Correlation between Noscript and Uniblue?

Discussion in 'other software & services' started by Iskal8198, Oct 1, 2012.

Thread Status:
Not open for further replies.
  1. Iskal8198

    Iskal8198 Registered Member

    Joined:
    Oct 1, 2012
    Posts:
    3
    Recently I happened to stumble upon some unknown cookies in firefox for a domain titled "Uniblue" and also noticed some noscript entries in about:config of firefox related to Uniblue. Upon examining the reputation of this Uniblue website I can't help but think something sketchy is going on.

    I believe the link between the two entities is likely because I haven't visited the website Uniblue, nor any websites associated with it.
    This has occured on two secured machines with only the extensions adblockplus and noscript installed.

    Am I losing my mind or is this occuring for others as well?

    Thanks for your time.

    (If this isn't an appropriate location to post this, I apologize in advance.)
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    What you are likely seeing in about:config is NoScript's surrogate for uniblue.com/liutilities.com which according to the v 2.3.8 release notes is supposed to "fix broken buttons at Uniblue e-commerce site".

    I recall some discussions about there being Uniblue advertisements at the NoScript site, which could have included the release notes page that the NoScript addon will load after an update. Perhaps you picked up a cookie that way? Look at the bottom of NoScript->Options->Notifications and you will see the "Display the release notes on updates" setting (which can be disabled).
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Uniblue is a software company which creates some junkware.
    Cleaning "utilities" etc.Nothing exemplary just the usual booster and registry cleaning crap.o_O
     
  4. Iskal8198

    Iskal8198 Registered Member

    Joined:
    Oct 1, 2012
    Posts:
    3
    Well, the cookie data holds an affiliate ID (Which I assume is Noscript's for partnered sales at Uniblue) but that doesn't make sense from what I've read because NoScript stopped doing buisness with Uniblue some time ago according to my searches due to unethicalbusiness practices for distribution of rogue software.

    I've also set up a fresh machine recently and installed noscript on it and it too has this random appearance of the Uniblue cookies.
    Additionally, I've inquired about this issue to a few peers and they too have the same cookie displaying in their Privacy>Show Cookies window.

    Once again, thank you in advance for your time.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I can think of only two ways a cookie could show up there. One, software on your machine is putting it in place. I would think it possible for a program and/or addon to do so, but I've never tried it. Two, your browser is being made to request a response from a host in the uniblue.com domain (I'm assuming that is what we are talking about) and as a result the cookie is being set in one of the ordinary ways.

    Perhaps there is an addon that is designed to watch for a specific domain cookie being set and will alert you when that happens, or an addon that will display an unavoidable prompt when your browser issues a request to a particular domain. In that way you might be able to zero in on when it happens and what causes it. If there is no canned solution and you have programming abilities, you could hack one or both capabilities into an existing addon.

    It won't guarantee your browser can't load some things from uniblue.com, but you could also add a custom filter (||uniblue.com^) to Adblock Plus.
     
  6. Hmm. I have Noscript and no Uniblue cookies (yet, anyway). The Uniblue-related entries in about:config are there, but are clearly labeled as Noscript surrogates.

    Do you guys have third-party cookies enabled?
     
Thread Status:
Not open for further replies.