Re: media.libreplanet.org non-requested confusing auto download issue

[Miroslav Rovis]

On 210506-21:32+0300, Jean Louis wrote:
> * Miroslav Rovis <miro.rovis@croatiafidelis.hr> [2021-05-06 19:38]:
> > > You use Vim for browsing?
> > No, I don't. I'm at intermediate level in programming.
> Yes, which languages?
Bash, Perl. And other languages I'm at less than
intermediate like C, Python, Javascript, but anything in
programming is slowly starting to be more accessible to me
and slowly open up.

But I think other than the need for TLS-decryption in a
completely libre browser, we should conclude our tangent
discussions.

I want to thank you, however for having informed the folks
here on the list on the issue of GNU Assembly splinter group.
It has been a necessary and valuable thread for this
community, not a tangent topic.

> > And I browse with Pale Moon, because it has
> > TLS-decryption available for setting up (which Iceweasel
> > and Debian packaged Firefox do not offer) and I trust
> > Pale Moon way more than Firefox nightly (which also
> > understands the SSLKEYLOGFILE env var) which I have to
> > use for websites that do not support Pale Moon.
> 
> Problem with Pale Moon is that binary is proprietary
> freeware, thus not free software by definition. Only if
> branding is removed it could be free software, but I doubt
> it, as I looked into that license. They are complicating
> things just as Mozilla:
> https://www.palemoon.org/redist.shtml -- I don't want to
> analyse it as it looks anti-free software, for example
> they forbid charging, etc. Nonsense, I will not look into
> it.
I have sometimes used CC BY-NC-SA (Creative Commons
Non-Commercial Share-Alike, for casual readers of this list,
such as from the Web),

I also like the JQuery's original non-evil-use clause. None
of those is really against either _real_ freedom or _good_
freedom or freedom for good which I subscribe to. So those
should be alowed, in my opinion. Not imposing my opinion
though...
> 
> So such browser would probably not qualify to be included
> in the free GNU operating systems.
A moot point. 

> > But I can tell you Firefox is horrendous by the shear number of
> > connections it makes and which the user didn't ask for. It's
> > connections to all kinds of places that Firefox makes just
> > when you start it...
> 
> Yes, that is so. I wish we would have nice and quick browser, but we
> don't have.
> 
> > That's tracking... And it's hard to analyze because of the
> > shear diversity and number of those connections...
> 
> On the other hand Firefox does have now good privacy features. But for
> GNU as free operating system the core browser does not qualify
> to be included..
Firefox is tracking you. Pale Moon does not, or if I did see
a minimal phoning back in a rare network trace, it was
utterly negligeable in comparison to what Firefox does. And
just think of what the world's top unofficial spying agency
Schmoogle's Schmrome does... That's against freedom more
than anything in any user's boxen. Apart from straight
malware.

The privacy features it offers?... C'mon! If you track me,
what privacy do I really have left?
> 
> > Pale Moon is a real friend in comparison, it does not
> > connect to big surveilling tech... Easy to analyze, but
> > not on complex sites like Facebook (hate it, but
> > sometimes go because of friends)... No browser would be
> > easy to analyze for such sites.
> 
> Good privacy browser is GNU IceCat
> https://www.gnu.org/s/gnuzilla
Well, it offers me garbage in network traces (though I
didn't check in years by now [*]), can't use it.
 
> > Does Emacs offer setting up TLS-decryption (repeating
> > the link I gave before:
> > https://wiki.wireshark.org/TLS )?
> 
> If Gnutls library can do that, then maybe, who knows. You
> could ask on GNU Emacs Help mailing list:
> https://lists.gnu.org/archive/html/help-gnu-emacs/
If I had time, but I'm way too involved with other
time-consuming tasks that I have to solve these days...
But I'm sure they are aware of this issue.

> > Can anybody say if it is at least present in somebody's
> > mind that it would be good to do that?
> > 
> > I'm not going to be browsing anywhere with something
> > that leaves junk to see in network traces instead of
> > decrypted traffic.
> 
> Those are just SSL connections over HTTP protocol, almost
> each browser can tell what is being connected to. What you
> download is what you are getting, test and media.
No! It's more that that! You get binary junk in your traces
instead of decrypted content and you can't really tell what
happened, no! Can be MiTM, or other attacks, and I've seen
spoofing and things, but that would be a drift to tell, and
a drift that I do not have time for.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=  Just: TLS-decryption is badly needed in fully libre
=  browser, and until it is done, Pale Moon, being
=  Mozilla-level libre, is a really good choice.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

----

[*] I can tell that some libre software have started to
    TLS-decryt connections since relatively recently. E.g.
    since only two or three years ago Wget honers
    SSLKEYLOGFILE and stores the keys it used. Also Curl,
    previously than Wget, probably, Curl is a real masterpiece.
    The Linus's Git decrypts as well.

    By the way, TLS decryption wasn't available in any program
    in the open at first. Then Wireshark's Sake Blok (if I
    remember his name correctly) saw how it can be done and
    wrote the patch for Wireshark. Tcpdump still can not decrypt
    SSL/TLS, but it has other advantages over the Wireshark set
    of programs.

Regards!

-- 
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr
my PGP-key:
https://www.croatiafidelis.hr/FCF13245ED247DCE443855B7EA9884884FBAF0AE.asc

signature.asc
Description: PGP signature