[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-librejs] Detection of fake license information on websites?

From: grizzlyuser
Subject: Re: [Help-librejs] Detection of fake license information on websites?
Date: Sun, 03 Feb 2019 10:27:54 +0000

Dmitry Alexandrov <address@hidden> wrote:

> I’m not affiliated with LibreJS, yet let me tell you, that no, you probably 
> misunderstood the goal. That is not the main reason, not even the secondary. 
> Freedom has little to do with maliciousness or ‘privacy’. Only with freedom.

Sorry, I should have phrased that a bit differently to eliminate confusion. I 
meant 'malicious' in broader sense, that includes the limiting of the four 
essential freedoms the user have.

> Well, how can you provide a fake information about the licence? Except 
> perhaps, when you grant rights, which you are not eligible to grant (because 
> you are not the proprietor of the program or otherwise). Note, that does not 
> necessary require any evil intentions, it also may be a honest mistake. In 
> any case, that’s a thing we hardly can fully control whatsoever, for any type 
> of creative work.

AFAIK, LibreJS looks for some license headers or metadata in specific 
format(s). By supplying free license data that way, and at the same time 
embedding something like non-free EULA in the code in format that's not 
recognized by the extension, it seems this is possible to provide fake license 
info just to work around LibreJS blocking.

> This is not panacea, however. It is possible, that the source is not directly 
> runnable by browser, but indeed may require some building from another 
> language, such as Coffescript.

Or TypeScript, or whatever. That's exactly what I meant, please excuse me for 
confusion again :)

> I chose µMatrix, since unlike µBlock (by the same author) it not only blocks 
> scripts but also properly shows <noscript> content when they are blocked
This is a bit off topic, but latest versions of uBlock Origin have master 
switch to disable all JS (also works on per-domain basis). Good news is that 
unlike separate features for blocking of inline, 1st- and 3rd-party scripts, it 
honors <noscript> tag as you might expect.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]