[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-librejs] Detection of fake license information on websites?
From: |
grizzlyuser |
Subject: |
Re: [Help-librejs] Detection of fake license information on websites? |
Date: |
Sun, 03 Feb 2019 10:27:54 +0000 |
Dmitry Alexandrov <address@hidden> wrote:
> I’m not affiliated with LibreJS, yet let me tell you, that no, you probably
> misunderstood the goal. That is not the main reason, not even the secondary.
> Freedom has little to do with maliciousness or ‘privacy’. Only with freedom.
Sorry, I should have phrased that a bit differently to eliminate confusion. I
meant 'malicious' in broader sense, that includes the limiting of the four
essential freedoms the user have.
> Well, how can you provide a fake information about the licence? Except
> perhaps, when you grant rights, which you are not eligible to grant (because
> you are not the proprietor of the program or otherwise). Note, that does not
> necessary require any evil intentions, it also may be a honest mistake. In
> any case, that’s a thing we hardly can fully control whatsoever, for any type
> of creative work.
AFAIK, LibreJS looks for some license headers or metadata in specific
format(s). By supplying free license data that way, and at the same time
embedding something like non-free EULA in the code in format that's not
recognized by the extension, it seems this is possible to provide fake license
info just to work around LibreJS blocking.
> This is not panacea, however. It is possible, that the source is not directly
> runnable by browser, but indeed may require some building from another
> language, such as Coffescript.
Or TypeScript, or whatever. That's exactly what I meant, please excuse me for
confusion again :)
> I chose µMatrix, since unlike µBlock (by the same author) it not only blocks
> scripts but also properly shows <noscript> content when they are blocked
This is a bit off topic, but latest versions of uBlock Origin have master
switch to disable all JS (also works on per-domain basis). Good news is that
unlike separate features for blocking of inline, 1st- and 3rd-party scripts, it
honors <noscript> tag as you might expect.