While not as good as Linux version, I think it’s fine enough for those who must still use Windows for their gaming. 🤔

    [–] [email protected] 3 points 3 months ago

    There's like three package managers for Windows and none of them have gained enough traction to really be considered the de facto.

    Also, Microsoft stole AppGet from its developer and didn't pay them anything.

    load more comments (3 replies)
    load more comments (4 replies)
    [–] [email protected] 4 points 3 months ago (4 children)

    I exclusively browse with cURL and manually parse HTML myself the old fashioned way

    [–] [email protected] 3 points 3 months ago (1 children)

    Tor Browser serves a different purpose/use-case to the first two. The first two are intended for everyday browsing while I've never heard of anyone using Tor Browser as their daily browser—and if you log into websites then using Tor Browser as your daily driver would defeat the anonymity purposes if you're logging in anyway.

    I use librewolf for everyday browsing and Tor Browser for things requiring a higher threat model.

    [–] [email protected] 1 points 3 months ago (1 children)

    It actually feels selfish to use Tor as a daily driver.

    [–] [email protected] 3 points 3 months ago (1 children)

    I assume that by "selfish" you mean taking up bandwidth from the Tor network, which is a valid concern. But using it as a daily driver for low-bandwidth tasks like reading text (and maybe a few compressed pictures here and there) is actually be beneficial to the Tor network, as it increases the size of the crowd, thereby making everyone more anonymous.

    [–] [email protected] 2 points 3 months ago

    Eh, that's fair. As long as it is low bandwidth like you said. Maybe I'll do it some.

    [–] [email protected] 2 points 3 months ago (1 children)

    Edge: *naked with an ad tattooed on the back*

    [–] [email protected] 1 points 3 months ago (1 children)

    Tattooed on the lower back to be more specific

    [–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

    This lumbar presented by T-Mobile—We got your back!*

    [–] [email protected] 1 points 3 months ago (1 children)

    does using chrome make you naked or something?

    unless it's just equivalent to firefox, which i doubt.

    [–] [email protected] 2 points 3 months ago (1 children)

    It certainly will after it kills Manifest v2 entirely soon. goodbye good version of ublock

    [–] [email protected] 1 points 3 months ago
    [–] [email protected] 1 points 2 months ago

    LibreWolf as daily driver and whenever I need a little extra privacy I use Tor or even tails

    [–] [email protected] 0 points 1 month ago

    ubuntu font!!!

    [–] [email protected] 0 points 3 months ago (1 children)

    Librewolf for normal stuff, Tor for stuff I don't even want linked to my IP.

    [–] [email protected] 1 points 3 months ago

    Jokes on you, cause a lot of alphabet organizations set up entry and exit nodes on Tor so you're being tracked regardless.

    [–] [email protected] 0 points 3 months ago (1 children)
    [–] [email protected] 1 points 3 months ago

    Telnet directly to web server and manually type all the GET/POST requests yourself. Then read raw HTML.

    [–] [email protected] 0 points 3 months ago (2 children)

    I'm considering switching to LibreWolf after all the AI crap Mozilla is adding

    load more comments (2 replies)
    [–] [email protected] 0 points 3 months ago (1 children)

    Librewolf is just a usable Firefox

    [–] [email protected] 0 points 3 months ago (1 children)

    Firefox is a completely usable Firefox.

    [–] [email protected] 0 points 3 months ago (1 children)

    If you dont care about Ad search engines, Studies, Pocket, Google Safebrowsing, search suggestions, a start page with ads, weak privacy settings, all cookies saved forever, no adblocking, a unique canvas fingerprint, a user agent containing your Linux Distro,...

    I went through the arkenfox user.js and literally all of it minus 20 or so settings just make sense. The rest are kinda overkill, but really, Firefox is horrible out of the box.

    It is really modular luckily

    [–] [email protected] 0 points 3 months ago (1 children)

    Most of these aren't issues or are "solved" in a couple of seconds.

    I am curious, exactly how would it be remotely possible for me to care that my UA string mentions Ubuntu when that's not even technically my distro? I cannot summon an ounce of concern there. Seriously, how the hell would that matter in the least to anyone?

    [–] [email protected] 0 points 3 months ago (1 children)

    It adds one factor for Fingerprinting that is simply not needed

    [–] [email protected] 0 points 3 months ago (1 children)

    I knew you would say that. I imagine that user agent strings as a concept are bad, in your opinion?

    [–] [email protected] 0 points 3 months ago (1 children)

    They are useful to differentiate mobile from PC devices. That is not needed as many Websites are dynamic, but useful for some.

    As all browsers also support the common web standards, it is also not necessary for determining supported features or something.

    The only other use I find is having download links targeting the platform, but especially on Linux that is not really useful

    [–] [email protected] 0 points 3 months ago (1 children)

    "useful" is relative. I prefer a world where websites can know which platforms users are coming from, as it helps them know where to focus their support efforts.

    There are billions of users but probably only a few OSes mentioned in UA strings so it seems like a decent trade off to me. My exact UA string is likely shared by millions of users even though my OS is somewhat rare on the world stage. Until the day comes that web browsers work exactly the same way on every platform, at which case I'd agree with you, no longer useful. Unfortunately for decades we've been quite a bit short of that end.

    Just checked because I couldn't remember exactly what OS info mine included last I looked. It's quite generic: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

    [–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (1 children)

    There is a big variety of browsers there, and as I said, the UA is simply one of the many tracking points.

    Websites often dont support users, they live off ads because we didnt find any internet model that can live without ads, which are a horrible concept.

    I was in a supermarket today where card payment was broken. There was a huge sign in the middle of the entrance about that, but a lot of people still didnt read it and had to bring back their groceries.

    I think this is in part due to ads. Ads train us to not concentrate, zoom out and be passive. Otherwise, looking at all that manipulative garbage would make us insane.

    So I am curious to why Websites would need to support users. Normal web standards work the same. There is a trend towards not supporting Firefox or maybe platforms with worse DRM, like Linux (where you can screencast any DRM browser anyways). So I think Netflix uses the Linux user agent to limit you to 1080p (as a laptop user and pirate I have no idea how this is an issue though)

    You are lucky here with your generic UA. maybe this is also outdated, but I read this was a thing at least on some distro packaged Firefoxes.

    Also that the search engines preconfigured would always get the info about what OS you are using.

    Yes these things may not be critical, and Firefox does a ton of awesome things like cookie isolation and containers, to limit the creepy stuff.

    But

    • having HTTPS off by default
    • being on "default" privacy level
    • keeping all cookies

    Is simply not okay. HTTP is still possible, I only know a single popup-ads-riddled site that doesnt work with Firefoxes most private setting. And deleting all cookies and making exceptions work kinda fine.

    There was a button to save cookies for a site, but it is gone? No idea why.

    Improving good private UX helps. Being too shy to implement it harms its reputation I think.

    I also like Brave with their model for monetization via crypto. I would be happy to tip a few cents for every website click, but micro transactions just dont really work.

    But as a sensitive person, I will absolutely always block every ad possible, as ads are horrible.

    [–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (1 children)

    I agree with you about ads for sure. But I'm not really sure what you mean about https being off by default. What I've noticed is that if I type an IP address into the address bar, FF first tries https and if that fails falls back to http.

    Regarding UA string: As a web developer I have worked on many projects, one currently, where browsers misbehave in unpredictable ways. Most notable these days is Safari. Without a user agent string I really don't have a way to workaround that browser's shortcomings. Yes, for this purpose, the UA string should be a last resort because feature detection is best, but trust me feature detection isn't always possible. It would not work for the current slew of issues I'm working through in Safari.

    Also, I would encourage you to read up on Brave and funder/fundamentalist Peter Thiel. Brave is not only a Google supporting browser by virtue of using chromium, it's also wrapped up in some shady shit, including being funded by a conservative psychopath.

    [–] [email protected] 0 points 3 months ago (1 children)

    I mean the HTTPS-only toggle. It still allows HTTP but after a warning. HTTP sites still work, so this should be opt-out.

    Safari only works on 2/3 Platforms, so I dont think a UA containing the OS, let alone a detailed "Lubuntu" etc. detail

    I heard about Peter Thiel I think in very different contexts? I wouldnt support Brave at all, I use a mix or hardened Firefox, Mull and Vanadium.

    [–] [email protected] 0 points 3 months ago (1 children)

    I really don't understand. So the fact that FF warms you against a (btw rare) thing is somehow not enough? ....

    And I'm telling you as a web developer who has to support multiple versions of Safari, it's not something I can just dismiss as irrelevant as you're apparently intent on doing.

    And about brave, you brought it up not me. Still don't understand why it even came up, especially if you're actively against it...

    [–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (1 children)

    I am not sure how embedded media inside HTTPS websites use HTTP. But using HTTPS exclusively is very possible today, nearly no websites not supporting it. So I see no reason here.

    But this is just an example and that is also GUI configurable.

    I see that Safari and different Browsers are an issue, but do you need OS info for that? Especially fine grained info?

    I mentioned Brave because they integrated something that is not ads, but I think it is ads anyways? So not using the browser, but pro anything with direct payment

    [–] [email protected] 0 points 3 months ago (1 children)

    Still unsure what you're saying about https. Firefox treats insecure sites as dangerous and tries to tell the user to beware, for that one time a year you might run into that situation. And by default, insecure content in a secure page is blocked in FF and I think that was true even in IE 11. That's been pretty standard for a long time.

    Regarding OS in the UA, no, rarely would you need it. I think browsers can send whatever they want there though. Are you saying that LibreWolf sends one without OS? Again to me it's a little paranoid to nitpick this but what I thought you were saying before is that UAs should not exist period, which I was disputing because I literally have been spending the last month working through safari specific bugs that would be nearly impossible to handle without a UA string to know the user is running safari. Sometimes I do need to know iPad vs iPhone, but that's not only rare but probably even more offensive to you than the UA mentioning the OS/OS family.

    [–] [email protected] 1 points 2 months ago (1 children)

    Firefox treats insecure sites as dangerous and tries to tell the user to beware

    I only get that behavior when setting HTTPS-only. If I dont, I think it may display a warning but thats it.

    Are you saying that LibreWolf sends one without OS?

    No they often take Windows 10 on FF ESR

    Sometimes I do need to know iPad vs iPhone

    I think that is a problem of the browser isnt it? And how does a "desktop site" button work? Does it change the UA or is there a different way to switch between the site views?

    I dont know why this couldnt be done with a "safari on iPadOS" vs "Safafi on iOS" or a separate value for "phone", "tablet", "desktop".

    The OS is way less important than the browser and the form factor here.

    [–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

    I think it may display a warning but thats it.

    Yeah that's what I said. It is your opinion that a warning is not enough but I very much don't feel that way. Users should be treated like adults by default.

    No they often take Windows 10 on FF ESR

    I don't know what this means unless you're saying it just always reports win 10

    As far as the rest of your comment... I have been building websites for 20 years now and I'm not content to do things the wrong way, so I've researched and considered the available options.

    It doesn't matter if it's a "browser problem" since I don't get to tell users that iOS sucks ass, which it does.

    Kind of feels dismissive the way you're hand waving away all the problems I deal with all the time. Like I said, until browsers behave consistently or at least predictably if they don't support something, UA will be needed sometimes. I haven't needed it for anything but safari in a long time but again I don't get to tell those users to get a decent browser. On iOS they don't even have that option if they were to want another browser.

    [–] [email protected] 1 points 2 months ago (1 children)

    Users should be treated like adults by default

    Thats why there is an "accept the risk and proceed" button ;)

    By default, Firefox loads Javascript from any site. The Pegasus Trojan was transmitted by hijacking 2G and 3G network connections, and using malicious HTTP redirects that wouldnt work with HTTPS.

    They are zero-click, meaning just opening that site would run the code.

    i think security should be normalized.

    it just always reports win 10

    It reports to be Firefox ESR on Windows 10. Maybe Windows 11 now.

    you're hand waving away all the problems I deal with all the time.

    I didnt. I just find it odd that you need to know the OS to display a site for 3 different form factors. But if that is true, then a UA might be a solution.

    [–] [email protected] 1 points 2 months ago

    I just find it odd that you need to know the OS to display a site for 3 different form factors

    Yeah, a lot of things seem odd until you take 20 years to understand them.

    [–] [email protected] 0 points 3 months ago (1 children)

    NetCat. /s

    Seriously though, I just use Firefox. LibreWolf is basically Firefox with stricter defaults, and over the years I've already tweaked Firefox to use all the privacy features anyway.

    I know there's some extra sauce implemented in LibreWolf that Firefox lacks, but that stuff seems like too much of a compromise for me (like canvas fingerprinting).

    Plus, I think orange looks nicer in my window list than blue.

    I also don't use tor or a vpn unless I can't access anything otherwise. I guess I don't really see the need to, since I don't think I'm doing anything that'll draw the government's attention.

    [–] [email protected] 1 points 3 months ago

    I started moving from Firefox to LibreWolf and found a few too many convenient features broke.

    I think password and bookmark syncing was too difficult to move away from, as I use them across devices/phone.

    Haven't had time to research alternative methods or practices.

    load more comments
    view more: next ›