Re: Secure Transactions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim:
>> Be prepared for various things to fail, you cannot force HTTPS with
>> sites that are HTTP-only.

jd1008:
> Actually, the sites that do not support https, simply default to http.
> So, such sites are still browsable even with this plugin.

That wouldn't work with various virtually hosted sites (such as mine),
you'd end up making a to the hosting provider, rather than the
particular site you wanted.  The world is full of virtually hosted
sites.

I don't know of a site to test where the service makes no response to
HTTPS requests, to see what your HTTP to HTTPS converter does to handle
that.  It's a different situation to my hosting provider, which does
answer to HTTPS (albeit not in the way that you hoped).


> Tell me which of the Firefox settings options will prevent redirection?
> I have not come across it. Sure would like to know that.

That one's easy, it's not even a hidden about:config flag...

Advanced settings, general tab, accessibility options:
Warn me when websites try to redirect or reload the page.


>>> Also, in Firefox Settings, be sure to NEVER allow 3rd party cookies.

>> This is one thing that often doesn't do what you think.

> Prove it! I would really like to see a concrete proof of it,
> in order for me to see that there are 3rd party cookies
> being stored by my browser.

It's been a hell of a long time since I read about this, so I can't give
you a reference off the top of my head to a ready-made answer.  I seem
to recall the discussion was regarding the Opera web browser.

I did give a scenario about how it can happen - such as visiting an
example.com website, which embedded some content from doubleclick.com
(such as a graphic).  

As far as the user is concerned, they're visiting example.com, and they
consider doubleclick.com to be a third party, and wouldn't expect it to
be able to set cookies.

But, as far as the browser *may* be concerned (depending on who
programmed it, and what they think about it), the page has loaded an
image from doubleclick.com, and that image can set a cookie for itself,
because it is not a third party to itself.

A browser programmer could see that as being first party (the image sets
its own cookie), or as third party (its not the same domain as the
page).  There were plenty of arguments about which point of view was
correct, it's a horrible mess where both sides can argue without their
being a clear-cut answer.  And thanks to that, you can't really expect a
status quo.  One browser may take a different approach from other
browser, and a newer release of the same browser may also swap their
approach to the situation.

The other definition of third-party, which was clear cut, was if you had
visiting example.com, and that *page* had tried to set a cookie for
doubleclick.com.

If you want to *prove* this, I doubt that it'll be hard to find a
website with third-party content (almost any commercial site does), and
see what different browsers actually do.

Another discussion about third-party cookies was cookies set by things
like Flash.  Being a program, it's able to do much more than could be
done just by loading an image.  And your third-party cookie setting may
not have any influence about how the flash plug-in works.  Likewise with
other multimedia plug-ins.

>> It's well worth going through your browser settings, and setting them
>> sensibly, rather than hoping some third-party add-on will sort things
>> out for you.

> Of course. But you do not define 'sensibly' in an objective way.

Sensible is what pertains to the user's needs.  Not everybody has the
same needs.  I can't answer that query in the way that you want me to.

Sensible to me is websites continue to work, with the minimal of
tracking being possible.  Sensible to others is no tracking, and some
sites will fail to work.  And to yet others, still, sites work without
errors or users having to make decisions about using the sites.

-- 
tim@localhost ~]$ uname -rsvp

Linux 3.15.10-201.fc20.i686 #1 SMP Wed Aug 27 21:33:30 UTC 2014 i686

All mail to my mailbox is automatically deleted, there is no point trying
to privately email me, I will only read messages posted to the public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org




[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux