[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-librejs] Detection of fake license information on websites?
From: |
Dmitry Alexandrov |
Subject: |
Re: [Help-librejs] Detection of fake license information on websites? |
Date: |
Tue, 05 Feb 2019 17:27:25 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
grizzlyuser <address@hidden> wrote:
> Sorry, I should have phrased that a bit differently to eliminate confusion. I
> meant 'malicious' in broader sense, that includes the limiting of the four
> essential freedoms the user have.
My bad, perhaps, — as you noticed, I am not quite good at English, thus often
miss context, get words too literally.
>> Well, how can you provide a fake information about the licence? Except
>> perhaps, when you grant rights, which you are not eligible to grant...
>
> By supplying free license data that way, and at the same time embedding
> something like non-free EULA in the code in format that's not recognized by
> the extension...
Yes, you are right, it’s hard to be sure how to interpret self-contradicting
terms.
>> I chose µMatrix, since unlike µBlock (by the same author) it not only blocks
>> scripts but also properly shows <noscript> content when they are blocked
>
> This is a bit off topic
Well, LibreJS does not do that either, does it?
> but latest versions of uBlock Origin have master switch to disable all JS
> (also works on per-domain basis). Good news is that unlike separate features
> for blocking of inline, 1st- and 3rd-party scripts, it honors <noscript> tag
> as you might expect.
Aha! Thanks for info, I see now. So we can enable ‘no-scripting’ globally,
and when it is not beneficial to fallback to <noscript>, we have to use old
granular switches:
no-scripting: example.org false
example.org * inline-script block
example.org * 1p-script block
example.org * 3p-script block
Highly unobvious, compared to µMatrix, which have self-descriptive
‘noscript-spoof’ rule for that, but works.
In the case anybody wonder, why it is important to have this option: there are
websites, where using <noscript> version not only does not improve, but much
worsens the experience.
The most notable (one might even say — extreme) example is probably
https://vk.com. Try to read (okay — look at — as I failed to find any single
page in English there) this [0], for instance. You can even notice for a
moment that the page is loaded in a pretty readable state without any ad-hoc
programs, nevertheless browser hard-redirects you to a page, that only says
that “JavaScript and Cookies need to be supported in order to use the site”.
This dirty trick is done with <noscript>.
[0]
https://vk.com/@mozillaru-vypusk-gnu-librejs-711-dopolneniya-dlya-blokirovaniya-nesvob
signature.asc
Description: PGP signature