NotHereToPlayGames

You really have to read ALL posts EVERY day. We have members that "pick fights" then carry those over to other threads. Somebody started it, I could care less who started it. The Bigger Man moves on.

If you follow the forum daily as I do, that attack is a two-way street from a third-party perspective. I have no clue which side of the street attacked first. Nor care, if you want me to be perfectly honest. It's just one of those "it is what it is" things. I do not use CentBrowser. Therefore NOPE, I will not be creating a github account just to intervene. My OPINION is that this is just another FALSE POSITIVE. I really have NO TRUST in anti-virus "tests".

Not to "poke the bear", but I kind of AGREE. And DISAGREE. Both at the same time! If one publicly claims that a virus detection in r3dfox should be addressed with the author (this post), then that should be true for CentBrowser also. Don't forget, we had to go through this also with Supermium (here and here). Personally, I hate hate HATE anti-virus programs! I have never, and I literally mean NEVER, witnessed a "real" positive in nearly FORTY YEARS of being on computers! (I don't hunt for them in dark corners of the internet though either.) I have witnessed hundreds and hundreds and HUNDREDS of FALSE POSITIVES where one of my former job roles was to REPORT the FALSE POSITIVES to Malwarebytes (ENTERPRISE) and McAfee (ENTERPRISE). So YES!!! A resounding YES!!! When I see the question asked, "Is this a false positive?", my answer is basically, "Not my problem, but if I had to GUESS, then YES, it's a FALSE POSITIVE, because I've never seen a "real" positive!" But again, I don't hunt or browse or fratenize with the dark corners of the internet! We basically all have the computing skills to know what is meant by "dark corners of the internet". My two cents...

Moderators do not owe any warning. Totally at their discretion if they heed to your enquiry. You weren't banned. So you were given the "benefit of the doubt". If I were you (I have been in those shoes), I would just leave it at that and "let the dust settle". Forum Rule 1.a: This is not a warez site! Links/Requests to warez and/or illegal material (e.g., cracks, serials, etc.) will not be tolerated. Discussion of circumventing WGA/activation/timebombs/license restrictions, use of keygens, or any other illegal activity, including, but not limited to, requests for help where pirated software is being used or being discussed, will also not be tolerated. Offenders may be banned on first violation. Forum Rule 1.b: Respect the requests of companies who do not permit redistribution of their products without express permission - including unmodified hotfix/feature pack packages. Download sources for official software should be from the vendor directly where possible. Posts made containing this type of content may be removed immediately without warning, and offenders may be banned on first violation. Complete Forum Rules can be found here - https://msfn.org/board/guidelines/

So far, I'm not interested. Way way way too much "telemetry". 100-some connections made just by opening the browser! And I've heard it can be lowered to 20 or 30. That's still 20 or 30 too many. No thanks.

I would caution you to not rely on uBO (or any extension!) to reveal what "connections" are being made by the browser (any browser!). It's very easy for "built-in" browser functions to do whatever they want without landing on a uBO log! It's also very easy to "bundle" an extension but it be rewritten in a way that the user isn't aware that it "does stuff" that it would not do if installed from the browser-of-choices "store". Heck, I've even witnessed over the years where "built-in" 'communications' DO NOT USE the browser's proxy settings, they SNEAK THROUGH as a "direct connection" (I still catch them and block them anyway, lol).

I may revisit r3dfox with a speeddial extension for comparison.

The "portable" r3dfox is NOT portable. Left crap in my AppData directory and in my registry. The LibreWolf "portable" appears to indeed be PORTABLE. Have not found anything "left behind" by it. That wins applause in my book. But not the telemetry stuff that seems basically no different than "regular" Firefox.

119 with second launch after turning off the start page "shortcuts". Again pretty much all the same domains as "regular" Firefox.

165 connections with r3dfox first launch. But clearly several of them are with the "default" start page that you don't even know is there until after you perform that first launch. Twitter, Facebook, Amazon, Reddit, YouTube, and Wikipedia have all been "notified" that I just installed r3dfox

LibreWolf first launch has 167! connections!!! 11 of them is the "bundled" uBO performing updates (I'm NOT a fan of ANYTHING "bundled"). Basically the IDENTICAL DOMAINS that "regular" Firefox connected to.

Will do. I've never tried either one so this will be "interesting".

Third Firefox launch. 212 DNS Connections without ever opening a single solitary tab. And uBO doesn't "reveal" ANY OF THEM! If we are truly talking about "privacy concerns", by all means, let's do so, but let's not turn a blind eye to the TONS of TELEMETRY that Firefox performs without most users ever knowing it is happening!

All I can tell you is that Firefox is a TELEMETRY NIGHTMARE in comparison to UNGOOGLED CHROMIUM. My very first run of a just-downloaded Firefox on a computer that has NEVER had Firefox on it showed 340+ DNS ENTRIES UPON FIRST RUN !!! THREE HUNDRED AND FORTY PLUS !!! Disable everything I can find for the "start page" and I still show 153 DNS ENTRIES WHEN I LAUNCH FIREFOX !!! ONE HUNDRED FIFTY THREE !!! Without ever opening a single solitary tab, that's just to launch Firefox !!! I can launch my Ungoogled Chrome and let it sit for HOURS upon HOURS and it will NEVER MAKE A DNS CONNECTION if no tabs are ever opened.

Yes it is. It's a comparison of "how Firefox does it" to "how Chrome does it". You cannot compare apples to oranges. Firefox can do things that Chrome cannot do. Chrome can do things that Firefox cannot do. We all decide for ourselves which does what we need it to do, and which does not do what we need it to do. If they didn't do things differently, than one of the two would cease to exist.

It is "not fair" to compare a browser with built-in fingerprint protection with a browser that does not have the built-in fingerprint protection. I've seen FAR too many of these "built-in" so-called protections contain nothing but telemetry on top of telemetry, tracking your EVERY move in the "guise" of 'protection'. Speaking solely for myself, I have NO USE for any brower with "built-in" ANYTHING. "Built-in" TO ME is SYNONYMOUS with BLOATWARE. Just give me a basic browser. I will add the "bloat" that I want via extensions or third-party apps, I do not want it "built in". But to each their own, of course.

Define "natively". One can download Chrome-based browsers with adblockers "bundled". Same goes for Firefox, adblockers can be "bundled".

That's EXACTLY what Proxomitron does! But sure, we'll see if alternative solutions present themselves. I know you were following the discussion between D.Draker and I where I showed him screencaps of Proxomitron spoofing Client Hints. It CAN be done. Just how much that does or does not affect the end user's "privacy" is up for debate. But if you want to know if it can be done, the answer is YES. I'll sit back now and see if alternative solutions come forth.

I know you were not directing that to me. But as for me, yes, I did see that. But I hold no credence whatsoever in that "report" until the web site being cited is PUBLICLY DISCLOSED. I've not yet witnessed any "login denial" based on ClientHint "data" !!! !!! !!! I have witnessed "Please update your browser" banners that do go away when the ClientHint "data" is SPOOFED. But I was still able to create an account and login WITHOUT spoofing my ClientHint "data". I personally want to WITNESS THIS FOR MYSELF. Claims of it happening without providing a PUBLICLY DISCLOSED web site where I can WITNESS IT FOR MYSELF is essentially USELESS to me (and you). Without a publicly disclosed web site where each and every one of us can WITNESS the claimed theory, then it's nothing but "hype and propaganda". Please do not misread, I'm not trying to play both sides, I'm honestly not. I do spoof Client Hints via Proxomitron. But I've NEVER witnessed a "login denial" and I would like to WITNESS ONE.

If I search-engine-of-choice search for "client hints privacy concern", most (if not all) of the results are SEVERAL years old! Wikipedia has the below - note that it specifically cites that they are talking about when the proposal was originally published. So perhaps all of this "undue paranoia" is based on what Client Hints were ORIGINALLY supposed to be versus what they ACTUALLY ended up being ??? ??? ??? While I *do* consider this "undue paranoia", I DO SPOOF THEM VIA PROXOMITRON if nothing more than a "verification" that I CAN, not that I "need to". No clue, to be perfectly honest. As I've always stated, if you are ON the internet, then you have been FINGERPRINTED. No "if's, and's, or but's".

I agree. This seems to me to be just one of those things where "undue paranoia" gets the best of us and we run in circles to prevent "theoreticals" that don't actually exist in "reality". To each their own, of course. I personally HAVE A MEANS to SPOOF CLIENT HINTS -- PROXOMITRON. I have no problem in the least in getting more MSFN Members to use PROXOMITRON - so if ClientHint "undue paranoia" is what gets us there, no skin off my back, lol. "half full" versus "half empty". Nothing more. Nothing less.

Unsure if this will help or not. I personally NO LONGER use any "default browser" integrations within my operating systems. To each their own, of course, I do this as a security measure, no clicks of what normally takes you to a "browser" or "email client" do ANYTHING on my system. But back when I used Sleipnir and then GreenBrowser as my "default", this is how I manually set it as "default" in XP -- ;Set GreenBrowser IE8 Emulation [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "GreenBrowser.exe"=dword:00001f40 ;Set GreenBrowser as Default Browser [HKEY_CURRENT_USER\Software\Clients\mail] @="Microsoft Outlook" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet] @="IEXPLORE.EXE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached] "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\ 00,00,00,31,00,35,00,b0,16,ee,04,ce,3d,ca,01 "{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\ 00,00,00,31,00,35,00,ea,ae,0a,fd,cd,3d,ca,01 "{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6} {000214E8-0000-0000-C000-000000000046} 0x401"=hex:01,\ 00,00,00,37,00,32,00,e6,9a,bc,fe,cd,3d,ca,01 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Check_Associations"="No" "IgnoreDefCheck"="Yes" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml] @="htmlfile" "Content Type"="text/html" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell\Open\Command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell] @="GreenBrowser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command] @="\"C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet] @="GreenBrowser.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\GreenBrowser.exe] "LocalizedString"="GreenBrowser Web Browser" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\GreenBrowser.exe\shell\open\command] @="C:\\Miscellaneous\\GreenBrowser\\GreenBrowser.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached] "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\ 00,00,00,31,00,35,00,be,e4,ed,ce,5e,cd,cc,01 "{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:00,\ 00,00,00,31,00,35,00,50,e3,0c,cf,5e,cd,cc,01 ;Increase GreenBrowser Connections [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "GreenBrowser.exe"=dword:0000000a [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "GreenBrowser.exe"=dword:0000000a

The registered email for login took effect sometime yesterday. I hunted for an "announcement" but couldn't find one (though I didn't spend more than 20 seconds). All I got was an error message during login that there was no @ symbol in my login. I used to only log in by my username, NOT my email address. All I found was a tiny one-liner by xper in a random thread citing "spam flood fixed". My guess is that requiring an email address for login is somehow related to "spam flood fixed".