SoylentNews is people
SoylentNews
It's being reported on HackerNews that the Pale Moon Browser is blocking the AdNauseum extension, an ad blocking extension designed to obfuscate browsing data and protect users from tracking by advertising networks.
The main story link is to the Pale Moon Forum which summarises the issue as follows:
After investigating the AdNauseam extension's behavior and the results for web publishers, the extension has been added to the Pale Moon blocklist with a severity level of 2 (meaning you won't be able to enable it unless you increase the blocking level in about:config to 3). For those unfamiliar with this extension: it generates false ad "clicks" to ad servers in an attempt to generate "noise" for the ad networks in a protest against the advertising network system as a whole.
While the premise behind this is similar to poisoning trackers with false fingerprints (which we are proponents of, ourselves), and we normally let users decide for themselves what they want to do with their browser, we are strictly against allowing extensions that cause direct damage (including damage to third parties). There is a subtle but important difference between blocking content and generating fake user interaction.
[...] Because this extension causes direct and indirect economic damage to website owners, it is classified as malware, and as such blocked.
From the forum threads this decision has been slightly controversial with some users.
If you're not familiar with Pale Moon, it is an Open Source web browser, forked from a mature Mozilla code release, and has been covered on SN before.
[Update: Added text re: blocking level; bolded text that was bold in the original posting. --martyb]
(Score: 5, Insightful) by crafoo on Monday August 28 2017, @04:50PM (20 children)
Oh bullshit. If a site operator can send a random selection of ads to my browser I can send a random selection of nonsense information right back at them. How these fuckers process it or assign value to it IS THEIR FUCKING PROBLEM. If site operators are not compelled to operate in good faith (malware ads, sending unsolicited information, wasting my bandwidth) they should not expect that from the other side of the exchange. Fuck them.
(Score: 4, Interesting) by FatPhil on Monday August 28 2017, @05:47PM (19 children)
Did you know, for example, that removing the 'whatever.html' from the end of a URL, and particularly removing a '/directoryname/', in order to browse around a website is illegal according to some US courts (it's hacking, or "illegal access to a computer resource" in their terms or some bullshit like that)?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Informative) by driven on Monday August 28 2017, @06:21PM
Then consider this civil disobedience.
(Score: 1, Touché) by Anonymous Coward on Monday August 28 2017, @06:34PM (2 children)
Can you provide a link?
I want to know which places to avoid (besides the obvious answer of "the entire US").
(Score: 2) by FatPhil on Tuesday August 29 2017, @12:02AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @05:25AM
The Tsunami Case: 'a system penetration and software tester' uses his credit card etc on a site and then goes 'oh noes, this might be dodgy, let's see if I can do a 'directory traversal' on it to see what's going on'..and then the fun begins.
The main act of stupidity in this case was that the 'system penetration and software tester' lied to the 'PC plod' he must have though they sent to interview him, pity that, the 'plod' actually knew his subject and caught him out, so the CPS went ahead with a prosecution based on his 'sketchy' behaviour.
The Domestic and General Case: Disgruntled ex-employee mailbombs his old company and gets away with it.
The main act of stupidity in that case being that the CPS chose the wrong bit of legislation to prosecute the bugger with, so the court had no option but let him walk free on points of law.
Oh sure, stupidity abounds here in Britain, and there's legal trickery out there written in such a manner as to make almost anything a prosecutable offence, I know that there's a good chance that some of my antics manipulating URLs to bypass limitations of borkedly 'coded' websites could be regarded as offences under the old Computer Misuse Act here in the UK, and the CPS and Procurators Fiscal would write up the charges in such a manner as to try and guarantee a conviction.
I run Linux on most of my desktop machines, for some reason this seems to lead to...weirdness when browsing a number of web sites (e.g. a local bus company's timetables are downloadable as pdfs from their site, but this only works on windows boxes, both Macs and Linux boxes fail to download them).
Even at work where I use a windows box we have Firefox installed as well as Chrome for those sites which seem to fail to load properly on one or t'other, and for the seriously stupid sites which still insist on it, there's always IE... (there's at least one site that our admin staff need to use on a daily basis which borks horribly on anything other than IE, I shit thee not)
(Score: 2) by DannyB on Monday August 28 2017, @06:35PM (5 children)
I seem to remember Linked In recently losing a court case where Linked In is making information public, but trying to manufacture some kind of legal means to say it is NOT public information. The court flatly rejected that. The court's analysis that the line between public and non public was a password or some kind of authentication, IIRC.
If removing /whatever.html from the end of a URL reveals something, then it is indeed public. Just like if changing &id=587372 reveals a different customer's personal information, and then enumerating all the possible "ids" reveals a lot of customers' personal info, it is still public information. The problem is that the web site operator is making the information quite public. So public that some school children could access this public information. The real burden is on the web site operator not to make the info public in the first place.
It's like if someone frequently stands nude in front of a large plate glass window visible to lots of people. If others take photos or simply look, the person can hardly complain about privacy. They made the exposure of themselves quite public whether intentionally or not. And it would be hard to argue unintentionally, just as with the example of changing the &id=587372.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by FatPhil on Monday August 28 2017, @11:57PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by dry on Tuesday August 29 2017, @12:44AM (3 children)
If leave my car unlocked and the keys in the ashtray, it does not make it legal to take my car. If I don't have a lock on my front door, it does not make it legal to enter my house, even if a 6 year old could easily walk in. If my luggage has 1-2-3-4 as the combination and even if I forget to randomize it, it is still illegal to go through my luggage.
The argument that if something is unlocked, it is free for the taking/using is pretty simple and often wrong.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @01:32AM
Idiotic analogies are idiotic.
(Score: 2) by DannyB on Tuesday August 29 2017, @01:27PM
That is why I used an analogy of you making something public and then trying to claim it is not public.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by urza9814 on Tuesday August 29 2017, @03:12PM
So if you have an website only accessible on your LAN, and it has a password prompt but the password is just the return key, then that's still not public. Yup, I've got no problem with that.
But if you invite the general public into your front yard (ie, have a public website) and your home has no doors (ie, no attempt at authentication when loading the pages that aren't supposed to be public) and someone walks inside...I kinda doubt a court would call that trespassing.
(Score: 0) by Anonymous Coward on Monday August 28 2017, @06:36PM (1 child)
Please cite the case(s) you're referring to.
(Score: 2, Informative) by Anonymous Coward on Monday August 28 2017, @07:19PM
Literally just editing an url "hack", 41 months [arstechnica.com]. Even if were unrelatedly deserved for being a despicable troll and a jerk.
(Score: 1) by crafoo on Monday August 28 2017, @11:59PM (3 children)
But you're wrong. It's not. It's not illegal with respect to any written law. It has been ruled illegal in cases where global corporations have demanded it.
In those particular cases it was a citizen "circumventing" a corporation's website. I think the URL case in particular was someone pulling a customer list from AT&T or Verizon just by changing the address. Clearly this was all public information accessible without any security measures what so ever.
This action was ruled illegal because a citizen took an action a corporation deemed not in the corporation's interest. And so the courts ruled according to the actual power structure of the USA. It doesn't make the action illegal. It just means their is no rule of law.
(Score: 2) by FatPhil on Tuesday August 29 2017, @12:37AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @03:08PM
A US court decision is only binding upon lower courts. Weev was convicted in federal court and the conviction was subsequently vacated on appeal in the third circuit (due to improper venue). The only binding precedent here is in the third circuit, as set by the third circuit court of appeal, applying to the issue of venue. This is normal -- the appeals court generally won't make any ruling on the merits of the case when the decision can be established on something more basic, such as improper venue.
However, a federal court looking at a similar case would also find that the third circuit court of appeal did not have a high opinion of the merits of the prosecution's case, either.
Nevertheless, the CFAA has to go.
(Score: 2) by KGIII on Tuesday August 29 2017, @06:50AM
That's not actually how laws work. You know that, right?
"So long and thanks for all the fish."
(Score: 2) by Runaway1956 on Tuesday August 29 2017, @12:11AM (1 child)
I seldom argue even the most obvious legalities. But, that's so stupid, it sounds right. Bottom line, if you run a publicly facing server, and you put stuff on that server, you KNOW people are going to use it however they want. Drop the directory off the end of a URL? I started doing stuff like that twenty freaking years ago, and don't plan to quit.
(Score: 2) by edIII on Tuesday August 29 2017, @12:48AM
That's no longer true with some of the newer platforms. It's not about delivering pages through a hierarchy of files and directories, but more of an API used in some sort of MVC.
One of the projects I worked on the url was literally turned into functions. /ping /grep /ls or /ping?ip=127.0.0.1 (I don't mean those commands literally, but just an example)
In those cases your not traversing directory structure anymore, but API structure instead. With posted API requests and nothing on the URL line. Work on the site for three hours and the URL never changes. Not even an additional page load.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @08:54AM
Funny thing about that...
Want to show ads on my computer? Pay me for access to show ads. Anyone ads that I don't get paid for are unauthorized access to a computer system.