Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Extreme Explorer 360 Chromium 78-86 General Discussion


Recommended Posts

You seem to be confused on just what UA-CH does (or I am?)

The agenda of UA-CH is to BYPASS the user agent completely.

Detection based on UA-CH would detect your true browser REGARDLESS of whether you were faking a user agent or not.

The html5 detected the faked user agent, so it has nothing to do with UA-CH, the "imitates" can be due to a hundred different things, various "combinations" that throw out the word "imitates" when Condition A plus Condition B is met.

The whole agenda has very little to do with "privacy" or "telemetry" - though I would classify you as a bit more "extremist/alarmist" than I would classify myself.  "Not that there's anything wrong with that."  (A Seinfeld reference.)

The purpose is for the website to know if you are on a MOBILE device versus a DESKTOP and to send the proper code for a proper rendering.

If they succeed in rolling out this platform (way too early, not even sure if it exists "in the wild yet", just 'on paper') then those of us that FAKE user agent strings to FORCE a "heavy" web site to send us code based on less "hungry" javascript, as an example, will no longer be able to do that.  The website will DETECT our TRUE "fingerprint" regardless of what we tried to FAKE by using the very old and everybody-knows-it "trick" of sending a FALSE user agent string.

That's my understanding thus far at least.

I'd be more than happy to read any respectable website link you may have that may indicate otherwise.

The html5 test doesn't show me what I need to see as "proof".

A "real" test that proves UA-CH is in fact "functioning and enabled" would be a test that reports "You faked your user agent to tell me you are Firefox on Linux, but I know better, you are really Chrome 86 on Win XP x64".

Just catching XP x64 would really prove an advance to me, as almost all of these "test sites" including html5test.com refers to my XP x64 as Windows Server 2003.

So that alone tells me that html5test isn't very "advanced".

Edited by ArcticFoxie
  • Like 1
Link to comment
Share on other sites


Actually, since you requested I run a test, I'll submit a test in return.

We know that UA-CH started with Chromium 84 (some sites report 85 but I see several that cite 84, so worst case we will call it 84).

So here is a test for you - run that html5test (which I personally think is flawed, but I don't have much experience with it) using Chromium/Chrome EIGHTY and fake a Firefox user agent.

My hunch (I welcome you to screencap proof that I am wrong) is that running that "test" using Chrome 80 and faking a Firefox user agent will give you that "imitates" result - so it has nothing to do with UA-CH, would you agree?

Link to comment
Share on other sites

Okay, I decided to put my money where my mouth is.

I think you'll agree this to be proof.

We know that UA-CH did not exist in Chrome 80 and we know that UA-CH is enabled by default in Chrome 92.

html5test.com gives that "imitates" in the results for Chrome 80 and for Chrome 92 - has nothing to do with UA-CH (which I "think" was your claim, not sure? I can't follow your posts at times).  And as my geometry teacher used to say  --  Q. E. D.  :roll1:

spacer.png

 

spacer.png

  • Like 2
Link to comment
Share on other sites

On 7/16/2021 at 7:42 AM, ArcticFoxie said:

v13 2206 v3 "GUI chopping block"

Settings Menu:
remove Login
Help -> About / Feedback Forums  => About

Settings (general)
remove Login

Settings - Basics
remove Show select and search bar - I see no changes with or without this selected
remove show recommended words - I see no changes with or without this selected
remove show address bar suggestions - I see no changes with or without this selected

Settings - UI Style
Location Bar -> convert Chinese copy paste helper to English

Settings - Tabs
replace Open hao.360.com with Open Google (see Humming Owl's notes)

Settings - Download
remove default utility - there is only one option and download utilities operate as extensions
remove use Thunder
remove open file after download - I see no changes with or without this selected, there is a button when starting download for this feature
remove show mini download task - I see no changes with or without this selected
remove ask where to download apk files - this is an Android feature and Android users do not need 360Chrome for XP
remove Save Images Quickly - I see no changes with or without this selected

Settings - Shortcuts
condense to 3 columns instead of 1 to prevent scroll on 1920x1080, test in 1024x768

Settings - Personal Data
remove 360 account login

Settings - Advanced
remove NoCoin - pops up a Chinese message box so never really enabled unless you click within that message box
Page Utility -> convert Chinese video tips to English
Background Apps -> to the best of my knowledge, the Join user experience option is broken whether this is checked or not, may remove from GUI

Settings - Lab
remove Enable Thunder download manager - I see no changes with or without this selected
Snap Plugin -> this only changes the toolbar, even when disabled this plugin is still accessible (Ctrl-Shift-X) - reviewing Humming Owl's modifications to fully disable

Settings - Adfilter
remove from options tabs, the built-in adfilter is broken once telemetry is fully removed

I've also opted to remove the root directory sslblock.zip.

This was used in earlier versions but I have yet to witness this page ever be displayed in v13.

From the best I can gather, all ssl cert errors are displayed via clicking the padlock icon in v13's address bar.

That and as far as lightweight, fast, and efficient, I'm content with just the ssl error code in the title bar and a completely blank page in the content area.

My only way of really testing has been this site  --  https://badssl.com/

Link to comment
Share on other sites

On 7/9/2021 at 2:45 PM, ArcticFoxie said:

Has anyone figured out just what the "System DPI" setting is supposed to do?

When enabled (the default), GUI scales up accordingly when system DPI is set higher than 100% (96 DPI).

Link to comment
Share on other sites

45 minutes ago, ArcticFoxie said:

I've also opted to remove the root directory sslblock.zip.

Disregard.

This "might" be related to Settings - Advanced -> HTTPS/SSL -> intercept certificate risk option (I don't use this option but at the same time am mindful to not "break" any options that I don't use but that others may opt to use).

Link to comment
Share on other sites

23 hours ago, ArcticFoxie said:

1 -- You seem to be confused on just what UA-CH does (or I am?)

2 - The agenda of UA-CH is to BYPASS the user agent completely.

3 - Detection based on UA-CH would detect your true browser REGARDLESS of whether you were faking a user agent or not.

4 - The html5 detected the faked user agent, so it has nothing to do with UA-CH, the "imitates" can be due to a hundred different things, various "combinations" that throw out the word "imitates" when Condition A plus Condition B is met.

5 - The whole agenda has very little to do with "privacy" or "telemetry" - though I would classify you as a bit more "extremist/alarmist" than I would classify myself.  "Not that there's anything wrong with that."  (A Seinfeld reference.)

6 - The purpose is for the website to know if you are on a MOBILE device versus a DESKTOP and to send the proper code for a proper rendering.

....

That's my understanding thus far at least.

7 - I'd be more than happy to read any respectable website link you may have that may indicate otherwise.

8 - The html5 test doesn't show me what I need to see as "proof".

...

1 -- Yes , you seem to be confused on what UA-CH does , and what it does is : it will use any hints it can get to identify a user and make his fingerprint , hence the name with this key-word "hints".

2 - No , it's not a direct bypass . "the origin needs to gather as much entropy as possible, so it is likely to collect all the hints."

Paragraph 1.2.9. "Fingerprinting". It will also try to identify your system with "'Sec-CH-UA-Platform-Version' Header Field" / Paragraph 3.8

https://wicg.github.io/ua-client-hints/

3 - No , if you used countermeasures , like me. I could tell you many secrets , but like I said earlier , I'm not willing to broadcast them in the open . One secret I can share , how it detects you and with what (4).

4 - No , it detected you by the means of the vendor string : UA collected the hint that your vendor is Gugle, so now it compares it with your fake FF useragent and "sees" that something's wrong . Firefox string and "vendor" Gugle together, it's just not possible ! So you need to block the detection of this "vendor" string.

It is NOT easy , you will need to write a programme for this.

5 - ENOUGH with labeling and classifications ! You wouldn't last long with a talk like that here , in Europe. Keep your "opinion" to yourself , OK ? I do not need it . I asked you to quit talking about my personality a million times . But if that gives you such a huge pleasure , go on . I guess it is still better than bashing your neighbours with a baseball bat , lol.

6 - Sounds like a sweet tale from a rich Californian corporate leftist. Smth like "we work for your safety". No , it will brodcast even it's switched off. 

"the Sec-CH-UA header will be sent by default, whether or not the server opted-into receiving the header via an Accept-CH header"

....

7 - https://wicg.github.io/ua-client-hints/

8 - Yes, it does . It detected that you're cheating. And you will see in that article that it is still on , it will brodcast everything it can find.

The Tale About The Version :

I asked you if you trust Gugle , if you do , then you will also trust that it was available only starting from 84 , lol.

...

Edited by Dixel
typos
Link to comment
Share on other sites

ported Humming Owl's v12 "shared.ydstatic.com", "95001111", "googleapis" and "gstatic" entries by dots  --  have not tested

remainder of entries in Humming Owl's list has already been replaced (or did not exit in v13).

Edited by ArcticFoxie
Link to comment
Share on other sites

removed decompress with 360 from download section (this downloads a "360zip" utility and this is broken once we removed all of the telemetry - plus, we all have our own preferred archive utility external to our browser)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...