MyPal 68

[dmiranda]

I do use hard mode, but (of course) to run the test I allow creepjs specific scripts to run, otherwise there is no testing :P

The same is true of many sites that require some js to function. I was wondering (a) if that may be behind UA spoofing failure, and (b) if there may be some way to block just iframes, while allowing the main frame(s) js to run... A fool's wish, I guess. Thanks! Edited October 18 by dmiranda

[Sampei.Nihira]

1 hour ago, dmiranda said:

I do use hard mode, but (of course) to run the test I allow creepjs specific scripts to run, otherwise there is no testing :P

The same is true of many sites that require some js to function. I was wondering (a) if that may be behind UA spoofing failure, and (b) if there may be some way to block just iframes, while allowing the main frame(s) js to run... A fool's wish, I guess. Thanks!

Keep in mind that profiling is usually always third-party.
So with Hard Mode you have an exposure that Gorhill prudently writes minimal.
Your test website obviously corresponds to first-party profiling.
This is obvious considering it is a test.
So you are more than protected.

[feodor2]

@AstroSkipper the right xiaoxiao link is https://github.com/xiaoxiaoflood/firefox-scripts/tree/3079cc5089368bd10083896c37fa80153265fab5 Also the dta extension has javascript specific outdated syntax that now not works in the mypal, an example for the fix https://github.com/Feodor2/Mypal68/issues/274#issuecomment-1817803414

About the mess with cookies, certainly to call simple the crhome page is not enough here, look how it loads inside the browser,

Vorapis extension works only if to unblock a connection to their site, not suitable then.

[AstroSkipper]

@feodor2 Thanks for the links! The history feature of GitHub is great. Thanks to @UCyborg's hint to use this time machine, I started downloading repositories from the Firefox 68 era. With the linked version of xiaxiaofloods's userChromeJS, you can indeed install bootstrapped, legacy extensions in Mypal 68, but unfortunately, none of xiaxiaofloods's extensions I've tested from the linked repository do actually work.

Edited October 19 by AstroSkipper

[AstroSkipper]

12 hours ago, feodor2 said:

About the mess with cookies, certainly to call simple the crhome page is not enough here, look how it loads inside the browser,

Hope you can fix this bug.  If it was fixed, my self-created custom button would work as I planned without any special workaround to be implemented. 

12 hours ago, feodor2 said:

Vorapis extension works only if to unblock a connection to their site, not suitable then.

I use the VORAPIS V3 script version. Works great here in Mypal 68.

[AstroSkipper]

@feodor2 The non-standard JavaScript function document.loadOverlay() is deprecated since Gecko 60 (Firefox 60). Did you completely remove it in Mypal 68? Some of my (important) scripts call up this function which leads to the error message "TypeError: document.loadOverlay is not a function" in the Browser Console. If it has been removed, can it be re-implemented? I ask this as in more recent Firefox versions, these problematic scripts seem to be working again which means the document.loadOverlay() method is there again and works.

Edited October 19 by AstroSkipper
Update of content

[feodor2]

On 10/19/2024 at 9:50 AM, AstroSkipper said:

Hope you can fix this bug

It works inside the browser, so may be this is not a bug, you look there, as for me no time for bothering with this, I want to have time complete the new version before end of the year.

On 10/19/2024 at 9:50 AM, AstroSkipper said:

VORAPIS V3 script version

The script is the same, it is heavy obfuscated and refuses to work too if to block the connection to its site, very suspicious so not suitable.

 

23 hours ago, AstroSkipper said:

Did you completely remove it in Mypal 68?

I don't remember anything regarding document.loadOverlay(), may be it has been removed before, dta errors was about array two argument

[UCyborg]

Regarding VORAPIS V3, even with free open source projects, there is an assumption there are "good" programmers looking over the code. End users won't be looking at it, so from their perspective, there's no difference between free open source and proprietary / commercial / obfuscated / whatever.

Both feodor2 and roytam1 are strangers to me, what reason do I have to trust any of them? So is the entire Moonchild's crew.

I recently compiled whole operating system from source code, LineageOS 14.1 for my smartphone, didn't look at the single line of code, except one random script involved in certificate generation process, which is really part of the build system, not even part of the OS. Again, it was all done by strangers, just downloading source code took hours and consumed many tens of gigabytes of disk space.

Edit: The point is, there's no real reason to trust anyone, it's all just lottery and dumb luck.

Edited October 20 by UCyborg

[NotHereToPlayGames]

2 hours ago, UCyborg said:

what reason do I have to trust any of them?

That's how I am with all of my extensions.  Meaning - TRUST NONE OF THEM!

While I cannot claim to know "exactly" what every line of code does, there are certain things you learn to look for.

VORAPIS V3 isn't the only "obfuscation".  Dig through Tampermonkey's javascript.

I'm not a big fan of Tampermonkey's "default" interface with the phone-home links and the "donation" CLUTTER, all are removed from my Tampermonkey experience.

But you have to be careful, the code is "obfuscated" to the point that if you make what is considered a "normal hide" in any other code, you'd break Tampermonkey's functionality in non-related areas of the code.

Edited October 20 by NotHereToPlayGames

[AstroSkipper]

On 10/20/2024 at 12:09 PM, feodor2 said:

It works inside the browser, so may be this is not a bug, you look there, as for me no time for bothering with this, I want to have time complete the new version before end of the year.

Ok. I understand that very well. Completing the new version is a much higher priority.  But one thing is clear. A bug is a bug. Or call it an issue, an unwanted behaviour or whatever. Regardless of whether you don't consider it important or don't want to fix it. Calling the cookie GUI via its XUL file directly is faulty. I have investigated and documented it in detail.

On 10/20/2024 at 12:09 PM, feodor2 said:

On 10/19/2024 at 11:50 AM, AstroSkipper said:

VORAPIS V3 script version

The script is the same, it is heavy obfuscated and refuses to work too if to block the connection to its site, very suspicious so not suitable.

No need to block its connection. The script is simply great. Sometimes, one has to trust. Without trust you can't do anything when using software, scripts and similar made by others.

On 10/20/2024 at 12:09 PM, feodor2 said:

I don't remember anything regarding document.loadOverlay(), may be it has been removed before

Would be great to have document.loadOverlay() back in Mypal 68. 

Edited October 23 by AstroSkipper
Update of content

[AstroSkipper]

@feodor2 Calling up chrome://browser/content/preferences/siteDataSettings.xul directly does not show the most recent cookie database. When calling up the about:preferences page beforehand, the most recent cookie database is shown, and the XUL file call works again correctly. Do you know how to do in JavaScript the same what calling up the about:preferences page does in terms of the cookies?  I need the part of the code that is executed by the call to the about:preferences page regarding cookies before I call up the chrome://browser/content/preferences/siteDataSettings.xul file.
As I mentioned, I am in the process of creating a Cookie Button which opens the dialogue "Manage Cookies and Site Data". My current version automatically opens the about:preferences#privacy page and three seconds later the wanted dialogue in an own chrome window. This indeed works properly but actually I would like to avoid opening an about:preferences#privacy tab by doing the necessary commands internally via JavaScript. I already tried a lot but without any success. So, any ideas? 

Edited October 23 by AstroSkipper
Update of content

[AstroSkipper]

On 10/22/2024 at 1:08 PM, AstroSkipper said:

My current version automatically opens the about:preferences#privacy page and three seconds later the wanted dialogue in an own chrome window. This indeed works properly but actually I would like to avoid opening an about:preferences#privacy tab by doing the necessary commands internally via JavaScript.

Ok. I was able to improve a bit my custom button for calling up the "Manage Cookies and Site Data" window. Both, the about:preferences#privacy and three seconds later the desired dialogue are now loaded in the same chrome window which avoids an additional loading of a tab. Nevertheless, I hope that there is a better solution yet.

Edited October 23 by AstroSkipper

[AstroSkipper]

@feodor2 While developing my custom button for calling up the "Manage Cookies and Site Data" window, I found a further bug in Mypal 68. When calling up the about:preferences#privacy page, then opening the "Manage Cookies and Site Data" popup and deleting a cookie, you always get the following error message:

Services.lsm is undefined                                                                                         ClearDataService.jsm:488
  deleteByHost resource://gre/modules/ClearDataService.jsm:488

I can't find the "Services.lsm" anywhere in the omni.ja files. LSM = localStorage Manager? Anyway! I'm not surprised that this piece of nowhere is not defined.

Edited October 24 by AstroSkipper
Update of content

[Sampei.Nihira]

It is a great idea to have a dedicated cookies button in this browser that does not have Supercookie Protection:

https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

and Total Cookie Protection:

https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/

It is highly recommended that cookies/data be deleted on exit.
It is useful for verification (and possible remedies) of persistent cookies.

[feodor2]

On 10/24/2024 at 12:34 PM, AstroSkipper said:

I can't find the "Services.lsm" anywhere

So it is not used anywhere else, what a problem, I did open this window from settings and deleted a cookies - no error.  Means you did something wrong, then try another way.

 

On 10/21/2024 at 6:56 PM, AstroSkipper said:

Sometimes, one has to trust. Without trust you can't do anything when using software, scripts and similar made by other

I wanted to know why the mandatory connection to their site not related to yotube anyway, I opened the script to look and examine, they hiding even the url, for what any good reason. No I think

gt.ثابد.yt.ثابپت.ثاجحت({  And what is this? To trust them, no no no.