Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

360 Extreme Explorer Modified Version


Humming Owl
 Share

Recommended Posts

For those wanting to test, it took me quite a while to actually find something out there in the wild that does NOT use HTTPS (in fact, I couldn't find anything for sites that I regularly visit, I just never paid any attention to it).

So I found this instead  --  https://whynohttps.com/

Link to comment
Share on other sites


17 hours ago, Humming Owl said:

Have you tried using it without extensions? Do you have a firewall working or something that could perhaps modify the network settings? Which version of the browser are you using?

I'm using v13. Disabling all extensions and disabling my firewalls proved ineffective. In Firefox, Ecosia loads fine while the browserleaks page is mixed, so I think that Ecosia and Discord are the only sites that are not working properly in my 360chrome installation, while the browserleaks website is responsible for its own problems.

Also @ArcticFoxie thank you for your posts on HTTPS Everywhere, I will try to find an alternative solution that is more trustworthy if it tracks you like you said.

Edited by beansmuggler
Clarification
Link to comment
Share on other sites

9 hours ago, beansmuggler said:

on HTTPS Everywhere

Perhaps this will help you as a quick fix . Block these with your firewall. Last time I tried to use this extension in 2019, it was trying to leak data to eff.org

IPs :

151.101.0.201

151.101.64.201

151.101.128.201

151.101.192.201

Also , there is a very chatty extension called "Privacy" Badger , I deleted it immediately. It leaks data to these IPs too.

  • Like 1
Link to comment
Share on other sites

I'm having zero problems with certificates using 360EE on Vista (even though I do not have SHA-2 nonsense on my machine) , since I installed the famous cert. pack by @legacyfan . All other solutions posted on MSFN or anywhere else just won't work, I tried them all . Do not listen to someone who tells you "cert. errors are meaningless" , you may very well be facing MITM ! In this dictatorship era (esp, in some countries) , ISP can perform MITM attacks and/or use forged certificates . But , of course , if you see no errors , while living in such countries , doesn't mean you're safe ! 

  • Like 1
Link to comment
Share on other sites

@athlonxpuser, no , I mean I got them here . The author says "this pack contains ... signed certificates"  . There were SHA-2 updates and cert. package inside of the archive (with bat file) . I didn't install SHA-2 and used cert. package only , which solved all of the problems I was starting to get this May with 360 browser cert. issues. But I'm afraid you're out of luck , because the links to the downloads were deleted by the moderators and the topic blocked. That was the only solution that helped me , thanks to this kind fella. 

https://msfn.org/board/topic/182700-sha2-code-sign-updates-pack-sha2-root-certificate-pack/?tab=comments#comment-1199311

Link to comment
Share on other sites

I'll concede that "meaningless" is not the best way to "word" my POV, so I shall expand a bit.

My POV remains - SSL "security" is MEANINGLESS and should NOT be "relied upon" to indicate your level of "secureness".

Fake websites know how to "appear" secure  --  https://www.semrush.com/blog/https-a-modern-false-sense-of-security/

YOU the USER must learn how to be "net savvy".

If you click on a link that says the website needs to "verify your identity" and you do so because you see a "green padlock" - SHAME ON YOU.

If you clicked a link from an unknown sender in an email and the link takes you to a "green padlock" that says to click here to "unsubscribe" - SHAME ON YOU.

If a web browser popup claims they detected a virus on your computer, click here to run a full scan and you see a "green padlock" - SHAME ON YOU.

If you can't spot the difference between your browser's "auto-update" dialog and a web page with a "green padlock" saying your brower needs updated - SHAME ON YOU.

Et cetera...

  • Like 2
Link to comment
Share on other sites

We do all need to kinda know our own balance.

I personally have never in my entire life installed any "certificates" (well, can't really say "never", I used to create my own certificate for a program called Proxomitron).

But at the OS level, if it didn't come from an official Microsoft "KB", then it isn't on my computer!

Mileage varies on this one, but I do NOT install POS updates.

 

My balance is along the same lines of @Dixel - he did NOT just install a set of certificates, he extracted them, peaked inside, and knew what portion to install and what portion not to install.

 

NOTHING gets "installed" on MY computer without me extracting them, peaking inside, making a few modifications, and creating my own self-extracting archive to copy files and create the registry keys I want and drop the "bundled" registry keys that the "author" tried to sneak past me, et cetera.  I haven't "installed" any software on my computers via the developer's "installer" in somewhere between 15 and 20 years.

 

But at the same time, "that" isn't for everyone.

Being self-aware enough to control your mouse-clicks - that IS for everyone.

Knowing which web sites are respectable and trustworthy and safe to download from - that IS for everyone.  Caveat emptor!

What I am trying to drive home is this - YOU are responsible for YOUR security, that "green padlock" should not be your warm-and-fuzzy!

  • Like 1
Link to comment
Share on other sites

Two more things I've noticed today:

1. I think 360chrome may lack certain encryption mechanisms used by TLS 1.3 webpages, but I may just be misunderstanding the "Insecure connection" portion of the security bubble. When visiting a website I trust, it initially marked it with a green padlock (because the certificate was approved), but then became red after the page continued loading. This might just be me misunderstanding though, since the bubble also indicated that there was mixed content. I noticed another thread yesterday saying that newer versions of NoScript cause a slower, gradual website loading experience, and I use a newer NoScript version, so this may be the plugin's fault and not 360chrome's.

2. When using Discord in 360chrome, I (usually) can't see things like right-click menus, server settings, or pictures that I've clicked on to get a full view of. When I try to open those things, I notice that my cursor leaves the "Enter a message" box, but will return after I hit Esc enough times, so I think the feature to eliminate the login menu in 360chrome has somehow carried over to affect Discord. Also, when I was streaming my computer screen during a voice call, these features began to work consistently for a while. I'm not sure why it worked in that situation. I just needed to allow discordapp.net in my NoScript. Not sure why that had to be assigned to a separate domain...

Edited by beansmuggler
Link to comment
Share on other sites

42 minutes ago, beansmuggler said:

1. I think 360chrome may lack certain encryption mechanisms used by TLS 1.3 webpages, but I may just be misunderstanding the "Insecure connection" portion of the security bubble.

We kind of need an example link to go anywhere with this.

Link to comment
Share on other sites

29 minutes ago, ArcticFoxie said:

We kind of need an example link to go anywhere with this.

I checked again and saw that it was just a mixed content warning, so it's a false alarm, sorry about that.

In the process, though, I remembered another weird thing I've been facing. 360chrome seems to only save my browser history *sometimes*. After trying to look at my history for the past hour (I had visited my college website and was going to clear my history/cookies), I found that none of the pages I visited were present. In fact, 360chrome still seemed to believe that today is Wednesday, August 4.  The last entry was at 23:59 on Aug 4, with none of the pages I visited today around midnight. It also has two entries for Aug 3 that both contain the exact same contents. When checking Aug 3, I also noticed that my last entry (Google at 23:43) had the same icon as the university website until I ran a "Clear browsing history" for the past hour and restarted the browser.

hist.PNG

Edited by beansmuggler
forgot to add picture
Link to comment
Share on other sites

I do know that the "anti-tracking" feature (which I do not use) is offset by 24hrs and I have fixed this in my release and pointed it out to Humming Owl for his release.

Aside from that, my "history" page is off by ONE HOUR but the month/day/year is correct.

Had'nt noticed that ONE HOUR difference until just now.

Link to comment
Share on other sites

Added some more information in the first post.

22 hours ago, Brickedandroid said:

Can you make the native x64 version of it?

I think there is no x64 version of 360EE. There is only one download link to each version of the browser in the official page. And if there were any I can not modify it because I do not have x64 hardware to test it.

9 hours ago, ArcticFoxie said:

the "anti-tracking" feature

I think that this option does nothing, but I don't know if it is because of the modifications or because it did nothing from the beginning.

By the way, does anyone know what minimum version of Chromium is needed to use the web currently without many problems? There are several Chromium-based chinese browsers out there but some of them have a Chromium engine between 50 and 60 and I don't know if it's worth trying them considering all the problems they might present on the current web.

Cheers.

Link to comment
Share on other sites

3 hours ago, Humming Owl said:

it did nothing from the beginning

Yes. At least in the beta I use , since I removed telemetry. It's actually supposed to be a tracking feature , not "anti" . In this modern world everything is upside down. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...