/tech/ - Technology★

> I make this thread because I discovered that palemoon's creators have been bribed by (((them))) to do a hardfork on firefox 52 and intentionally bug the program to not compile on arcitectures other then (((x86)))

Source?

If your hardware is post 9/11 it's also botnet central. You're pretty much stuck with running a text only browser through tor on an amiga if you want security

>>947601

I would also like to know that--especially considering that's literally been the whole point of the project from the very beginning. What the fuck even is a "passive botnet"? It clearly can't be a botnet in the technical meaning of the word, because that makes no fucking sense.

>Why hasn't someone forked pre 28 palemoon or made a non-botnet browser yet?

There have been several, like Dooble. You've never heard of them because idiots like you are more satisfied whining about the status quo than having to deal with the inconvenience of an obscure project.

>palemoon is botnet

Okay.

>>947601

Github locked issues.

>>947613

Passive, as in automated tools hack you as opposed to a real human being trying to brainstorm ways into your browser via specfic exploits. Obviously all browsers, text included, are hackable. But are they automatcally pwnedable like the major browsers are when connected to the internet with javascript on or off?

>considering that's literally been the whole point of the project

Which project? All browsers are built around speed, not security. No exceptions.

>>947614

Thanks, never heard of it before.

>>947611

>not auditing and rewriting the linux kernel and gnu utilities around it

Brave. It has Tor tabs.

Links, and maybe also Dillo.

>>947621

https://spyware.neocities.org/articles/palemoon.html

Retard.

Otter Browser is not a botnet

>>947693

>Spyware Level: Medium

>Don't know how to follow Mozilla's step-by-step guides to disable automatic connections.

Pale Moon and Firefox both can be configured to not make a single connection to the internet when you only open local pages.

>Pale Moon blocks privacy enhancing addons like NoScript

- NoScript context menus are confusing: is "Allow 8ch.net" - is that a status or an action?

- NoScript context menu icons are confusing: when scripts are Allowed, the icon is crossed over.

- NoScript is a "privacy addon" which by default opens its own homepage on every update, which still advertise fake pc tuner program.

>>947686

It's amazing how the same person that will encourage Brave because of Tor tabs, despite the fact that its meagre security augmentations pale in comparison to properly-configured Firefox will discourage Tor because of sjw's.

https://spyware.neocities.org/articles/qutebrowser.html

Just use qutebrowser.

>>947630

>>I make this thread because I discovered that palemoon's creators have been bribed by (((them))) to do a hardfork on firefox 52 and intentionally bug the program to not compile on arcitectures other then (((x86)))

<Let me explain to you about why all browsers care about speed, not security. Because I'm a security-minded person, trust me. I use a user.js, okay? What's this about an update script? Cron? What is that?

>>947711

On a RPi you can get PyQT5 and use pip.

As for passive botnet/script kiddy exploits how would firefox with

>Noscript

>ublock origin

>uMatrix

Running on a system patched against Spectre/Meltdown fair?

Preferably running inside as a serperate user, or better, inside a jail/container, or even better, inside a VM.

>>947717

It would fair relatively well provided the version of Firefox being used has been patched for security vulnerabilities.

>>947706

>Pale Moon and Firefox both can be configured to not make a single connection to the internet when you only open local pages.

This is not privacy by default, this is placing financial sustainability security over privacy.

I'll agree that blocking NoScript is good, given the allegations against the NoScript devs bundling malware with other software, even if it is more a character assasination than an audit of NoScript. UMatrix was better at this task.

>>947692

Dillo uses webkit/chrome, it's fucking botnet.

>>948860

Dillo uses neither of those.

>>947589 (OP)

There is simply none. Web browsers are exclusively bloated products. Bloated doesn't even begin to describe it. They should be called "hyperbloated" or something. There isn't a single real software engineer touching any web browser right now. Links would be your best bet but it isn't exactly user friendly, and lots of sites break with it. I've tried like 10 browsers and they're all shit the moment you look at them. But most of the issues come from the "engine". If a web browser is using a known "web engine", you already know it's complete garbage. You could make a simple wrapper around the engine, and it will still be bloated as fuck.

Also, I'm talking about RCE attacks. Making an RCE-free web browser would be trivial, just don't use C and don't use eval or whatever meme construct your non-C language has.

If you're talking about avoiding attacks on websites that pretend to be applications, such as CSRF, XSS, clickjacking, etc, it's not even possible to solve those problems. They stem from the shitty protocol. They are introduced by both the browser developer and the "web application" developer. But nobody sane uses the web for anything other than browsing documents anyway so that is a non-problem.

>>947589 (OP)

>and the only browser that is secure from passive/script kiddy type attacks, for now, is palemoon 27.*.* and text based browsers.

Mind you, I'm on Palememe 27.4. I am save now r...right?

suckless surf

>>947589 (OP)

Midori, NetSurf (not same as the Surf by Suckless), Dillo and links Why Iridium and Vivaldi are botnet? I don't use them myself, but I haven't heard why and how exactly they are botnet'd

all is botnet ni/g/ger

>>947589 (OP)

Take tor browser, remove the tor addons, remove the proxy settings, install your favorite privacy/adblocking addons. I still believe the tor foundation isn't compromised and have the best fork of firefox. Fingerprint resistance, no random communication with google/Mozilla, maintained and updated by a good team of privacy/security centric devs.

Is installing uMatrix the same as installing No Script?

>>951624

>Iridium

According to the spyware.neocities guy, you disable one setting while offline and then it's completely non-botnet.

https://spyware.neocities.org/articles/iridium.html

>>951654

>KIKED

>>947710

where's the equivalent to Tree Style Tabs?

>>951654

To be fair, Jews use it to sell their pizza. I don't think they'd make their lives harder than it needs to be.

>>947589 (OP)

>and intentionally bug the program to not compile on arcitectures other then (((x86)))

[citation needed]

Them not caring about it working there =/= actively stopping other people from making it work

Comment sent from Pale Moon 27 on Linux armhf

Brave

>>951654

(((Their))) support isn't necessarily a bad sign, could just mean they find the platform super useful for their propaganda and state sponsored hacking needs.

If someone can show that tor is truly cucked without playing on people's irrational fear of Jews I'd love to hear what you have to say. For now, i'll continue using my cozy setup that I believe is secure enough for my needs (memes and research). Also the Tor project has publicly said shit against the use of their service for pizza as well as bigotry so that first image is a moot point.

>>951707

Yeah, I'm sure he went through every line of source code himself.

>>947589 (OP)

being this unironically mentally ill isn't good opsec

>>951738

There's ":set tabs.position left", but if that isn't enough, see https://github.com/qutebrowser/qutebrowser/issues/927

>>947589 (OP)

Are you talking about Basilisk? That has nothing to do with it. They decided that Pale Moon needs updating under the hood, and since the technology's been abandoned, they have to continue it themselves. But they aren't doing it just for Pale Moon, and want other people to be able to use it if they want, so they're testing it as it's being developed with nuFirefox in the form of Basilisk. When it's stable enough for Pale Moon then we'll get it too, but Pale Moon itself is not changing.

If that's not what this is about, explain and provide a source. I don't see the Github issue you are referencing.

On the other hand, found the discussion on this here:

https://forum.palemoon.org/viewtopic.php?f=5&t=18211

Yes, this certainly is a problem for me, but I'm sure they'll remove the botnet. Hopefully there is a fork though, I'd rather stick with the existing codebase.

>>951707

That retard does zero auditing himself

>>951771

>>952061

>auditing 3 million lines of code yourself

to be fair, it seems all he does is run mitmproxy on browser startup, which isn't even close to being enough to deem a piece of software spyware or not spyware.