Secure Transactions

[jd1008]

On 08/31/2014 09:45 PM, Tim wrote:
> Tim:
>>> Be prepared for various things to fail, you cannot force HTTPS with
>>> sites that are HTTP-only.
> jd1008:
>> Actually, the sites that do not support https, simply default to http.
>> So, such sites are still browsable even with this plugin.
> That wouldn't work with various virtually hosted sites (such as mine),
> you'd end up making a to the hosting provider, rather than the
> particular site you wanted.  The world is full of virtually hosted
> sites.
>
> I don't know of a site to test where the service makes no response to
> HTTPS requests, to see what your HTTP to HTTPS converter does to handle
> that.  It's a different situation to my hosting provider, which does
> answer to HTTPS (albeit not in the way that you hoped).
>
>
>> Tell me which of the Firefox settings options will prevent redirection?
>> I have not come across it. Sure would like to know that.
> That one's easy, it's not even a hidden about:config flag...
>
> Advanced settings, general tab, accessibility options:
> Warn me when websites try to redirect or reload the page.
>
>
>>>> Also, in Firefox Settings, be sure to NEVER allow 3rd party cookies.
>>> This is one thing that often doesn't do what you think.
>> Prove it! I would really like to see a concrete proof of it,
>> in order for me to see that there are 3rd party cookies
>> being stored by my browser.
> It's been a hell of a long time since I read about this, so I can't give
> you a reference off the top of my head to a ready-made answer.  I seem
> to recall the discussion was regarding the Opera web browser.
>
> I did give a scenario about how it can happen - such as visiting an
> example.com website, which embedded some content from doubleclick.com
> (such as a graphic).
>
> As far as the user is concerned, they're visiting example.com, and they
> consider doubleclick.com to be a third party, and wouldn't expect it to
> be able to set cookies.
>
> But, as far as the browser *may* be concerned (depending on who
> programmed it, and what they think about it), the page has loaded an
> image from doubleclick.com, and that image can set a cookie for itself,
> because it is not a third party to itself.
>
> A browser programmer could see that as being first party (the image sets
> its own cookie), or as third party (its not the same domain as the
> page).  There were plenty of arguments about which point of view was
> correct, it's a horrible mess where both sides can argue without their
> being a clear-cut answer.  And thanks to that, you can't really expect a
> status quo.  One browser may take a different approach from other
> browser, and a newer release of the same browser may also swap their
> approach to the situation.
>
> The other definition of third-party, which was clear cut, was if you had
> visiting example.com, and that *page* had tried to set a cookie for
> doubleclick.com.
>
> If you want to *prove* this, I doubt that it'll be hard to find a
> website with third-party content (almost any commercial site does), and
> see what different browsers actually do.
>
> Another discussion about third-party cookies was cookies set by things
> like Flash.  Being a program, it's able to do much more than could be
> done just by loading an image.  And your third-party cookie setting may
> not have any influence about how the flash plug-in works.  Likewise with
> other multimedia plug-ins.
>
>>> It's well worth going through your browser settings, and setting them
>>> sensibly, rather than hoping some third-party add-on will sort things
>>> out for you.
>> Of course. But you do not define 'sensibly' in an objective way.
> Sensible is what pertains to the user's needs.  Not everybody has the
> same needs.  I can't answer that query in the way that you want me to.
>
> Sensible to me is websites continue to work, with the minimal of
> tracking being possible.  Sensible to others is no tracking, and some
> sites will fail to work.  And to yet others, still, sites work without
> errors or users having to make decisions about using the sites.
>

Well Tim,
You run your browsing just to make it "work"!!!
Not me!!!
I at least do my due diligence to achieve some degree of thwarting
unwanted things coming from ads, cookies, javascripts and popups.
If a site does not work, then I simply dump it, and never visit it again.

It is true (I already conceded) that a web site you trust is indeed
hosting third party cookies as if they came from the trusted web site.
This sort of hosting is also being done with java scripts, which are the
worst and most offensive weapon against all users.