Secure Transactions

[Tod Merley]

Heinz thanks for reminding me about looking at certificates by clicking the
padlock.  I also note that they have the ability to export and so I suppose
a comparison could be made through that as well.

General question - can one spoof a certificate?  I suppose "man in the
middle" is simply nasty.

Jd1008 the one add-on I am now considering is a cookie manager.  However, I
am hoping to find one that works outside the browser.


On Sun, Aug 31, 2014 at 11:05 AM, jd1008 <jd1008 at gmail.com> wrote:

>
> On 08/30/2014 08:33 PM, Tim wrote:
>
>> On Sat, 2014-08-30 at 18:39 -0600, jd1008 wrote:
>>
>>> 3. HttpToHttps
>>>
>> Be prepared for various things to fail, you cannot force HTTPS with
>> sites that are HTTP-only.
>>
> Actually, the sites that do not support https, simply default to http.
> So, such sites are still browsable even with this plugin.
>
>  6. Redirect Cleaner - this will prevent a website you want to visit to
>>> redirect your browser to some other website you had no intention on
>>> browsing. You will be  given the manual opportunity to override the
>>> prevention.
>>>
>> On some browsers, there is, or at least was, an option not to
>> automatically follow redirections (you'd get a warning, and there'd be a
>> link to follow if you actually wanted to follow the redirection).  For
>> various services, you're going to have to follow them, because that's
>> the way they made the site.  Sometimes, thanks to making them obvious,
>> you'll find out just why some sites just never work, because you'll see
>> the endless redirections around in a circle to a starting point that
>> doesn't work.
>>
> Tell me which of the Firefox settings options will prevent redirection?
> I have not come across it. Sure would like to know that.
> It does have the options to block all popups. But many websites have
> learned how to get around that firefox feature, as I still get some
> popups from a few web sites.
>
>  7. No Google Tracking
>>> 8. No Yahoo Tracking
>>> 10. TrackMeNot.
>>>
>> I question the ability to prevent that, and dislike the doubling up and
>> adding on of *numerous* add-ons to a browser (it makes the thing even
>> more buggy).  While you can try dumping cookies, etc, as you go along.
>> They know that numerous connections are coming from your IP, some in
>> response to other of their own pages, so they can track you.
>>
>> e.g. You've only got to see the suggestions for what you might like to
>> see if you browse YouTube on one computer on your network, then do more
>> unrelated browsing on another computer on your LAN, and see similar, or
>> completely the same, suggestions.
>>
>>  I have always looked at what cookies are stored, and I only
> see the primary cookies of just a few sites I am currently browsing.
> No other cookies are there.
> You could argue that a cookie actually embeds many other cookies from
> other websites, that are hosted by the site you are browsing.
> You can see those when looking at all the cookies in firefox.
> Just click on a cookie and it will expand to it's components.
> "Dislike" does not amount to something substantial :)
> It is only a preference.
>
>
>  Also, in Firefox Settings, be sure to NEVER allow 3rd party cookies.
>>>
>> This is one thing that often doesn't do what you think.
>>
> Prove it! I would really like to see a concrete proof of it,
> in order for me to see that there are 3rd party cookies
> being stored by my browser.
> I know it is a tedious thing. So far I have not seen such
> issues.  Only problems I have really encountered is that
> noscript (configured to automatically reject all java scripts,
> unless I allow them manually). The problems I encounter
> are with many websites that have objects on their pages
> that are interactive - such as a search bar, or selection of
> an option in a .... say sorting option of a list of items.
> Such sites have javasripts that are hosted from other sites.
> I have personally seen analytics of many such java scripts
> that install malware without one's knowledge or consent.
>
>
>    e.g. For most
>> of us, if we were browsing google.com, any attempt to handle
>> doubleclick.com cookies would be considered third-party (by us), and
>> we'd expect them to be rejected.  But if a google page incorporates
>> content from doubleclick (such as an advert graphic), that incorporated
>> content can set a doubleclick cookie, and it isn't third party to
>> itself, so the cookie gets allowed.
>>
> Please offer some concrete real world examples. I would love to (and need
> to) see that.
>
>
>> It's well worth going through your browser settings, and setting them
>> sensibly, rather than hoping some third-party add-on will sort things
>> out for you.
>>
> Of course. But you do not define 'sensibly' in an objective way.
> Please show real world benefits of what you consider sensible
> settings.
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140831/c08fc21f/attachment.html>