[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preliminary work on IceCat 78 now pushed to the 'master' branch

From: brn
Subject: Re: Preliminary work on IceCat 78 now pushed to the 'master' branch
Date: Thu, 10 Sep 2020 12:58:19 +0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0


(again, apologies to Mark for double posting, not enough sleep on my part.)

On 10/09/20 06:00, Mark H Weaver wrote:
Hi, writes:

Regarding unwanted connections: You've all most likely seen the recent
paper below, but just in case you haven't:

The reference above details methodology deployed to analyse various
browsers network activity at "rest".  Firefox was one of the browsers

I hadn't seen it, thanks!  Among other things, it brought my attention
to 'mitmproxy', which may be a good tool to decrypt HTTPS connections.


I am glad that it has proven itself as a useful resource. The thanks major is indeed to Doug Leith, the paper's author, and also to Martin Brinkmann, who alerted his readership of the existence of the paper via:

Upstream Firefox is certainly a time consuming headache to silence 'out of the box':

One feature (among others) that worries me is the automatic connections Firefox makes to check the revocation and security status of installed certificates and extensions/plugins. These happen at any time unless deactivated via more than one setting via what was "about:config" or via a local user.js file, or a system wide config file(s). I have historically deactivated this via the required (unlocked) settings in an autoconfig file and then manually re-enabled them via "about:config" for a session wholly dedicated solely to checking the status of installed certificates and extensions. The autoconfig file ensures that the required settings are deactivated again after the session is extinguished and a new session launched.

What deeply unsettles and irritates me; is that Mozilla do not offer a location where new blocklists and similar are published along with the respective signatures and checksums, thereby allowing those of us who wish to manually check things, to download via wget(1) or similar, and install at our own pleasure, not Mozilla's.

All that said, I watch this project with intense interest and will offer any assistance which may be useful, when I have the opportunity to do so.

My kindest regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]