Jump to content

Extreme Explorer 360 Chromium 78-86 General Discussion


Recommended Posts

13 minutes ago, Sampei.Nihira said:

My NM28 only enabled a weak cipher.
Which allows me to update the root certificates.
With these settings all the websites I use work without problems.

So if I understand this correctly, the ONLY way for you to UPDATE root certificates is to ALLOW a weak cipher ???

If that is true, then this seems to me to be case-in-point to NOT disable a cipher just because it is "weak".

Link to comment
Share on other sites


  • Dave-H changed the title to Extreme Explorer 360 Chromium 78-86 General Discussion
On 2/1/2021 at 3:13 PM, Sampei.Nihira said:

...My test is this:

 

https://browserleaks.com/ssl

You can check Insecure Cipher Suites.

Have a nice evening.

P.S.

If TLS 1.0 and TLS 1.1 protocols are still enabled it is better to disable them.

~Off Topic~

I also haven't (yet) used this browser due in large part, because I haven't the time to dedicate to configuring it ... I wouldn't just use it 'as is'; of course. One day, though, going to need more options, as I've yet to (fully) embrace Chrome and have thus far stuck with FF/PM and forks (Serpent and New Moon).

I've taken your advice and disabled TLS 1.0 and 1.1 and everything looks dandy - all but the Insecure Cipher Suites.

I will address my question(s) in the proper thread, so as to not further take this thread off course - I will also quote you there - Advice is appreciated.

~Off Topic~
 

 

Edited by XPerceniol
Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Here's another one: where does the "connection not private" page (see attached pic) hide? 
I have added English translations beside, above or below the Chinese text, as the space permitted. But I'd have translated it already and posted the method to do it, had I figured out where it is. In any case, my bilingual pic below may be of help for those who encounter this annoyance (which is to often, at least en my experience). BTW, the DeepL Translator runs circles around Google and Bing Translators and is way more accurate.

connection not private.gif

Link to comment
Share on other sites

@dencorso

Are you using the "anti-tracking privacy protection" 'feature'?

Or the "protect you and your device from dangerous sites" 'feature'?

(I don't trust either one of them, to be honest.)

 

Have you looked at "http_nosafe_bar.xml" that is contained inside "skin.srx" which exists in 360Chrome -> Application -> 13.0.2206.0 -> skin folder?

Very close to what you have above so could be altered by alternate skins by the looks of it.

What skin are you using?

Edited by ArcticFoxie
Link to comment
Share on other sites

8 hours ago, ArcticFoxie said:

Or the "protect you and your device from dangerous sites" 'feature'?

No.

8 hours ago, ArcticFoxie said:

Are you using the "anti-tracking privacy protection" 'feature'?

Yes! OK, I just turned it off. Let's see what happens. 
Thanks a lot for your swift reply! :thumbup

8 hours ago, ArcticFoxie said:

What skin are you using?

Not sure. I think I've customized that when I installed  v.11 and it's remained the same ever since...
The pic below is a sample of what I see:

Clipboard01.png

Link to comment
Share on other sites

9 hours ago, dencorso said:

<snip>  Or the "protect you and your device from dangerous sites" 'feature'?  </snip>

No.

 

Quote

<snip>  Are you using the "anti-tracking privacy protection" 'feature'?  </snip>

Yes! OK, I just turned it off. Let's see what happens.

Both of these "features" (as I understand them) sends your trackable data to a third-party, the third-party analyzes that data and then reports back if it is 'safe' or not (by their definition, not yours), then the browser proceeds based upon that reply. But WHO is this third-party, WHERE is this third-party ???  I simply do NOT "trust" either one because I don't have ANY information on HOW / WHERE / WHO "behind the scenes".  When you rely on an extension such as Adblock Plus, uBlock Origin, uMatrix, Ghostery, Privacy Badger, et cetera, you have a community of users and a plethora of online reviews and critiques to base your "trust" on.  In my view at least, relying on something built-in to the browser is like actually thinking that some petty "Do Not Track" 'feature' is really doing anything or that "blocking third-party cookies" actually blocks third-party cookies.

I highly prefer my blacklists and my whitelists to be "local" and not sent who-knows-where and analyzed by who-knows-who.

I use uMatrix and one-and-only-one list - https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt

Then I use NoScript and only whitelist PARTIAL javascript on a small handfull of websites.

 

Quote

The pic below is a sample of what I see:

Clipboard01.png

If you go to 360Chrome -> Chrome -> User Data -> skin (at least that's the folder structure for the "portable repack") you should find one file with an .srx extension.

If you can provide the file name for that .srx file, I might be able to see if that skin is the culprit.

Or you could do so some digging on your end, the .srx will unzip with 7-Zip, PeaZip, IZArc, et cetera.

There will be an .xml file (maybe two, depending on skin) and a bunch of .png files.

The .xml file can be opened in Notepad++  --  look to see if the .xml references OTHER .xml files (if it does, it/they likely reside within 360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx which itself will need unzipped.  Which also contains http_nosafe_bar.xml and browser_strings.xml, either of which still contains a lot of Chinesse.

 

Hope that helps.

Edited by ArcticFoxie
Link to comment
Share on other sites

9 hours ago, ArcticFoxie said:

I highly prefer my blacklists and my whitelists to be "local" and not sent who-knows-where and analyzed by who-knows-who

So do I. I use Pi-hole for that, and my intranet is cable-only (no Wi-Fi by design). But I do use Privacy Badger, too.

9 hours ago, ArcticFoxie said:

360Chrome -> Chrome -> User Data -> skin

Hrm... no. Got no such directory. 

9 hours ago, ArcticFoxie said:

360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx

This file exists, but it's the one that came with the repacked v. 13.

I'm sure I never actually knowingly installed any skin, AFAICR.

Link to comment
Share on other sites

14 hours ago, dencorso said:

<snip>  360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx  </snip>

This file exists, but it's the one that came with the repacked v. 13.

For your "skin.srx", what is your 'modified' date via file properties?

Are you running the "installed" v13 or the "portable" v13?

Link to comment
Share on other sites

Thanks.

I have been able to track down why some skins do not have a .srx "override" file and others do.

That trick lies within [HKEY_CURRENT_USER\Software\360chrome\default\ui_persist_value] keys stored in "360chrome_1.reg".

Doesn't answer your original question but I learned more of the inner workings of 360Chrome  :)

 

I think your original question still seems to revolve around "http_nosafe_bar.xml" and "browser_strings.xml", both of which still contains a lot of Chinesse.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...