360 Extreme Explorer Modified Version

[Tripredacus]

5 hours ago, Dixel said:

It seems I've found what was the culprit !!! At least for me , it's the links that some of the members inlcude in their signature . 360 browser is indeed good, it marks additional resources as insecure and the browser is absolutely right , because I don't have any cert. for that resources. For example , it shows this warning on jaclaz's posts , I've opened some of his recent comments and I've got this warning right away ! Why the browser marks these resources as insecure , it's simple : no certs. With all due respect to this wonderful member . 

jaclaz.altervista.org

http://jaclaz.altervista.org/Projects/freedom_of_skin.htm

P.S.

@beansmuggler , it makes no sense to compare the behaviour of Firefrox and any other chrome browser because firefox has it's own cert. system ! 

Yes the blue ribbon image is not hosted on a secure site (and @jaclaz isn't the only member who links to that image) and will/can result in there showing an "insecure" message in a browser, when simply it means there is mixed content. If this modified browser discussed in this thread has the inspector/web dev tools included, you can use inspector to determine whether it is images (or something else) that is causing the message. In error console it would show the error Mixed Content.

If you are using an add-on like HTTPS Everywhere, the insecure message does not appear, the blue ribbon would appear as a broken image link, and no message in Error console. Instead it can only be seen in the network monitor where the gif is requested over HTTPS but no response is returned by the server whatsoever.

[NotHereToPlayGames]

23 minutes ago, Dixel said:

So your system is super clever and able to update them on it's own ? You're a unique case then ! People are struggling to make their system update them automatically . . .

I sure as Hades hope that my system is *NOT* updating them on its own!  If I find that it IS, I will put a stop to that immediately!  I do not like anything on this computer performing "updates" of any kind, certainly not "automatically and behind my back without me knowing it".

My slipstreamed-XP is dated 2018 (I provided the link several posts up).

I do not "revoke" certificates so every certificate that existed in 2018 should still be in my "store".

I really can't express it any plainer - the "green padlock" system is FLAWED and is nothing more than a false sense of security.

I spend zero time on my end trying to make sure that a flawed system is updated.

I don't really know how to check my "store" either - but can't really claim to "care to" either.

But, for the sake of this "obsession" that MSFN members are having all of a sudden, if anybody needs me to see if I have a specific cert in my "store", give me details on how to find it and I will gladly hunt it down.

Otherwise, to the very best of my knowledge, my cert "store" hasn't changed since 2018.

I think that 360Chrome has its own "store" in addition to those from 2018 that are part of XP.

But like I have stated, several times, it doesn't really concern me.

 

I am VERY thankful that my NoScript, uMatrix, and Stylus are all doing their jobs.

Signature lines are axed by Stylus so signature lines aren't "breaking" that green padlock for me - nice to know, but doesn't really concern me.

[beansmuggler]

My main concerns are having a properly functioning browser and, more importantly, not having to add an extra click to visit any new websites.

I will say again: correct certificate stuff is just for convenience. My actual main security concern is when 360chrome reports that my connection is not encrypted despite knowing what encryption tools should be used.

[NotHereToPlayGames]

Guess I'll know more in a little over a month - below is a screencap of MSFN's Cert Info when I click on the (d@mn [apoligies for that "insert"]) "green padlock".

I've done NOTHING "intentionally" between 2018 and 6/21/2021 where MSFN's Cert Info lists the start date for when it is "valid from" - so where did this come from as I didn't "install" it?

I'll also do NOTHING "intentionally" after 9/19/2021 when MSFN's Cert Info says it will expire - but now I have a logged screencap where I can see what happens with this (d@mn [crap, there I go again!]) "green padlock" on 9/20/2021.

I still feel that POS updates are somehow responsible for "breaking" other XP-users certificate stores - I cannot prove this, but it is my gut feeling.

[NotHereToPlayGames]

9 hours ago, Dixel said:

It seems I've found what was the culprit !!! At least for me , it's the links that some of the members inlcude in their signature . 360 browser is indeed good, it marks additional resources as insecure and the browser is absolutely right , because I don't have any cert. for that resources. For example , it shows this warning on jaclaz's posts , I've opened some of his recent comments and I've got this warning right away ! Why the browser marks these resources as insecure , it's simple : no certs.

Great Find!

I normally have View Signatures turned OFF in my profile settings but toggling it to ON (temporarily, it will remain OFF as my default) did show MSFN as "insecure" for the threads with the referenced signature.

[Humming Owl]

Updated v9, v11, v12 and v13

- Nothing important, just more translations from chinese into english.

- Added Ruffle to recommended extensions (does not work on v9)

Cheers.

[beansmuggler]

I've noticed it earlier, but the whole certificate debacle has reminded me of the issue again after reading some error stuff: v13 believes that my timezone should be an hour earlier than it is. As a result, Discord message timestamps will say a message was sent at 22:00 even if it was really sent at 23:00. Right now, if I try to visit Ecosia, the Advanced button of the "Your connection is not private" warning tells me that the current time on this machine is "09/08/2021 21:30" even though it's actually an hour later right now. The time is reported correctly as 10:30PM on my computer, so it doesn't seem to be an OS issue. While I dont think the time discrepancy would break anything major, does anyone know how to fix this? I searched for "time" in the flags, but found nothing, and dow loading the latest version didn't help, either.

[Humming Owl]

13 hours ago, beansmuggler said:

My main concerns are having a properly functioning browser and, more importantly, not having to add an extra click to visit any new websites.

Have you tried unchecking the "Interceptate certificate risk" option from the "Settings > Advanced > HTTPS/SSL" path?

This will not solve the problem but rather avoid the "Certificate Error" page to appear.

Cheers.

[Humming Owl]

12 hours ago, beansmuggler said:

I've noticed it earlier, but the whole certificate debacle has reminded me of the issue again after reading some error stuff: v13 believes that my timezone should be an hour earlier than it is. As a result, Discord message timestamps will say a message was sent at 22:00 even if it was really sent at 23:00. Right now, if I try to visit Ecosia, the Advanced button of the "Your connection is not private" warning tells me that the current time on this machine is "09/08/2021 21:30" even though it's actually an hour later right now. The time is reported correctly as 10:30PM on my computer, so it doesn't seem to be an OS issue. While I dont think the time discrepancy would break anything major, does anyone know how to fix this? I searched for "time" in the flags, but found nothing, and dow loading the latest version didn't help, either.

I saw the same thing (but with a +30 min difference in Win7) and was able to correct it by changing the time zone. My country tried to change the time zone a few years ago from UTC -04:00 to UTC -04:30 but those changes I think didn't happen or were reverted. If I select the UTC -04:30 time zone in Win7 I get the time difference but if I select "La Paz, Bolivia" (UTC -04:00) time zone I no longer have the time difference. WinXP has the old time zone (UTC -04:00) for my country and so I have no problems. Perhaps the time difference you and @ArcticFoxie are getting is related to a time zone change that was incorporated later.

I managed to select the correct time zone by using this page and seeing if the computer time was synchronized with the time zone.

[NotHereToPlayGames]

It is a time zone update for me.

My State used to have its own Time Zone.

When you install XP, you can select my State.

But that went away with Win7 and now it's Eastern Time Zone or Eastern Daylight Time Zone - d@mn "spring forward, fall back" bu!!sh!t we have to do twice a year!

So yeah, my 360Chrome is off one hour for 6 months of the year.

[beansmuggler]

Setting my time zone to Asuncion seemed to fix it, though it looks like I may have the problem return sometime around October. It does make me wonder if anyone released a timezine fix for XP like there is for 98SE, but a quick search provided no fruit

[Humming Owl]

I found the following pages that may be of interest for the time zone issues.

https://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/winxp-time-zones-only-usa-time-zone-is-arizona-i/1a61dc57-d746-4211-8bea-c42417d5a2a7 --> (see "Wunders" answer)

http://web.archive.org/web/20190828215142/http://windowsxp.mvps.org/timezones.htm --> (one of the pages in "Wunders" answer)

https://www.winhelponline.com/xp/reg/timezones_xp.zip --> (download of the "timezones_xp.zip" file)

https://answers.microsoft.com/en-us/windows/forum/all/eastern-standard-time-zone/2b3e4ef7-5173-4c79-a9b1-563920d52b6b (another page that mentions this type of problem)

Cheers.

[Dixel]

On 8/9/2021 at 2:28 PM, Tripredacus said:

Yes the blue ribbon image is not hosted on a secure site (and @jaclaz isn't the only member who links to that image) and will/can result in there showing an "insecure" message in a browser, when simply it means there is mixed content. If this modified browser discussed in this thread has the inspector/web dev tools included, you can use inspector to determine whether it is images (or something else) that is causing the message. In error console it would show the error Mixed Content.

If you are using an add-on like HTTPS Everywhere, the insecure message does not appear, the blue ribbon would appear as a broken image link, and no message in Error console. Instead it can only be seen in the network monitor where the gif is requested over HTTPS but no response is returned by the server whatsoever.

Thank you . This modified browser has everything that any other ordinary chrome from the same version does , includung "inspect element" feature and that's precisely what I used . 

You're right ! HTTPS Everywhere , no I do not use it , and I think the other members from this topic do not use it too, hence the unsafe warning. We have our suspisions about it , discussed here earlier . 

"...  because the extension sends information about the sites the user visits to the SSL Observatory, this could be used to track the user ... "

But I do not know why @ArcticFoxie removed "excerpt" and the wikipedia article too.

https://msfn.org/board/topic/182876-360-extreme-explorer-modified-version/?do=findComment&comment=1203119

https://msfn.org/board/topic/182876-360-extreme-explorer-modified-version/page/15/?tab=comments#comment-1203124

 

[Dixel]

Yep ,  I can confirm , the exact same hour difference with my time zone also , but I just so don't care ... so don't care . I don't even remeber when was the last time I opened "history" page before .

[Tripredacus]

I find it troubling that some extensions are not just client-side as they appear. The HTTPS Everywhere is used for a very specific situation, on a network where a firewall erroneously blocks some HTTP traffic meaning that some websites (forums) that I use do not work unless I force HTTPS.