[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-librejs] Detection of fake license information on websites?

From: Dmitry Alexandrov
Subject: Re: [Help-librejs] Detection of fake license information on websites?
Date: Tue, 05 Feb 2019 17:27:25 +0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

grizzlyuser <address@hidden> wrote:
> Sorry, I should have phrased that a bit differently to eliminate confusion. I 
> meant 'malicious' in broader sense, that includes the limiting of the four 
> essential freedoms the user have.

My bad, perhaps, — as you noticed, I am not quite good at English, thus often 
miss context, get words too literally.

>> Well, how can you provide a fake information about the licence? Except 
>> perhaps, when you grant rights, which you are not eligible to grant...
> By supplying free license data that way, and at the same time embedding 
> something like non-free EULA in the code in format that's not recognized by 
> the extension...

Yes, you are right, it’s hard to be sure how to interpret self-contradicting 

>> I chose µMatrix, since unlike µBlock (by the same author) it not only blocks 
>> scripts but also properly shows <noscript> content when they are blocked
> This is a bit off topic

Well, LibreJS does not do that either, does it?

> but latest versions of uBlock Origin have master switch to disable all JS 
> (also works on per-domain basis). Good news is that unlike separate features 
> for blocking of inline, 1st- and 3rd-party scripts, it honors <noscript> tag 
> as you might expect.

Aha!  Thanks for info, I see now.  So we can enable ‘no-scripting’ globally, 
and when it is not beneficial to fallback to <noscript>, we have to use old 
granular switches:

    no-scripting: false * inline-script block * 1p-script block * 3p-script block

Highly unobvious, compared to µMatrix, which have self-descriptive 
‘noscript-spoof’ rule for that, but works.

In the case anybody wonder, why it is important to have this option: there are 
websites, where using <noscript> version not only does not improve, but much 
worsens the experience.

The most notable (one might even say — extreme) example is probably  Try to read (okay — look at — as I failed to find any single 
page in English there) this [0], for instance.  You can even notice for a 
moment that the page is loaded in a pretty readable state without any ad-hoc 
programs, nevertheless browser hard-redirects you to a page, that only says 
that “JavaScript and Cookies need to be supported in order to use the site”.  
This dirty trick is done with <noscript>.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]