Secure Transactions

Mon Sep 1 04:59:19 UTC 2014

Jd1008 - java - life without it!  Possible?  Better.

Remember - transactions only on the build.

On Sun, Aug 31, 2014 at 9:17 PM, jd1008 <jd1008 at gmail.com> wrote:

>
> On 08/31/2014 09:45 PM, Tim wrote:
>
>> Tim:
>>
>>> Be prepared for various things to fail, you cannot force HTTPS with
>>>> sites that are HTTP-only.
>>>>
>>> jd1008:
>>
>>> Actually, the sites that do not support https, simply default to http.
>>> So, such sites are still browsable even with this plugin.
>>>
>> That wouldn't work with various virtually hosted sites (such as mine),
>> you'd end up making a to the hosting provider, rather than the
>> particular site you wanted.  The world is full of virtually hosted
>> sites.
>>
>> I don't know of a site to test where the service makes no response to
>> HTTPS requests, to see what your HTTP to HTTPS converter does to handle
>> that.  It's a different situation to my hosting provider, which does
>> answer to HTTPS (albeit not in the way that you hoped).
>>
>>
>>  Tell me which of the Firefox settings options will prevent redirection?
>>> I have not come across it. Sure would like to know that.
>>>
>> That one's easy, it's not even a hidden about:config flag...
>>
>> Advanced settings, general tab, accessibility options:
>> Warn me when websites try to redirect or reload the page.
>>
>>
>>  Also, in Firefox Settings, be sure to NEVER allow 3rd party cookies.
>>>>>
>>>> This is one thing that often doesn't do what you think.
>>>>
>>> Prove it! I would really like to see a concrete proof of it,
>>> in order for me to see that there are 3rd party cookies
>>> being stored by my browser.
>>>
>> It's been a hell of a long time since I read about this, so I can't give
>> you a reference off the top of my head to a ready-made answer.  I seem
>> to recall the discussion was regarding the Opera web browser.
>>
>> I did give a scenario about how it can happen - such as visiting an
>> example.com website, which embedded some content from doubleclick.com
>> (such as a graphic).
>>
>> As far as the user is concerned, they're visiting example.com, and they
>> consider doubleclick.com to be a third party, and wouldn't expect it to
>> be able to set cookies.
>>
>> But, as far as the browser *may* be concerned (depending on who
>> programmed it, and what they think about it), the page has loaded an
>> image from doubleclick.com, and that image can set a cookie for itself,
>> because it is not a third party to itself.
>>
>> A browser programmer could see that as being first party (the image sets
>> its own cookie), or as third party (its not the same domain as the
>> page).  There were plenty of arguments about which point of view was
>> correct, it's a horrible mess where both sides can argue without their
>> being a clear-cut answer.  And thanks to that, you can't really expect a
>> status quo.  One browser may take a different approach from other
>> browser, and a newer release of the same browser may also swap their
>> approach to the situation.
>>
>> The other definition of third-party, which was clear cut, was if you had
>> visiting example.com, and that *page* had tried to set a cookie for
>> doubleclick.com.
>>
>> If you want to *prove* this, I doubt that it'll be hard to find a
>> website with third-party content (almost any commercial site does), and
>> see what different browsers actually do.
>>
>> Another discussion about third-party cookies was cookies set by things
>> like Flash.  Being a program, it's able to do much more than could be
>> done just by loading an image.  And your third-party cookie setting may
>> not have any influence about how the flash plug-in works.  Likewise with
>> other multimedia plug-ins.
>>
>>  It's well worth going through your browser settings, and setting them
>>>> sensibly, rather than hoping some third-party add-on will sort things
>>>> out for you.
>>>>
>>> Of course. But you do not define 'sensibly' in an objective way.
>>>
>> Sensible is what pertains to the user's needs.  Not everybody has the
>> same needs.  I can't answer that query in the way that you want me to.
>>
>> Sensible to me is websites continue to work, with the minimal of
>> tracking being possible.  Sensible to others is no tracking, and some
>> sites will fail to work.  And to yet others, still, sites work without
>> errors or users having to make decisions about using the sites.
>>
>>
> Well Tim,
> You run your browsing just to make it "work"!!!
> Not me!!!
> I at least do my due diligence to achieve some degree of thwarting
> unwanted things coming from ads, cookies, javascripts and popups.
> If a site does not work, then I simply dump it, and never visit it again.
>
> It is true (I already conceded) that a web site you trust is indeed
> hosting third party cookies as if they came from the trusted web site.
> This sort of hosting is also being done with java scripts, which are the
> worst and most offensive weapon against all users.
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140831/920f3067/attachment.html>