Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

[XPerceniol]

3 minutes ago, Sampei.Nihira said:

Here in benefit of dynamic filtering referring only to third-party frame blocking:

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-Benefits-of-blocking-3rd-party-iframe-tags

as you can see it is a formidable defense against exploits as well.
Those using higher dynamic filtering (Medium Mode or Hard Mode obviously have more protection at the security/privacy level.

I use Hard Mode + TLD's

Some other opinions Sven Taylor:

https://restoreprivacy.com/browser/secure/

ArkenFox user.js:

https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-️-anti-fingerprinting-extensions-fk-no
 

I ran out of likes already so just wanted to thank you for the posting.

[Sampei.Nihira]

13 minutes ago, XPerceniol said:

I ran out of likes already so just wanted to thank you for the posting.

It is possible to use Hard Mode + TLD'S (protection higher than Medium Mode but lower than Hard Mode) I will include you a table with fairly accurate percentages even in an extension like AdGuard MV3.

 

P.S.

The percentages in the table were verified by Kees1958.

Edited December 10, 2023 by Sampei.Nihira

[Dixel]

3 hours ago, Sampei.Nihira said:

Here in benefit of dynamic filtering referring only to third-party frame blocking:

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-Benefits-of-blocking-3rd-party-iframe-tags

as you can see it is a formidable defense against exploits as well.
Those using higher dynamic filtering (Medium Mode or Hard Mode obviously have more protection at the security/privacy level.

I use Hard Mode + TLD's

Some other opinions Sven Taylor:

https://restoreprivacy.com/browser/secure/

ArkenFox user.js:

https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-️-anti-fingerprinting-extensions-fk-no
 

No, I asked about "all security experts article", as you claimed before.

Sven Taylor is an (editor) of an "advocacy group". It doesn't say he's an expert, nowhere near.

In the provided article he simply accuses all browsers of data colllecting, then jumps to  

suggestions to buy paid VPV services. Not a word about WebP Virus.

Claiming Brave as "The most secure and private browser" is especially funny.

Super generic, commercially driven article, can't be any simpler.

Where did you find "expert opinions" about uBlock in that article?

He simply writes "uBlock Origin – is one of the best.."

That's it?

 

[Sampei.Nihira]

20 minutes ago, Dixel said:

No, I asked about "all security experts article", as you claimed before.

Sven Taylor is an (editor) of an "advocacy group". It doesn't say he's an expert, nowhere near.

In the provided article he simply accuses all browsers of data colllecting, then jumps to  

suggestions to buy paid VPV services. Not a word about WebP Virus.

Claiming Brave as "The most secure and private browser" is especially funny.

Super generic, commercially driven article, can't be any simpler.

Where did you find "expert opinions" about uBlock in that article?

He simply writes "uBlock Origin – is one of the best.."

That's it?

 

Didn't you notice that my first link is written by Raymond Hill?
Read and learn if you wish.

I will not waste any more time with your useless requests.
Period.

 

P.S.

Stop calling this vulnerability a virus; it is an exploit.
If you don't know the difference....study.

Edited December 10, 2023 by Sampei.Nihira

[Dixel]

4 hours ago, Sampei.Nihira said:

Didn't you notice that my first link is written by Raymond Hill?
Read and learn if you wish.

I will not waste any more time with your useless requests.
Period.

 

P.S.

Stop calling this vulnerability a virus; it is an exploit.
If you don't know the difference....study.

You're very welcome to not reply, I'm just pointing out to the facts and your gross exaggerations, like "all experts".

So no articles with "all security experts" voting for uBo to fight WebP then?

Btw, you didn't even fulfil any of my "useless" requests.

Raymond Hill is the author of uBlock, he can't be considered as an expert with independent views. 

I don't have anything against uBlock in particular, it's just the fact - in this case uBlock can't do anything to WebP at all, so it's not only off-topic, it's called misleading people.

Again, I'm pointing out to the facts, no need to be rude. I suggest you stick to the facts, too, and please watch your behaviour.

So far, you aren't giving me anything to "study" on.

Most importantly - Raymond Hill never claimed uBlock can defeat WebP, if you still insist he did, please give an article.

 

Edited December 10, 2023 by Dixel
a famous Dixel's typo

[dmiranda]

5 hours ago, Dixel said:

No, I asked about "all security experts article", as you claimed before.

Yeah, who is that gorhill? Does he have a PhD?

Just in case you take quoting you as an endorsement, LAF.

PS: at least check the suggested pages, in the particular one suggested by @Sampei.Nihira there are a few dozen technical reviews.

Edited December 10, 2023 by dmiranda

[Sampei.Nihira]

11 hours ago, dmiranda said:

Yeah, who is that gorhill? Does he have a PhD?

Just in case you take quoting you as an endorsement, LAF.

PS: at least check the suggested pages, in the particular one suggested by @Sampei.Nihira there are a few dozen technical reviews.

Perhaps he does not have the knowledge to understand what you are suggesting.
From my point of view, it is indicative that he chose the easiest link (which I have included for the benefit of even less experienced IT Security users) and did not read the one paragraph worthy of attention:

Quote

 

Browser add-ons for security and privacy

In addition to adjusting the settings within your browser, there are also a number of different add-ons or extensions you can install to improve your browser’s privacy and security.

Here are a few different options, but they may not all be supported by the browser you are using:

uBlock Origin – This is one of the best browser-based ad blockers available that will also protect you against tracking.

 

 

[Sampei.Nihira]

@Dixel

If you want to find mitigations for this vulnerability start studying why the CVE index in Chrome is 8.8 (and not 10).
The reason is the browser sandbox.
Consider that any other "mitigation" added (so even the renderer to IL Appcontainer) or UBO can make a difference.

Then it is obvious that after the browsers have been patched there is no one to waste time finding mitigations and writing articles that you so insistently demand.

 

[Dixel]

4 hours ago, Sampei.Nihira said:

Perhaps he does not have the knowledge to understand what you are suggesting.
From my point of view, it is indicative that he chose the easiest link (which I have included for the benefit of even less experienced IT Security users) and did not read the one paragraph worthy of attention:

 

I didn't leave this conversation, so it is utterly rude to refer to me as "he" in my presence. Making assumptions regarding my knowledge is flagrantly rude, too. 

Implying I can't read or "does not have the knowledge to understand" is simply unacceptable, I fail to guess why are you still allowed to do that.

I don't understand your generally hostile attitude on the website.

Despite the fact we (D.Draker and I) already explained it to you many times, provided with scientific proof, we ,of course, did it in a very polite form. (link 1), (link 2)

Yet you continue to aggressively argue, post off-topic and derail the thread with non-related matters, unspeakable behaviour and disrespect.

[Sampei.Nihira]

You are an impossible person.
Ignore my posts instead of asking for "enlightenment".

If you ask, I try as best as I can to accommodate your requests.

Edited December 11, 2023 by Sampei.Nihira

[Dixel]

3 hours ago, Sampei.Nihira said:

You are an impossible person.
Ignore my posts instead of asking for "enlightenment".

If you ask, I try as best as I can to accommodate your requests.

Again, please stop with getting personal, please stop with the thread derailment, I you want to discuss uBlock and its tweaks, do it in another thread.

Please stop with provocations, I'm not going to fight with you, despite you giving me names. I'm here only for what this forum is supposed to be.

I decide for myself whether I want to ignore you posts, especially if they are erroneous, misleading, etc.

 

[dmiranda]

2 hours ago, Dixel said:

Implying I can't read or "does not have the knowledge to understand" is simply unacceptable, I fail to guess why are you still allowed to do that.

Maybe because there is a ring to it, I reckon. Stop embarrassing yourself.

[D.Draker]

On 12/11/2023 at 3:00 PM, dmiranda said:

Maybe because there is a ring to it, I reckon. Stop embarrassing yourself.

Stop harassing other members, behave yourself, try to be reasonable on the forum.

Try to reply only on-topic, or don't reply at all, thanks.

 

[D.Draker]

Interesting!

While all browsers support image formats like JPEG, PNG, and GIF, Accept tells in this case that the browser also supports WebP and APNG. Using this information, we can negotiate the best image types for each browser:

<?php

// Check Accept for an "image/webp" substring.

$webp = stristr($_SERVER["HTTP_ACCEPT"], "image/webp") !== false ? true : false;

// Set the image URL based on the browser's WebP support status.

$imageFile = $webp ? "whats-up.webp" : "whats-up.jpg";

?>

<img src="<?php echo($imageFile); ?>" alt="I'm an image!">

More info:

https://web.dev/articles/performance-optimizing-content-efficiency-client-hints

[NotHereToPlayGames]

4 hours ago, D.Draker said:

Accept tells in this case that the browser also supports WebP and APNG.

It was demonstrated somewhere in this thread that some (though I suspect not all) web servers flat out IGNORE the Accept Header and send WebP anyway.

I suppose web servers just have their own list of "priorities".

ie, "You can't tell me you are on Chrome W or Firefox X or Edge Y or Opera Z but then 'lie to me' and tell me you don't support WebP, so I'm sending you WebP because I know what I am doing and you do not."