Sampei.Nihira Posted November 24, 2024 Posted November 24, 2024 If you have that much time,for me OK. Start showing me with pictures your settings especially the ones that you feel you need to harden. For example at the “javascript” setting I blocked in my Chromium-based browser all js from HTTP websites. This can also be done from uBlock Origin but it is better to do this from the browser because if you have to disable uBlock origin in a certain amount of time you are NOT protected. So start.....io wait.
NotHereToPlayGames Posted November 24, 2024 Posted November 24, 2024 (edited) 3 hours ago, Sampei.Nihira said: For example at the “javascript” setting I blocked in my Chromium-based browser all js from HTTP websites. This isn't 1994. Nowadays, you should block ANYTHING-and-EVERYTHING that is fed to you via HTTP versus HTTPS, not just js from HTTP. Several of Firefox's embedded telemetry connections occur over HTTP, not HTTPS, they do this for a reason. I have a hunch that even "HTTPS Everywhere" does NOT convert these to HTTPS. Just a hunch. This is also one of those topics for the "Google Haters" that love to blame "googlisms" for the downfall of the internet. Timeline The "HTTPS Everywhere" phenomenon only evolved due to Google's push for HTTPS in their Gmail and search. Edited November 24, 2024 by NotHereToPlayGames
Sampei.Nihira Posted November 24, 2024 Posted November 24, 2024 (edited) Blocking port 80 via the firewall is not on topic,the topic is hardening the browser settings, because the user is using XP and I don't know if he is using XP's default firewall without outbound connection control. HTTPS Everywhere is an obsolete extension to use even in Thorium which has the setting to always enable HTTPS (which is obviously advisable). Detecportal.firefox.com,which you highlighted in the image, can be disabled in Firefox from about:config and you will see in about:networking that it is always set to false (0) so inactive When I wrote to the user in question he was NOT referring to FF but to any Chromium-based browser,quite equivalent to my Edge. P.S. You and other forum members can, of course, also continue to teach @jumper how to harden his own Thorium. It is not just my prerogative........ P.S. 1 If you want to test follow this procedure......but be very careful (I obviously will NOT be responsible for any damage caused by yourself): Edited November 24, 2024 by Sampei.Nihira 1
NotHereToPlayGames Posted November 24, 2024 Posted November 24, 2024 50 minutes ago, Sampei.Nihira said: you will see in about:networking that it is always set to false (0) so inactive Technically, it's only ever active for <200ms. You will never "catch it" in about:networking.
NotHereToPlayGames Posted November 24, 2024 Posted November 24, 2024 <OT> Watching an episode of "Mega Brands That Built America". Microsoft versus Apple in the early days. Can't help but laugh that every commercial break is Dodge RAM. </OT>
D.Draker Posted November 25, 2024 Posted November 25, 2024 On 11/22/2024 at 6:53 PM, jumper said: So for Thorium on XP, what default settings should I be changing? User allowed settings suck, they can be reset, ignored, etc. Policies also suck. they're for goofs, you're better off with CMD flags applied at the start, This is what I call "hardening". 2
D.Draker Posted November 25, 2024 Posted November 25, 2024 23 hours ago, NotHereToPlayGames said: Dodge RAM. Dodgy RAM?
D.Draker Posted November 25, 2024 Posted November 25, 2024 On 11/23/2024 at 9:14 PM, jumper said: How about some, then? I think people already mentioned a good set of flags in this topic that worked best for them, each user would have its own. It depends whether you use google services or not like gmail, etc. 3
D.Draker Posted November 25, 2024 Posted November 25, 2024 --no-first-run --no-default-browser-check --disable-breakpad Start with those, then add the new ones until you're satisfied. Don't make a huge list though. 4
D.Draker Posted November 25, 2024 Posted November 25, 2024 --ignore-certificate-errors will bypass all of the cert errors for you on XP. But it's a security risk. 4
Saxon Posted December 25, 2024 Posted December 25, 2024 On 11/24/2024 at 8:51 PM, D.Draker said: --ignore-certificate-errors will bypass all of the cert errors for you on XP. But it's a security risk. They are well aware of the problem, and, for now, this flag is the only solution for XP users, https://github.com/win32ss/supermium/discussions/995 2
AstroSkipper Posted March 6 Posted March 6 The last Thorium update for Windows XP was in June 2024. That was almost 9 months ago. Has the Thorium Legacy project been cancelled? 3
VistaLover Posted March 7 Posted March 7 1 hour ago, AstroSkipper said: Has the Thorium Legacy project been cancelled? https://github.com/Alex313031/thorium-legacy/issues/124 Quote This repo will be updated to M124 soon. ... wrote the author on Aug 3rd, 2024... Similar issues weren't even replied to by the author: https://github.com/Alex313031/thorium-legacy/issues/115 https://github.com/Alex313031/thorium-legacy/issues/105 The source repo showed some further activity as recent as Nov 13th, 2024, https://github.com/Alex313031/thorium-legacy/commits/main/ but it seems that's where things got stuck... Currently, only Thorium for Linux/Win10+ is still being developed and binaries publicly released, so I'd assume Thorium Legacy is, in practice, "frozen" ... 1
D.Draker Posted March 7 Posted March 7 11 hours ago, VistaLover said: Currently, only Thorium for Linux/Win10+ is still being developed and binaries publicly released, so I'd assume Thorium Legacy is, in practice, "frozen" ... It was exactly the same until win32ss shared the code with him so he could continue, otherwise Thorium was stuck at the last officially supported 109 for years. That tells us the guy can only move forward with someone else's code. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now