Food for thought: safe browsing and blocking scripts

That's the thing, Ghostery will not break pages most of the time, and will speed up loading of pages, and will also block many ads that might be malicious. You should give it a try, if you don't like it, you can remove it with one or two clicks.

And when I talk about "heavy pages", I'm talking about the many scripts (trackers) that need to get loaded, which will use a lot of CPU time and RAM, and will slowdown loading of sites, no matter how fast your connection is.

 

I appreciate the suggestions, bo elam and Rasheed187, but Opera's built-in 'Per Site' control has been adequate for me.



Being a frugal person, I keep my computer as lean as possible! I tend not to install anything that I don't need.

As far as malicious ads: in more than 10 years of testing, I've never been able to find a malicious ad. When I hear about an attack, by the time I go to the site, it's been cleaned up! I've often wished I could find one to see how the complete exploit works -- redirection, etc.

Also, none of the sites that were compromised were any that I would normally go to in my work. So, it's a non-issue for me. (I've often asked myself, "How do so many people get infected? How do they find these sites?!")

If I don't notice any slowdown, why should I be concerned? And what does "slow" mean? I'm not in such a hurry!

Of the sites I frequent where disabling JavaScript will break the proper rendering, this one uses the most scripts, and it loads in about 3 - 5 seconds.



Back a few years when I had Dial-up connection, this site took about 45 seconds (or more) to completely load -- enough time to go into the kitchen and refill my coffee cup! Now, you see, every thing is so "instant" that the pleasures of life are sacrificed!

----
rich

 

Rich

I am afraid you are just not impatient enough. My connection shows a 85 MB download speed on OOKLA test, running CNN news with a tweaked javascript setup and without saves me 0.1 seconds (0.85026 -0.74342). So when it takes 5 seconds to tweak a website, you only need to open this websites 50 more times for break even (time lost by tweaking compensates time gained by tweaks). Assuming you visit that website every day, you would save over half a minute a year.

May be we are to old for this ....

Regards Kees

 

Completely agree! What determins what software you use, what you combine with what, and how to use it, is all your security policy and threat model. But contradicting problem is you can make threat model only after you know threats.

 

As to Ghostery, I used it until relatively recently, but ditched it. I can't trust vendor who can't manage their SSL certificate (well, Mozilla also did this...), and now Ghostery seems to affect Firefox interface.

 

@Rmus

You want to do a test of redirect?

http://turbobit.net/1nn90f9cdnk0.html

(Click with the mouse to "Regular download")
(Javascript on)

 

Well to each his own, and if you're happy that's fine, but I want to stress that you can't compare Opera's "per site" control with a script-blocker. The point of a script-blocker like Ghostery is to improve speed and privacy, without breaking pages.

Don't get me wrong, I also use the feature of Opera on sites that are way too heavy even when blocking only certain scripts, so I just disable scripting completely. But you can't do that with every site of course.

In the end it all depends on how much control you want to have, you don't seem to need it, and that's fine. But to me, script-blockers like ScriptKeeper and Ghostery make life easier. They can both be setup in a way that you won't have to keep white-listing and fine tuning, especially when used together.

 

Well, I thought about ditching it too, because I know the story about their developers, but at the moment it's simply the best script blocker which will almost never break pages. I have even installed it on my mother and sisters PC without any problems, and it really does improve speed.

 

Tho I don't want to interfere with Rmus' setting, I personally agree with Rasheed. I also liked Opera's per site permission that is Opera's beuty, but finally installed script blocker. I thought there were 2 major script blocker, IIRC ScriptKeepr and ScriptWeeder, I forgot which one I used but it had bit complicated UI compared to Noscript and had some modes displayed as traffic signal. After several tests, I switched to ContentsBlockHelper as it allows more granular control, but it's not much user friendly. And after I hear about XSS vulnerability (later it turned out actually it doesn't affect latest presto Opera tho), I finally gave up Opera whole together.

Maybe the story is about their selling info to those analytics company, yup, it's another concern. I don't use ABP for similar reason as well as they once added affiliate code in your URL bar. Anyway as I use NS & RP on Fx, uMatrix and Kiss on Chrome, not much need. But to be fair, Ghostery is good when you (intentionally or not) allow some scripts, and also to block beacon % image tracking too.

 

As per attached screenshot...

 

Firefox + Noscript + UBlock:



____________________________

Opera 12.17 + Ghostery + Scriptweeder

No redirects thanks to Scriptweeder.
This version of Ghostery not block redirects

 

In Opera 12.17 Scriptkeeper completely and invisibly blocked it. When I temporarily allowed the page, Ghostery got it and displayed what was blocked.

 

Only Opera 12.17 + Scriptweeder:



_____________________________

Only Opera 12.17 + Ghostery

 

i dont have read at all - but last examples to comment first:
- 4dsply and skimressources were blocked with a hosts file against many advertisement, bad scripts and dom storage.

this should not be part of a browser but system wide

sandboxie does not prevent bad scripts and its results, always funny people think that a sandbox can protect their browsing.
a sandbox can only prevent breakouts to the host.

the so called next generation firewall is no option for the masses - to expensiv and sometimes not applicable on the current network.

proxomitron is pretty outdated and useless on ssl connections - its ssl-lib is broken (heartbleed bug) and not replaceable or proxomitron will crash
same for admuncher. and both cannot handle http 1.1 and some other new protocols.

myself uses firefox+noscript+uBlock (instead adblock plus). noscript is granular enough for me - a general setting with one-click option for new websites. same for ublock. the lists behind ublock are updated daily and i would prefer this much more than a NGFW and its limitations.

and as Rmus pointed out the attackers have other targets in mind such as outdated flash, java or pdf or some not covered cve. so the message behind is to install always the latest version or drop it completely - no java - no attack possible. or put java in a restricted sandbox and a clean browser and its clean profile (i would be a dumb to use java with my main firefox profile).

i tried uMatrix on chrome last year but i need to say its too complex for the most common users (me incl). it took too much time and more than noscript.

from my view - the web is not evil, only some small niche.

 

Proxomitron is being modified to work with the current versions of Open SSL. See http://prxbx.com/forums/showthread.php?tid=2179&pid=18016#pid18016 for details.
There's also an HTTPS proxy being developed for use with Proxomitron that takes over the SSL duties. See the threads here.
Contrary to popular opinion, Proxomitron isn't dead.

 

Although Proxomitron is still not died and widely used, already too many time past since unfortunate sudden passing of Scott Lemmon, so I can't use it at ease unless at least hide its use (I thought adding some line and...?). Also I don't want to MITM SSL, these as well as connection problem on IE were the reason I finally stopped using it. It's also too bad he didn't leave original source code. I used Privoxy on Ubuntu and pretty satisfied tho, but its filter format is different from Proxomitron, and there're fewer reliable filter assets available for it. I never use nor trust Proxydomo.

 

For me, IE with no ad blocker and FF with Adguard and Ublock gets redirected, but Chrome with Adguard and Ublock kills the page.

 

so you will encourage me to break license and law to gain some misterious security gain? nah, not really.
at least it wont change its working code and its other given limtations. thats why i dropped proxomitron and its slowness and turned to faster methods.
some should prefer those direct methods in browser because it has no side effects to the whole system.

furthermore firefox and chrome have its own built-in trusted ca store (firefox since v31)
https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/
ofc that broke some self signed crap for reason and proxomitron will break certs too - although no MITM it acts as MITM.
(same for any antivirus with ssl protection)

although i have respect for those code changes this was a useless work with a view to the future of ssl handling nor does it raise security that much.

 

Break license and law? Proxomitron is and always was freeware. The original developer is dead. I doubt that he cares if his work is adapted to modern HTTPS.

 

It's only as complex as you want or need it to be. The two screen caps show how I block Frames and Other Globally and per site. This still provides a nice level of security with far less hassle than blocking all or most of the active types. For Plugins I use Chromium's "Click to play" option. Meanwhile the Hosts files are providing some protection via blacklisting.

 

I'm impressed with this. I never suspected such dedication to Proximitron existed. My own use of it is fairly minimal. Reverse engineering and revising code from binaries without source code is not an easy process.

I'm surprised no one else has copied the concept and done something new with the idea of a dedicated web filter that works as a proxy so any browser could be set to use it.

 

No love for Privoxy? Well, I have no love for Proximodo. I don't know how BFilter is these days.

 

nevertheless the
legal heirs never made the code public or open source. proxomitron is still closed source and while using you accepted the license.

from license.html

that license never changed - and "all right" mean that none except the author has the right to alter code. as he died this right was not changed - so any code change will violate its license. you need to ask the legal hairs for it. and they still keep the original code base and wont give it away. if those dont care is another topic.

HTH

 

@Brummelchen
If you want to stay within the letter of the license, you can't distribute modified versions of Proxomitron itself. It doesn't say that you can't modify it for your own purposes. It doesn't say that you can't distribute the modifications themselves. One could argue that the filters are a component of Proxomitron. They certainly don't work with anything else. The manual encourages writing your own and sharing them.

 

Proxomitron never has had a very large use base. Those that have stayed do so because nothing else can equal its abilities to filter most any form of web content. It's much like classic HIPS and rule based firewall users. Only a small percentage want that level of control and are willing to learn how to accomplish it.

I wish someone would duplicate Proxomitron as an Open Source project. If NoScript was packaged as a freestanding proxy instead of a browser extension, it would be a good start. Proxomitron is one of those rare, timeless designs that defies obsolescence. As long as web content uses HTML, Proxomitron will be able to filter it.