Extreme Explorer 360 Chromium 78-86 General Discussion

[NotHereToPlayGames]

13 minutes ago, Sampei.Nihira said:

My NM28 only enabled a weak cipher.
Which allows me to update the root certificates.
With these settings all the websites I use work without problems.

So if I understand this correctly, the ONLY way for you to UPDATE root certificates is to ALLOW a weak cipher ???

If that is true, then this seems to me to be case-in-point to NOT disable a cipher just because it is "weak".

[Sampei.Nihira]

Not really.
Mediafire's webpage with certified heinoganda updates does not work without the insecure cipher shown in the image below:

[George King]

Anybody figured out how add new languages into 360 Extreme Explorer? 

[dencorso]

5 hours ago, George King said:

Anybody figured out how add new languages into 360 Extreme Explorer? 

 

[ED_Sln]

The theme can be renamed, version 13 is final, it is on 86 Chromium.

[XPerceniol]

On 2/1/2021 at 3:13 PM, Sampei.Nihira said:

...My test is this:

 

https://browserleaks.com/ssl

You can check Insecure Cipher Suites.

Have a nice evening.

P.S.

If TLS 1.0 and TLS 1.1 protocols are still enabled it is better to disable them.

~Off Topic~

I also haven't (yet) used this browser due in large part, because I haven't the time to dedicate to configuring it ... I wouldn't just use it 'as is'; of course. One day, though, going to need more options, as I've yet to (fully) embrace Chrome and have thus far stuck with FF/PM and forks (Serpent and New Moon).

I've taken your advice and disabled TLS 1.0 and 1.1 and everything looks dandy - all but the Insecure Cipher Suites.

I will address my question(s) in the proper thread, so as to not further take this thread off course - I will also quote you there - Advice is appreciated.

~Off Topic~
 

 

Edited February 8, 2021 by XPerceniol

[ED_Sln]

I found that if you enable compatibility mode with Windows 2000, then version 13 starts to open sites with TLS 1.3 and with a valid certificate. Maybe someone already wrote about it, but I haven't seen it.

You can check on this site, it only uses version 1.3: https://tls13.1d.pw/

[dencorso]

Here's another one: where does the "connection not private" page (see attached pic) hide? 
I have added English translations beside, above or below the Chinese text, as the space permitted. But I'd have translated it already and posted the method to do it, had I figured out where it is. In any case, my bilingual pic below may be of help for those who encounter this annoyance (which is to often, at least en my experience). BTW, the DeepL Translator runs circles around Google and Bing Translators and is way more accurate.

[NotHereToPlayGames]

@dencorso

Are you using the "anti-tracking privacy protection" 'feature'?

Or the "protect you and your device from dangerous sites" 'feature'?

(I don't trust either one of them, to be honest.)

 

Have you looked at "http_nosafe_bar.xml" that is contained inside "skin.srx" which exists in 360Chrome -> Application -> 13.0.2206.0 -> skin folder?

Very close to what you have above so could be altered by alternate skins by the looks of it.

What skin are you using?

Edited February 28, 2021 by ArcticFoxie

[dencorso]

8 hours ago, ArcticFoxie said:

Or the "protect you and your device from dangerous sites" 'feature'?

No.

8 hours ago, ArcticFoxie said:

Are you using the "anti-tracking privacy protection" 'feature'?

Yes! OK, I just turned it off. Let's see what happens. 
Thanks a lot for your swift reply! 

8 hours ago, ArcticFoxie said:

What skin are you using?

Not sure. I think I've customized that when I installed  v.11 and it's remained the same ever since...
The pic below is a sample of what I see:

[NotHereToPlayGames]

9 hours ago, dencorso said:

<snip>  Or the "protect you and your device from dangerous sites" 'feature'?  </snip>

No.

 

Quote

<snip>  Are you using the "anti-tracking privacy protection" 'feature'?  </snip>

Yes! OK, I just turned it off. Let's see what happens.

Both of these "features" (as I understand them) sends your trackable data to a third-party, the third-party analyzes that data and then reports back if it is 'safe' or not (by their definition, not yours), then the browser proceeds based upon that reply. But WHO is this third-party, WHERE is this third-party ???  I simply do NOT "trust" either one because I don't have ANY information on HOW / WHERE / WHO "behind the scenes".  When you rely on an extension such as Adblock Plus, uBlock Origin, uMatrix, Ghostery, Privacy Badger, et cetera, you have a community of users and a plethora of online reviews and critiques to base your "trust" on.  In my view at least, relying on something built-in to the browser is like actually thinking that some petty "Do Not Track" 'feature' is really doing anything or that "blocking third-party cookies" actually blocks third-party cookies.

I highly prefer my blacklists and my whitelists to be "local" and not sent who-knows-where and analyzed by who-knows-who.

I use uMatrix and one-and-only-one list - https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt

Then I use NoScript and only whitelist PARTIAL javascript on a small handfull of websites.

 

Quote

The pic below is a sample of what I see:

If you go to 360Chrome -> Chrome -> User Data -> skin (at least that's the folder structure for the "portable repack") you should find one file with an .srx extension.

If you can provide the file name for that .srx file, I might be able to see if that skin is the culprit.

Or you could do so some digging on your end, the .srx will unzip with 7-Zip, PeaZip, IZArc, et cetera.

There will be an .xml file (maybe two, depending on skin) and a bunch of .png files.

The .xml file can be opened in Notepad++  --  look to see if the .xml references OTHER .xml files (if it does, it/they likely reside within 360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx which itself will need unzipped.  Which also contains http_nosafe_bar.xml and browser_strings.xml, either of which still contains a lot of Chinesse.

 

Hope that helps.

Edited February 28, 2021 by ArcticFoxie

[dencorso]

9 hours ago, ArcticFoxie said:

I highly prefer my blacklists and my whitelists to be "local" and not sent who-knows-where and analyzed by who-knows-who

So do I. I use Pi-hole for that, and my intranet is cable-only (no Wi-Fi by design). But I do use Privacy Badger, too.

9 hours ago, ArcticFoxie said:

360Chrome -> Chrome -> User Data -> skin

Hrm... no. Got no such directory. 

9 hours ago, ArcticFoxie said:

360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx

This file exists, but it's the one that came with the repacked v. 13.

I'm sure I never actually knowingly installed any skin, AFAICR.

[NotHereToPlayGames]

14 hours ago, dencorso said:

<snip>  360Chrome -> Chrome -> Application -> 13.0.2206.0 -> skin -> skin.srx  </snip>

This file exists, but it's the one that came with the repacked v. 13.

For your "skin.srx", what is your 'modified' date via file properties?

Are you running the "installed" v13 or the "portable" v13?

[dencorso]

Here you go:

[NotHereToPlayGames]

Thanks.

I have been able to track down why some skins do not have a .srx "override" file and others do.

That trick lies within [HKEY_CURRENT_USER\Software\360chrome\default\ui_persist_value] keys stored in "360chrome_1.reg".

Doesn't answer your original question but I learned more of the inner workings of 360Chrome  :)

 

I think your original question still seems to revolve around "http_nosafe_bar.xml" and "browser_strings.xml", both of which still contains a lot of Chinesse.