Osprey: Browser Protection

Version 1.3.4 was released earlier today.

Changes in 1.3.4

• Disabled CERT-EE by default due to false positives
• Disabled Control D by default due to response times
• Updated support contact info
• Optimized image file sizes
• Adjusted Control D URLs
• Cleaned up code

This update has been submitted to all extension stores.

 

What else could I do to make Osprey better? More recommendable? On the level of an ad-blocker, maybe? Features? Providers? Let me know.

 

The various requests I made to you have been rejected.
You could try implementing the GPC signal:

https://globalprivacycontrol.org/

It can be activated on request.
If I'm not mistaken, Privacy Badger also has this feature.

 

Firefox has option for GPC (DNT since v135 no longer usable). so GPC returns:

reference server is blocked here.
GPC is mandatory, not optional

CCPA is the strongest law for privacy.

 

Osprey is more geared toward blocking threats, not necessarily preserving online privacy. I think I'll leave that to privacy browsers and tools like Firefox and Privacy Badger.

 

I like Osprey the way it is. Maybe there are some more providers that could be added, I don't know, but I don't think Osprey should be yet another add blocker and/or privacy tool. Let's keep it simple and effective.

 

Good idea.

 

good combo, in use here - as a minor helper for Adguard which has a whitelist. PB is doing a decent job.
as stated before i dont use osprey any more since months. the options are overwhelming, but not helpful for newcomers - and it can cause more questions than it resolves.

 

I'll work toward creating a simple view for casual users, similar to uBlock Origin.

 

Users who use Firefox + uBlock Origin have less need for Osprey than users who use Chromium-based browsers (not Brave/Vivaldi/Opera) because Firefox has strong always https and can enable “Online Malicious URL Blocklist” which updates frequently.

In the remaining Chromium-based browsers that use an MV3 adblock, enabling this filter list is useless.
Therefore, Osprey is more useful.

Advanced users can bridge this gap even in Chromium-based browsers + MV3 adblock.

P.S. Version 1.3.5 has been released.

 

Chrome, and Edge, are not that vulnerable as you might create this scenario now.

 

Are you assuming that Edge's “Always https” is identical to Firefox's?
Absurd.

 

why should i think about it? i never transmit sensible data on non-secure pages. and i dont care if ancient pages for this or that refuse to buy a cert.
why should chrome deal better with "always https"?
but yes, edge/chrome do not block explicit http pages like firefox, but try to upgrade to https if possible. and there exist no more a flag for https only.
but also "https everywhere" is not able to stop http connections, instead it shows a red banner down the page.

http://testpage.site/

the only option i currently see is to modify the header
https://microsoftedge.microsoft.com...odify-http-h/opgbiafapkbbnbnjcdomjaghbckfkglc
(also im chrome store available)

example to test
http://www.neverssl.com/

firefox will block and ask for http.
modheader redirect instantly to https page, without it will end up in the http page.

but i am not sure, how osprey will help me out here?

 

Take the tests (choose http links) with Edge here:

https://urlhaus.abuse.ch/browse/

check the difference with Firefox.
Then enable Osprey in Edge and open the same links.
If you want an exe file, just search for exe.

 

uBlock Origin's databases are kind of a joke, though. They rarely block anything that's less than 24 hours old.

 

This event is running past my front door, at this moment...

So, I ignored this FP.

 

You,in version 1.3.5. have disabled by default GData which is the only PP that blocks Github malware.......

https://urlhaus.abuse.ch/url/3595141/

I personally don't care much because I have my own rules in the adblocks I use.

P.S.
It is also worth noting that the filter list blocks malware within 24 hours.

 

Report all false positives back to the providers.

 

Do you mean I should contact Norton support?

 

You should click the 'Report this website as safe' button on Osprey's block page next time a false positive comes up.

 

Got it.

 

Quick question, why is Microsoft SmartScreen disabled by default now?

Thanks.

 

https://malwaretips.com/threads/osp...ssion-and-updates.135565/page-22#post-1136402

Edit: my correction regarding @Stupendous Man #274 is here #276

 

@bjm_,
Did you mean post #417 in that thread?
That is now on page 21 instead of 22. I think that is because some posts were deleted.
The current URL is this:
https://malwaretips.com/threads/osprey-browser-protection-discussion-and-updates.135565/post-1136402
However, for me, it still doesn't open the page in the correct position. I need to scroll to post #417.

 

if you are working with windows it's enabled by default, no need to check it twice.

with osprey? warnings from osprey are different from https only. but i got messages from osprey what you wanted to point out. SH files are linux, and the few exe files were blocked from smartscreen.
that far osprey does its job. but i did no further investigation for IP to domain, so i keep it with my settings here.