Getting Past Google Account Registration for Tablet Apps

I have a “hate / despise” relationship with “The App Stores” of the world. I’m sorry, but when I have purchased a device, mandating that I MUST give up PII data (Personal Identifying Information – the term used in the computer biz for stuff that MUST be protected) just to download the applications that make the thing worth using just galls me.

So I download and install any app that does NOT require such an “account” and use only things that are freely available. At first, this was far more than enough “stuff” to keep me happy. In the rebuild of the Samsung Tablet now underway, I’ve found it ever harder to bypass having either s Samsung Account or, worse, a Google Play Account. Even FireFox has sent me off to the Google Account page (pick one: You have already compromised your PII, or you would like to Compromise PII Now: Y or Y )

No choice of “I don’t want you tracking my every move” allowed. Interesting to note that the default browser included in the base Samsung config is flagged as “no longer supported” if you try to install an App and it throws you into the “Give Up Your PII to get a new browser” panel…

Yet there are some things out there “in the wild” still.

Some fair amount of this morning was spent getting a decent browser installed that would not leak massive information about me at every turn. AND without the PII Stamped Account info in the install. I have, so far, found three. Well, really 2 1/2. Opera and Opera-mini are really only 1/2 different.

Firefox, Opera, and more, in the top search pages, try desperately to route you over to an App Store (login / present PII / blow off privacy) process. But dig deeper, you can find non-Account versions of some apps available. (IIRC I had to tick the “allow non-official apps to be installed’ button somewhere under settings).

To save others the time, here’s a couple of places I found things. As the tablet is now relegated to “Toy For Browsing” status, I wasn’t all that worried about vetting the sites, so this might well be horrible malware… but I don’t think so. At any rate, it can’t be much worse than the PII demanding Google Play store…

First up, I didn’t find any unencumbered Firefox or IceWeasel yet. The IceWeasel may not exist for Android, being a Debian thing. Maybe I need to look for SeaMonkey to get a Firefox clone… (though I think GNUzilla may be the name now). Yet I’d HAD Firefox installed before. So I don’t know if it has been roped in to the Identity Ripoff Corral only, or I just need to look further. After a half dozen “We have it!” that had a download button that sent me to the Google Play login process, I moved on. (Part of the reason for this posting… so in future I’ll remember where I found things…)

But the GNU Foundation makes a semi-paranoid knockoff of Firefox. ( I LIKE semi-paranoid… it’s a Systems Admin thing ;-) IceCat is the name of the gizmo that looked interesting. (They also make the SeaMonkey browser / email suite). Stallman (maker of GNU) is very security, privacy, and freedom oriented. I like him, I like his stuff. Sometimes it is a PITA…

IceCat

I found it as free download from here: http://open-source-box.org/icecat/38.6.0/

It isn’t in the newest 38.8 nor the 38.7 for Android. I actually hit the 38.5.2 on a random “click way down” but just now found it in the 38.6.0 release.

They are listed as one of the approved mirrors at the GNU site. In general, anything Stallman approves is far more than the vetting I would do… Did I mention I like a modest level of paranoia in SysAdmins? 8-}

http://www.gnu.org/prep/ftp.html
which I came to from a selector here:
http://www.gnu.org/software/gnuzilla/

Introducing GNUzilla and IceCat

GNUzilla is the GNU version of the Mozilla suite, and GNU IceCat is the GNU version of the Firefox browser. Its main advantage is an ethical one: it is entirely free software. While the Firefox source code from the Mozilla project is free software, they distribute and recommend non-free software as plug-ins and addons. Also their trademark license restricts distribution in several ways incompatible with freedom 0.

Privacy protection features

LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman’s article The JavaScript Trap.

Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.

SpyBlock: Blocks privacy trackers while in normal browsing mode, and all third party requests when in private browsing mode. Based on Adblock Plus.

AboutIceCat: Adds a custom “about:icecat” homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.

Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.

It is a little slower than the old Firefox was at loading pages. Likely as it has to do inspection of JavaScript and ‘workarounds’ for the Java stuff that is “not good” and all the other spyware ‘features’… it would be less work to just let the data go, as the browser now has to fight off repeated requests and / or timeouts. But a tiny bit of slow is fine with me when I want to be a lot more private and secure.

A large bit from that embedded “Javascript Trap” link (bold mine):

The JavaScript Trap

by Richard Stallman

You may be running nonfree programs on your computer every day without realizing it—through your web browser.

In the free software community, the idea that nonfree programs mistreat their users is familiar. Some of us refuse entirely to install proprietary software, and many others consider nonfreedom a strike against the program. Many users are aware that this issue applies to the plug-ins that browsers offer to install, since they can be free or nonfree.

But browsers run other nonfree programs which they don’t ask you about or even tell you about—programs that web pages contain or link to. These programs are most often written in JavaScript, though other languages are also used.

JavaScript (officially called ECMAScript, but few use that name) was once used for minor frills in web pages, such as cute but inessential navigation and display features. It was acceptable to consider these as mere extensions of HTML markup, rather than as true software; they did not constitute a significant issue.

Many sites still use JavaScript that way, but some use it for major programs that do large jobs. For instance, Google Docs tries to download into your machine a JavaScript program which measures half a megabyte, in a compacted form that we could call Obfuscript because it has no comments and hardly any whitespace, and the method names are one letter long. The source code of a program is the preferred form for modifying it; the compacted code is not source code, and the real source code of this program is not available to the user.

In addition to being nonfree, many of these programs are malware because they snoop on the user.

Browsers don’t normally tell you when they load JavaScript programs. Some browsers have a way to turn off JavaScript entirely, but even if you’re aware of this issue, it would take you considerable trouble to identify the nontrivial nonfree programs and block them. However, even in the free software community most users are not aware of this issue; the browsers’ silence tends to conceal it.

It is possible to release a JavaScript program as free software, by distributing the source code under a free software license. If the program is self-contained—if its functioning and purpose are independent of the page it came in—that is fine; you can copy it to a file on your machine, modify it, and visit that file with a browser to run it. But that is an unusual case.

In the usual case, JavaScript programs are meant to work with a particular page or site, and the page or site depends on them to function. Then another problem arises: even if the program’s source is available, browsers do not offer a way to run your modified version instead of the original when visiting that page or site. The effect is comparable to tivoization, although in principle not quite so hard to overcome.

JavaScript is not the only language web sites use for programs sent to the user. Flash supports programming through an extended variant of JavaScript; if we ever have a sufficiently complete free Flash player, we will need to deal with the issue of nonfree Flash programs. Silverlight seems likely to create a problem similar to Flash, except worse, since Microsoft uses it as a platform for nonfree codecs.
A free replacement for Silverlight does not do the job for the free world unless it normally comes with free replacement codecs.

Java applets also run in the browser, and raise similar issues. In general, any sort of applet system poses this sort of problem. Having a free execution environment for an applet only brings us far enough to encounter the problem.

It is theoretically possible to program in HTML and CSS, but in practice this capability is limited and inconvenient; merely to make it do something is an impressive hack. Such programs ought to be free, but CSS is not a serious problem for users’ freedom as of 2016.

A strong movement has developed that calls for web sites to communicate only through formats and protocols that are free (some say “open”); that is to say, whose documentation is published and which anyone is free to implement. With the presence of programs in web pages, that criterion is necessary, but not sufficient. JavaScript itself, as a format, is free, and use of JavaScript in a web site is not necessarily bad. However, as we’ve seen above, it also isn’t necessarily OK. When the site transmits a program to the user, it is not enough for the program to be written in a documented and unencumbered language; that program must be free, too. “Only free programs transmitted to the user” must become part of the criterion for proper behavior by web sites.

Silently loading and running nonfree programs is one among several issues raised by “web applications”. The term “web application” was designed to disregard the fundamental distinction between software delivered to users and software running on a server. It can refer to a specialized client program running in a browser; it can refer to specialized server software; it can refer to a specialized client program that works hand in hand with specialized server software. The client and server sides raise different ethical issues, even if they are so closely integrated that they arguably form parts of a single program. This article addresses only the issue of the client-side software. We are addressing the server issue separately.

In practical terms, how can we deal with the problem of nonfree JavaScript programs in web sites? The first step is to avoid running it.

What do we mean by “nontrivial”? It is a matter of degree, so this is a matter of designing a simple criterion that gives good results, rather than finding the one correct answer.

Our tentative policy is to consider a JavaScript program nontrivial if:

it makes an AJAX request or is loaded along with scripts that make an AJAX request,
it loads external scripts dynamically or is loaded along with scripts that do,
it defines functions or methods and either loads an external script (from html) or is loaded as one,
it uses dynamic JavaScript constructs that are difficult to analyze without interpreting the program, or is loaded along with scripts that use such constructs. These constructs are:
using the eval function,
calling methods with the square bracket notation,
using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, …).

How do we tell whether the JavaScript code is free? At the end of this article we propose a convention by which a nontrivial JavaScript program in a web page can state the URL where its source code is located, and can state its license too, using stylized comments.

Finally, we need to change free browsers to detect and block nontrivial nonfree JavaScript in web pages. The program LibreJS detects nonfree, nontrivial JavaScript in pages you visit, and blocks it. LibreJS is included in IceCat, and available as an add-on for Firefox.

Browser users also need a convenient facility to specify JavaScript code to use instead of the JavaScript in a certain page. (The specified code might be total replacement, or a modified version of the free JavaScript program in that page.) Greasemonkey comes close to being able to do this, but not quite, since it doesn’t guarantee to modify the JavaScript code in a page before that program starts to execute. Using a local proxy works, but is too inconvenient now to be a real solution. We need to construct a solution that is reliable and convenient, as well as sites for sharing changes. The GNU Project would like to recommend sites which are dedicated to free changes only.

These features will make it possible for a JavaScript program included in a web page to be free in a real and practical sense. JavaScript will no longer be a particular obstacle to our freedom—no more than C and Java are now. We will be able to reject and even replace the nonfree nontrivial JavaScript programs, just as we reject and replace nonfree packages that are offered for installation in the usual way. Our campaign for web sites to free their JavaScript can then begin.

In the mean time, there’s one case where it is acceptable to run a nonfree JavaScript program: to send a complaint to the website operators saying they should free or remove the JavaScript code in the site. Please don’t hesitate to enable JavaScript temporarily to do that—but remember to disable it again afterwards.

Thank you to Matt Lee and John Resig for their help in defining our proposed criterion, and to David Parunakian for helping to make me aware of the problem.

Yeah, geeky and tech talk. But that’s the stuff that robs you of your privacy…

This issue of running programs inside of browsers is also why I assert it is no longer possible to secure 100% any network connected to The Internet that allows web browsing. By Definition, you are enabling any program in any web page to be run on a machine inside your firewall. It is now a race condition between their creativity and your ability to detect and respond.

Opera

I sporadically use Opera on desktops. It is usually fast, clean, and has a nice compression feature when on slow links. (Web page data is sent to their server where it is cached and compressed, then only compressed stuff is sent to you).

It is a performance engine, not a privacy engine, though (IMHO). Any time someone knows every bit you send (when using their cache and compress) it is a privacy exposure.

But I really don’t care at all if someone knows I read my own web site or WUWT ( or the N.Y. Times or…)

So when I just want speed, it can be very nice. Add in that IceCat doesn’t like many video formats (non-free or Flash security issues) and, well, sometimes you just want to see the YouTubes…

Many links in the search sent me to the “Google Account Yes or Yes?” page… This one did not:

http://opera.en.uptodown.com/android

I didn’t spend a lot of time vetting the site, as I was just putting this on a low value target. Serious machines? Vet the site more…

I also got mini-Opera there. It has more of a “mobile” presentation like typical cell phone browsers:

http://opera-mini.en.uptodown.com/android

Both are Very Fast. The Mini one also uses that “compressed on their servers” feature by default.

So with those two Opera options, and the IceCat, I can chose fast, or private and secure. Opera is very fast and very feature rich (i.e. runs videos nicely). IceCat is slower, doesn’t like videos, and is very secure. Take your pick…

In Conclusion

That’s all I’ve installed so far. It would be nice to find a Real Firefox I could download and install (without the Account…) but I’m not busy looking. I’m also coming to suspect that there is a market for actually free and privacy oriented apps. Outside of any “app store account” in an anonymous download store. Perhaps someone is already “in that space” and I just don’t know it since I never used the tablet for much beyond browser and movies…

Oddly, I did find a Very Interesting application. Debian.noroot. Unfortunately, the link the search engine found took me to… The Google Store… Maybe this one is better (though it has a link to The Store so I likely would need to enable “developer mode”…):

https://github.com/pelya/debian-noroot

Run Debian on top of Android with a single click.

No root required! Should work on any high-end device! Unleash full unrestricted desktop environment onto your mobile device! Instant frustration guaranteed! (unless you’re using mouse or stylus).

This app is NOT full Debian OS – it is a compatibility layer, which allows you to run Debian applications. Your phone is NOT rooted during installation. Also, this is NOT official Debian.org release.

There are several limitations:

It cannot mess up your Android device, because it’s a regular well-behaved Android app, which does not need root access.

No audio support. Some time ago PulseAudio was somewhat supported, but now it’s broken.

No OpenGL support. It’s possible to add it but it’s a huge chunk of work, and I will not be doing that.

No access to the device hardware. That means you cannot re-partition SD card, you cannot burn CD-Roms, you cannot run ping or sniff your network etc.

No ability to move app to SD card, so you will need a lot of internal storage.

Most servers such as SSH or Apache won’t start, because they all need root features. You can use tightvncserver instead of SSH, and wbox instead of Apache as a simple file sharing web server,

How does that work.

The Debian graphical shell is launched using PRoot, the ultimate Linux virtualization solution: http://proot.me/ Then it launches XSDL X server to render it to screen.

It looks very interesting… IF I can get generic Debian apps to run on my Android tablet, I’ll be kissing off most other apps in a heartbeat… So I’ll be exploring “how to install this without a Google Login” for a while… Hopefully something at GitHub will let me do that.

Or maybe I’ll just “root” the tablet and “move on” from Android… It is getting old enough now that I don’t care that much about it anymore, and if I “brick” it, the loss isn’t that big anymore…

(Can you tell that “It is a Very Bad Idea to annoy the Geek.” and that having the Samsung Note lose the keyboard annoyed me? ;-)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits. Bookmark the permalink.

24 Responses to Getting Past Google Account Registration for Tablet Apps

  1. E.M.Smith says:

    Well maybe that Opera download site needs more vetting…

    I opened a new tab and typed in my own url longhand… Bingo, I’ve got a “you may have won!” Redirect and popup (claiming to be Google Play related). Attempting to reload prior page via the back thingy gave a login panel for Google Play (likely a spoof…). Guess it is time to do that vetting of the site I skipped…

  2. E.M.Smith says:

    Looks
    like they claim this is a feature:
    http://blog.en.uptodown.com/uptodown-opera-giveaway-surface-pro-4/

    Given how hugely successful our last Opera Software raffle was, we’ve
    done it again with a new contest where we’re giving the lucky winner no
    less than a Microsoft Surface Pro 4 priced at €800/$900. To participate,
    all you need to do is three or more social actions that are written
    here below to enter our contest. Anyone who signs up between the 9th and
    23 of May can win, there are no regional limitations, at all. Your
    prize will be mailed anywhere in the world. Check out our terms and
    conditions below. Don’t forget, the more actions you do, the better your
    chance to win!

    http://www.operasoftware.com/portal/contestrules

    Opera Prize Giveaways: Official Rules No Purchase Required to Enter or
    Win

    Eligibility: Each Opera Prize Giveaway (the “Giveaway”) is open only to
    legal residents of the countries listed on the applicable Giveaway site,
    who are 18 years of age or older and can submit proof of said residency
    through production of a valid governmental ID or residence permit.
    Employees of Opera Software ASA, its advertising or promotion agencies,
    those involved in the production, development, implementation or
    handling of the Giveaway, any agents acting for, or on behalf of the
    above entities, their respective parent companies, officers, directors,
    subsidiaries, affiliates, licensees, service providers, prize suppliers
    or any other person or entity associated with the Giveaway (collectively
    “Giveaway Entities”) and/or the immediate family (spouse, parents,
    siblings and children) and household members (whether related or not) of
    each such employee, are not eligible. All local federal, provincial,
    and municipal laws and regulations apply. Void where prohibited by law.

    Sponsor: The Giveaway is sponsored by Opera Software ASA, P.B. 4214
    Nydalen, NO-0401 Oslo (“Sponsor”).

    Probably need to show that operasoftware site isn’t a fake knockoff…
    but in either case, fraud or Opera sposored “raffle against my will” it
    rates an avoid…

  3. E.M.Smith says:

    Doing general reputational keyword searches on both sites I’m not getting warning hits. As of now, looks more like “stupid marketing tricks” than Pur Evil.

    To bad… I like Opera, and if they’ve gone to this kind of junk, it becomes “spamware”. Sigh.

    Guess I’m on to the next fast browser option… whatever it is…

  4. E.M.Smith says:

    Again,
    I’ve not vetted this site, but it looks like the kind of place that
    makes .apk packages available without a login… has some interesting
    browser options. I’ve installed this one:

    http://www.appsapk.com/fire-phoenix-secure-browser/

    Fire Phoenix Secure Browser

    Fire Phoenix is the free mobile secure web browser based on Mozilla
    Firefox and compatible with Firefox plug-ins.
    Fire Phoenix allows to filter and track Internet traffic on mobile
    devices as well as to set up white lists or black lists of allowed and
    prohibited domain names. Using Fire Phoenix you can prohibit porno,
    gambling, cheating, violence, malware, spyware, adware and other
    categories.
    Like the official Mozilla Firefox, Fire Phoenix browser is fast, easy to
    use, & customizable, with the latest security and privacy
    features to help you stay safe on the internet.
    Features:
    . Add-ons: Customize your web browser just the way you like it with
    add-ons including ad-blocker, password manager, and more
    . Awesome Screen: Fire Phoenix keeps everything organized so you don’t
    have to. The Awesome Screen automatically sorts your favorite sites onto
    one, easy-to-read page
    . Awesome Bar: Fire Phoenix learns from you as you browse, so you never
    have to waste time looking for a website. Search your Top Sites,
    Bookmarks, and History, and Firefox will help you find the site that you
    are looking for—with little to no typing.
    . Fast: Get to the internet faster, with quick start-up and page load
    times
    . HTML5: Experience the unlimited possibilities of the mobile internet
    with support for HTML5 and Web APIs
    . Mobile Video: Fire Phoenix is perfect for mobile video, and has mobile
    video support for a wide range of video formats including h.264
    . Reader Mode: Automatically transform cluttered articles and stories
    into beautiful, easy-to-read pages right in your browser
    . Security: Keep your browsing safe & private. Control your
    privacy, security and how much data you share on the web.
    . Sync: Sync your Firefox Desktop tabs, history, bookmarks, and
    passwords to all your devices and streamline your browsing

    Also the Mercury browser that started under iOS. You must tell it to
    give you the normal site view, and the setup forces vertical mode,
    presuming a phone format…

    But both look fast and clean. I also doubt a Privacy focused browser or
    anything from iOS land will be stupid enough to hold popup raffles…

  5. Terry Jay says:

    My last installs of a browser have been Pale Moon. No App Store links, simple and easy, but have not done one in over a year. Likely does not meet a lot of your criteria, but seems based on Firefox.

  6. E.M.Smith says:

    @Terry Jay:

    No browser is ever perfect for all things. Privacy and ‘runs everything’ are mutually exclusive, for example.

    So Fire Phoenix looks great… then I found the setting for auto updates… choice is always, or on WiFi only. No OFF. fail…. Sigh.

    In my experience, browsers are a moving river. Periodically you jump in and swim through it again looking for the warm smooth places… I’ll give Pale Moon a try. I ran it once years ago and it was nice. Opera was great once, but now doing bogus things. So it goes…

    I hope I don’t have to roll my own browser from sources… that’s more work than I have time…

  7. E.M.Smith says:

    Well, this is from Pale Moon. Had to get it from a strange place…
    http://www.gamershell.com/download_110829.shtml#mirrorselection

    It was listed as a mirror on the pale moon site….

    Yup, a Firefox clone. Looks like a nice one, and familiar. Settings seemed a bit thin (like no toggle for updates.. but the P.M. site said they were short a developer, so updates not coming anyway…)

    In brief use it seems much faster than Fire Phoenix, that had notable type lags. So far, quite nice!

  8. Jeff says:

    Just another piece of dodgy code, related to keyboards, showed up at El Reg. Seems a popular flash keyboard app is questionable, at best. To me, more and more, it seems that Samsung a sad song…

    Article: http://www.theregister.co.uk/2016/06/07/android_keyboard_needs_to_see_camera_and_log_files/

    Geesh…

  9. Gail Combs says:

    Richard Stallman?
    Yeah he is a nice guy. He is also a Science Fiction buff who taught Balkin dancing at BosCons. I have even dance with him.

    https://framasphere.org/posts/1729233
    (The photo doesn’t do him justice)

    He is certainly brilliant and I am glad he started the free software idea even if I am computer challenged.

  10. Steve C says:

    I agree re Pale Moon, having been a Lunatic for some time now. I started looking for a Firefox replacement when FF started going its own, strange way some years ago – the PM fork is intentionally built without Australis, support for “legacy” hardware and OSs, etc., and is noticeably quicker than FF as a result.

    Plugins for it are a bit of a grey area: I think PM uses its own development of FF’s older sockets, so that some plugins on the Mozilla site (including, sadly, LibreJS) just declare that they will not install on “Firefox 24.9” when it’s really PM 26.2.2. But with NoScript, Adblock Latitude (special port), etc, I find it feels very much like FF used to, quick and clean and unfussy.

    Agree too re the deplorable tendency of some sites to use overblown Javascript trickery to sneak God-Only-Knows-What into your box and run it without mentioning it. No. If I am reading a page, the clue is in the phrase “reading a page” – I am explicitly not simultaneously giving permission to the site owner or anyone else to run anything on my machine. NoScript (unlike Google) is your friend.

    I think you’re being very indulgent with that Samsung, after coming across an insane bit of dire programming like that. I would have been looking to see if I could get a Pi talking to its video chip a long way back down the line! There ought to be a sort of Darwin Award for software – it’d be a strong contender.

  11. E.M.Smith says:

    @Steve C.:

    Since I already own it, and despise waste, it will be repurposed. It is now the “insecure browser while at Starbucks” portable. As it was the first couple of years. I’d only done a few months of encryption (tepid) trials and not finished evaluation, when it failed…

    I really don’t mind treating it like a CD or DVD based browser box when at Starbucks…. In some ways, knowing it is insecure is better. Instead of worry about what might crawl in over time, I can just have planned “wipe and reset” intervals. The .apk images stored on a chip for rapid restor to original state…

    It is an Aikido thing… use your opponents power against them… join with their energy, turn it, direct it back to them, do not fight them, step off the line of attack and let them fight themselves…

    Any agency at the airport will get to spend months reading climate pdf files from any copy they make… maybe they will learn to be skeptical :-)

    @Jeff:

    Why I talk about vetted vs unvetted sites and don’t install crapletts on my boxes and like to start from trusted vendor sites using their mirrors and… have a personal DNS that grounds blocks of IPs and like blinky light routers (why is light blinking when I am not accessing the internet?) and turn off auto update and…

    “I’m not paranoid, I’m the SysAdmin, they ARE out to get me!”
    very old SysAdmin joke wisdom…

    @Gail:

    very different picture of him! Nice.

    @All:

    Pale Moon is nice and fast. Now my default as I slowly continue testing browsers…

  12. Larry Ledwick says:

    I just loaded the 64 bit pale moon browser on my desktop and taking it for a test drive.

  13. Larry Ledwick says:

    So far so good on the Pale Moon browser, mostly like firefox but it did throw me one curve ball. It took a while to figure out how to get to the pull down where you can clear cookies etc.

    On the far left of the task bar for the page you are on are two icons, the lock icon if it is an https address and a site specific icon for the web page you are on.

    If you click on that icon it gives you basic info on the web page such as who owns it etc.
    For example on this web page it shows you:

    You are connected to
    WordPress.com
    which is run by
    (unknown)
    Verified by:GoDaddy.com, Inc.

    Your connecton to this website is encrypted to
    Prevent eveesdropping

    More Information

    If you click on that “More Information” button you get a panel which allows you to View Certificate, View Cookies, or view Saved Passwords.

    If you click on the view cookies button you get a panel that shows you the cookies used by the site you are on, if you clear the entry in the search field at the top of the window you can see all your cookies and delete individual cookies for any web page.

    I wish they (and fire fox) had an option to preserve cookies for certain web sites so you could hit the “Remove All Cookies” and clear all cookies except a handful of trusted pages you don’t want to have to log back into each time you clear all the other cookies, but that not being an option you have to manually delete cookies being careful no to delete the couple you want to preserve.

    Other than that has some nice features which I am still playing with. I removed most of the options it shows you on the home page, I have no intention of ever going to LinkedIn or some of the other options they give you with the default install.

    So far I am running it and still have firefox installed but it if continues to prove stable I might nuke the firefox.

    The only odd thing I have noticed is sometimes it hangs for a bit if you try and close a tab with the X option in the tab, not sure what it is doing but it has happened twice to me that it seems to have taken excessively long to close the tab and other browser sessions freeze up while it is scratching its head trying to close the tab.

  14. E.M.Smith says:

    I’ve also noticed a long pause on opening a new text windo, like entering a search term… aybe loadi g a dictiionary or…?

    Not a deal killer yet, but in thd annoying range.

  15. View from the Solent says:

    I
    too have used Pale Moon for a couple of years. Also, do you know of
    Ixquick?
    https://ixquick.eu/
    (I think there’s a US version.)
    It’s a meta-search engine that uses several of the regular search
    engines and keeps you anonymous. Details at
    https://ixquick.eu/eng/protect-privacy.html?hmb=1

    I prefer their alternative product startpage.
    https://startpage.com/

    Ixquick throws me a lot of non-UK (where I live) search results.
    Startpage is a portal to only Google search and I can restrict it to
    (almost entirely) UK results. I guess there’s a US version as well.

    There’s a wiki entry for background info, as well as their home page.

  16. Larry Ledwick says:

    I use ixquick as my default search engine, the only time I use google is to make a very specific search using their advanced search function. Sometimes ixquick serves up too much inappropriate or not very specifically relevant stuff on some search keys.

    I am disenchanted with the pale moon “start page” you cannot save changes to it without “setting up an account” (name email etc.) which is the exact thing you want to avoid in a browser that they imply is high security. A tool should have no reason to capture your personal info.

    Also for $45/year you can get rid of their little add banner at the bottom of the page. I suspect it is set up to harvest data and during those long pauses it is “phoning home” with browsing history or something but have not tried to track what it is doing.

    Being right handed it is irritating that they put the pale moon page reload button all the way on the left side of the task bar. If I am browsing, I rest the mouse cursor on the right margin of the page, and the reload on the right end of the task bar as in firefox is much more natural.

  17. View from the Solent says:

    Larry, I don’t use the Pale Moon “start page”. The uncluttered Start Page search engine is set as my home page and, as far as I can remember, I’ve never set up an account with Pale Moon.

    If you select View -> Toolbars->Customize you can drag the Reload button to the RH of the Menu Bar.

  18. Larry Ledwick says:

    Ahhh I had been looking for how to set the home page to my preference, finally found it. I did not realize that “start page” is a feature and not directly incorporated into pale moon

  19. Larry Ledwick says:

    In a related security note:

    http://www.foxnews.com/tech/2016/06/09/hackers-may-have-used-malware-to-grab-33-million-twitter-account-credentials.html

    It appears that there is a major cottage industry harvesting user credentials directly from their browsers “save passwd” function. It does not mention what malware is harvesting the data, or if good virus software will catch and block such activity.

    I try to avoid saving passwords for important web pages but do occasionally save ones for inconsequential sites I visit all the time. I may want to stop doing even that limited password saving.

    In a separate issue does anyone know of a way to stop advertisements from auto playing video?
    I don’t mind them showing a static image off on the margin of the page, It just drives me nuts when I get audio playing when I have not clicked on anything and I have to search around on the page to figure out what took off on its own. Sometimes even if you find it, you cannot pause it.

    I’m sure a complete ad blocker would do that but I would be perfectly happy to just stop them from playing the audio/video streams when I take no action to view them.

    I tried about:config and then toggled both of the following to false, but it completely blocks all images on twitter which I use as a news feed.

    media.autoplay.enabled and media.autoplay.allowscripted

  20. Larry – I think one of the reason for HTML5 is that it will play videos without needing Flash, and so the user won’t be able to stop a video (advert) playing by blocking Flash. If they can’t deliver the adverts, then they aren’t making money from them and the website’s financing model breaks down. It used to be that animated GIFs got around that as well, though they aren’t often used these days.

    Maybe change the browser for one that won’t deal with HTML5…. That will probably break quite a few things like Twitter, FB etc. but you can always fire up an up-to-date version if you want to look at those. I’m sort-of hoping EM gets annoyed with that too and finds an open-source browser that can thus have certain unwanted capabilities (including the tracking cookies) not compiled in.

  21. E.M.Smith says:

    @Larry:

    I use Ice Cat browser for that. It does all sorts of security things, that include breaking video.

    When I see a video I want to watch, paste the page url in Pale Moon or Firefox and load / watch it…

    Yes, a bit cumbersome, but works.

  22. Larry Ledwick says:

    Well I had to uninstall it, after making that about:config change and then toggling the settings back to the original settings, things did not return to the original where I could see even static images, all images remained broken. I will mess with it later, but right now functioning as intended is more important so back to fire fox for now.

    Without being able to see images on twitter and other stuff (it basically broke all of them) you have to open every single thread to figure out what it is talking about. The 140 character limit on twitter is bad enough, but often times without the associated image the comment is meaningless. For a way to quickly know what is going on in the news (which is what I use twitter for) it is a deal breaker. Scanning twitter comments is the closest thing I have found to having a real time updated newspaper where you can quickly scan the head lines and only follow up on stuff if you are interested.

  23. kneel63 says:

    umm, for android devices, search on ” apk”
    For firefox, the top google result is the firefox wiki page that links a download that doesn’t require the PII run-around.
    Two gotchas:
    1) you have to turn on “unsupported”/”unofficial” app installs (you have already);
    2) you have to manually update – probably you are happier with this anyway (my guess)

  24. kneel63 says:

    damn! forgot about html and it screwed me.
    make that “<app name> apk
    (and hopefully, that works)

Comments are closed.