If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rating: | Display Modes |
#61
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
On 2015-06-14, David W. Hodgins wrote:
On Sun, 14 Jun 2015 12:23:38 -0400, John Hasler wrote: There are better choices for a caching-only server than BIND, though. If you only want a caching only name server, that's true. I also want to be able to use the name server for dns within my lan. It took a while to learn how to configure bind to do that, but it works. I did provide a list earlier in this thread of other name servers, most of which are caching only servers, not suitable for setting up dns within a lan. Dnsproxy does that too, It'll also serve all the names in /etc/hosts to the lan, and possibly also the names announced in DHCP requests. -- umop apisdn |
Ads |
#62
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
Jasen Betts writes:
it's have all the top level domains you've used recently. It'll have all the domains anyone who uses it has used recently. -- John Hasler Dancing Horse Hill Elmwood, WI USA |
#63
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
On Sun, 14 Jun 2015 22:07:54 -0300, Shadow wrote:
The "firewall" is also meant to block access to pedophile sites /and/ to sites that name certain pedophiles. That's rough. I guess you've never heard of Tony Blair, then ? He is certainly certain. I don't get it; probably the language barrier... (?) -- s|b |
#64
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
On Mon, 15 Jun 2015 19:41:37 +0200, "s|b" wrote:
On Sun, 14 Jun 2015 22:07:54 -0300, Shadow wrote: The "firewall" is also meant to block access to pedophile sites /and/ to sites that name certain pedophiles. That's rough. I guess you've never heard of Tony Blair, then ? He is certainly certain. I don't get it; probably the language barrier... (?) No, a censorship barrier. Put this in Google: "Tony Blair arrested twice public toilets" If you look hard enough, you will recognize him from the pictures they took when he was booked. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#65
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
On Sun, 14 Jun 2015 02:20:20 +0000 (UTC), Werner Obermeier
wrote: "Mayayana" wrote in : OpenDNS Also, 4.4.4.2 is not Google. It's Level3. Is this correct yet for the recommended DNS servers: 8.8.8.8 (Google - but they probably remember forever) 4.4.4.2 (Level3 - who knows what they remember?) This may have been corrected in a later post, but the Level 3 servers are 4.2.2.1 thru 4.2.2.6. 208.67.222.222 (OpenDNS - who knows what they remember?) 208.67.220.220 (OpenDNS - who knows what they remember?) -- Char Jackson |
#66
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| This may have been corrected in a later post, but the Level 3 servers are
| 4.2.2.1 thru 4.2.2.6. | It's easy enough to check these things: http://www.ip-adress.com/whois/4.4.4.2 IP addresses held by a company are not necessarily contiguous. The report for 8.8.8.8 also lists Level3 as the registrant but then lists Google as the "ISP". I don't know what that means. I guess that maybe Google owns the address but Level3 manages the low-level, technical issues for them. |
#67
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| Google track to where you navigated from their search results by making | the clickable links into refs links. The link actually goes to Google | with parameters that specifies the target site from the search result on | which you click. That way, they could track how many users were going | to the same site. | | For example, on a Google search on "window air conditioner", one of the | search results (and not a sponsored one) was for Walmart. When you | hover the mouse over the link using IE, its status bar makes you think | that link goes directly to Walmart at: | | http://www.walmart.com/c/kp/window-air-conditioners | | Nope, instead the actual href for the A HTML tag for the link goes to: | | http://www.google.com/url?sa=t&rct=j...95515949,d.cWc Presumably you've enabled javascript. That's one of the many good reasons not to enable it. It's allowing Google to lie to you about what they're doing by hacking the status bar content. They can't do that with script disabled. I see the whole, sorry mess when I hover over a link. I started seeing Google's tracking redirect some time ago. I guess probably at least a couple of years ago. I also don't normally allow cookies. I don't know whether they bother with the redirect if one does allow cookies. It seems to function as basically a cookie substitute. That's one reason I switched to duckduckgo -- it's tedious to pick out the real URL in order to thwart Google tracking. There's also a redirect from the landing page that most people won't see. I don't remember offhand which setting made me see that. I think it's "accessibility.blockautorefresh", which I set to true to stop two problems: 1) Sites that set meta refresh to 0 and thus cause an endless loop. (A spiteful action for blocking script? I don''t know. The only legitimate use of that technique I know of is for use in an index page to make indexing of a server folder difficult.) 2) News sites that think it's clever to erase the page you're reading every few minutes and replace it with an "updated" one. In any case, I have to click to allow the redirection in Pale Moon. This is the landing page after I run a search: https://www.google.com/search?hl=en&...ts=&gws_rd=ssl This is the page Google redirects to: https://www.google.com/search?q=air+...NeTHsZwvloL4Cw Note that it's been tagged with what looks like a UUID, in the parameter "sei", which seems to be a unique ID for that page. That's not necessarily a bad thing. Such things can be done for server-side tracking where that's necessary. But duckduckgo doesn't do it, and their "Next" link at the bottom of the page doesn't contain any unique ID in the HREF code. Also, if you allow permanent cookies or join any of Google's functions like gmail, you're probably not only tracked but also shown a personalized page. Knowing that sheds light on another possibility with the sei parameter: Since the Googlites try to customize what you see, the UUID makes sense. If you click the link to look at ACs at Bloomingdales they know to show you more upscale ads and links on the next page, rather than Target links or ads. For the duration of that search session Google can build a profile of you. That's another problem with online spying that's not talked about very much: The dubious "feature" of personalized pages. If I search for an AC I want to know about ACs. I don't want to just see what Google's formulae determine that I want to know about ACs. I read recently that Facebook is even picking what new items will surface in one's "feed", based on how much time has been spent reading various articles. The idea is not to help people reach their friends. It's simply to keep everyone on Facebook as long as possible. So "feed" is actually a good term. Like cows: Food goes in and salable milk comes out. |
#68
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| True dat. And many Web sites, including my BrownMath.com and
| OakRoadSystems.com, have domain-specific Google searches. | It's not so hard to set up your own site search using a local database. I use ksearch, and have for years. Though I'm not sure whether ksearch is still available and maintained. You also will need a decent web host. The cheapo deals usually don't offer direct control of the actual server config and only allow whatever functionality comes with their cheapo hosting package. Your Siteground host seems to be a Tucows reseller. They may or may not provide the kind of access you'd need to set up your own search. |
#69
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
Mayayana wrote:
| Google track to where you navigated from their search results by making | the clickable links into refs links. The link actually goes to Google | with parameters that specifies the target site from the search result on | which you click. That way, they could track how many users were going | to the same site. | | For example, on a Google search on "window air conditioner", one of the | search results (and not a sponsored one) was for Walmart. When you | hover the mouse over the link using IE, its status bar makes you think | that link goes directly to Walmart at: | | http://www.walmart.com/c/kp/window-air-conditioners | | Nope, instead the actual href for the A HTML tag for the link goes to: | | | http://www.google.com/url?sa=t&rct=j...95515949,d.cWc Presumably you've enabled javascript. That's one of the many good reasons not to enable it. It's allowing Google to lie to you about what they're doing by hacking the status bar content. They can't do that with script disabled. I see the whole, sorry mess when I hover over a link. I started seeing Google's tracking redirect some time ago. I guess probably at least a couple of years ago. I also don't normally allow cookies. I don't know whether they bother with the redirect if one does allow cookies. It seems to function as basically a cookie substitute. That's one reason I switched to duckduckgo -- it's tedious to pick out the real URL in order to thwart Google tracking. There's also a redirect from the landing page that most people won't see. I don't remember offhand which setting made me see that. I think it's "accessibility.blockautorefresh", which I set to true to stop two problems: 1) Sites that set meta refresh to 0 and thus cause an endless loop. (A spiteful action for blocking script? I don''t know. The only legitimate use of that technique I know of is for use in an index page to make indexing of a server folder difficult.) 2) News sites that think it's clever to erase the page you're reading every few minutes and replace it with an "updated" one. In any case, I have to click to allow the redirection in Pale Moon. This is the landing page after I run a search: https://www.google.com/search?hl=en&...ts=&gws_rd=ssl This is the page Google redirects to: https://www.google.com/search?q=air+...NeTHsZwvloL4Cw Note that it's been tagged with what looks like a UUID, in the parameter "sei", which seems to be a unique ID for that page. That's not necessarily a bad thing. Such things can be done for server-side tracking where that's necessary. But duckduckgo doesn't do it, and their "Next" link at the bottom of the page doesn't contain any unique ID in the HREF code. Also, if you allow permanent cookies or join any of Google's functions like gmail, you're probably not only tracked but also shown a personalized page. Knowing that sheds light on another possibility with the sei parameter: Since the Googlites try to customize what you see, the UUID makes sense. If you click the link to look at ACs at Bloomingdales they know to show you more upscale ads and links on the next page, rather than Target links or ads. For the duration of that search session Google can build a profile of you. That's another problem with online spying that's not talked about very much: The dubious "feature" of personalized pages. If I search for an AC I want to know about ACs. I don't want to just see what Google's formulae determine that I want to know about ACs. I read recently that Facebook is even picking what new items will surface in one's "feed", based on how much time has been spent reading various articles. The idea is not to help people reach their friends. It's simply to keep everyone on Facebook as long as possible. So "feed" is actually a good term. Like cows: Food goes in and salable milk comes out. The redirection links don't solely rely on Javascript. The link takes you to a Google server that will record time, date, IP address of user, target site, and other logistics. The OP assumed DuckDuckGo was somehow better than Google regarding tracking on what search results are click on; however, they do the same thing as Google in using a redirection URL for their links. Ixquick doesn't fake out the web brower's status bar but they also use script events to do their tracking instead of relying on redirection links. So Ixquick is probably the only out of the 3 where disabling scripting would thwart tracking. I had mentioned how the script was lying about the target site for a link when hovering over it with the mouse. That was for IE. I thought Firefox had its own on-hover popup that showed the real target of a link rather than rely on a status bar. Of course, if scripting is permitted then the web browser may not see the real target until the script is run to then have the web browser go there; i.e., the user would have to click on the scripted link to run the events that actually build the URL to the target site to where the web browser then visits. So is there really a safe and anonymous search engine site? How would it monitor its load, access from different regions, or provide other logistics used to maintain and improve the site? Firefox lets you disable meta-refresh. As I recall, it presents an infobar telling you about the meta-refresh block and lets you opt if you will allow it. Alas, I also recall that it did not tell you to where the meta-refresh pointed. So you knew there was an interstitial page but not to where it wanted to redirect you. Google's Chrome doesn't let you disable meta-refresh hence it is less secure. Often users confuse stability with security. For IE, and when visiting unknown or untrusted sites, I use a shortcut that runs a .bat file that uses reg.exe to set some options IE, like disabling meta-refresh, disable scripting, and enables private mode. Of course, that means that I have to remember to use that shortcut to safely visit an unknown site. It took over a decade before Mozilla finally got around to implementing the mixed-mode option that was long available in IE. If HTTPS is used to visit a site then the expectation is tht the web page is secure. If any content is delivered via HTTP when visiting an HTTPS page (mixed content) then it is not secure. I configure IE to block mixed content (prompt me about it and I choose). Even when Mozilla got around to added their mixed content options, they chose to make 2 different options. They assume that images via HTTP are safe. That means any site that creates or modify an image to include your personal info within the image, like an overlay, will divulge info over a non-secure transport. So you have to change Mozilla's defaults. As I recall, Mozilla only let you block the mixed content, not to alert you that it did so. So it's not only about finding a safe search site but also in configuring your web browser away from its defaults to tweak it to be secure (if possible since, as noted, meta-refresh cannot be disabled or prompted in Chrome). |
#70
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| The redirection links don't solely rely on Javascript.
That's not what I meant. I know the links themselves don't use script. But hiding them in the status bar relies on script. You said that you're seeing the normal link in the IE status bar. That's not an IE thing. It's a browser scripting hack. There used to be an option to block it in FF options. These days one needs an extension just to get control over script at all in the FF options window. The status bar hack stopper is he dom.disable_window_status_change It's a standard part of the DOM: window.status I don't know of any way that hack can be carried out without script. So I gather that you (of all people!) are travelling online using IE with script enabled. And I suppose you're online through AOL, logged into Facebook.... What did you do with the real VanguardLH? | The OP assumed DuckDuckGo was somehow | better than Google regarding tracking on what search results are click | on; however, they do the same thing as Google in using a redirection URL | for their links. No, they don't. I don't know how you got that idea. Try seaching for air conditioner at duckduckgo. When you hover over the link you should see the normal URL, even with script enabled. If you look at the source code you'll see it's actually very clean and simple: a rel="nofollow" href="http://www.walmart.com/cp/air-conditioners-heaters-fans/133032" The ad links at the top have involved links, but those are just for the advertiser to know the click came from duckduckgo. They don't try to hide that in the status bar, either. In fact, the page I see seems to have no script at all. There are no script tags and no "onclick" or "onhover" inline script, while Google's page is *mostly* obfuscated script. | Ixquick doesn't fake out the web brower's status bar | but they also use script events to do their tracking instead of relying | on redirection links. Ixquick has direct links and proxy links that are supposedly more private. They do have a lot of script, but it seems unlikely that they're tracking with it. That would be in opposition to their whole business model. | So Ixquick is probably the only out of the 3 | where disabling scripting would thwart tracking. Are you serious? You're allowing any number of things with script enabled. Sites get tremendous control over the webpage. Some of that can be done without script. For instance, many pages that use script for tracking will use a NOSCRIPT tag to set a web beacon for non-script browsers. (Which can be blocked through a HOSTS file.) Here's an example: noscriptiframe src="//www.googletagmanager.com/ns.html?id=GTM-K9RKM5" height="0" width="0" style="display:none;visibility:hidden"/iframe/noscript The script on that page will do the same thing. But both are blocked by having googletagmanager in one's HOSTS file. (It also helps to block frames.) With script enabled you're a sitting duck, plain and simple. The status bar is a good example. It's crazy that that's even part of the DOM. It dates to a more innocent time. With script enabled the page is dynamically just about anything they want it to be. Then there are also the extra connections: If you don't block IFRAME Facebook buttons, for instance, by blocking frames and/or facebook.com, then you're letting Facebook run cross-site scripting. If you use the NoScript extension or other software that reports connections you'll quickly see that many sites just keep reaching out. Their page links to 3 other script sources, which then link to other script sources. You can easily end up with a dozen companies running unknown script in your browser. (You may even load a dozen extra pages through IFRAMEs on many sites. And each of those becomes a 1st-party page load that can then run script.) |
#71
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
Mayayana wrote:
not going to bother with re-adding the attributions that Mayanana omits | The OP assumed DuckDuckGo was somehow | better than Google regarding tracking on what search results are click | on; however, they do the same thing as Google in using a redirection URL | for their links. No, they don't. I don't know how you got that idea. I got the idea because that is what happens there. When I do a search on "window air conditioner" and hover the mouse over the Walmart hit, the web browser's status window shows the link should go directly to the Walmart's site. However, the *real* URL at DuckDuckGo is: http://r.duckduckgo.com/l/?kh=-1&udd...r-conditioners Peculiar that you can't see that. If right-clicking on the Walmart hit doesn't show you that the link actually takes you to r.duckduckgo.com then use Fiddler to monitor your web traffic. Clear its display after getting the search results. Then click on the Walmart link in their results. Soon after hit F12 to stop Fiddler from tracking more traffic. Then look at Fiddler's log. You'll see that right after clicking the link that your web browser went to: host = r.duckduckgo.com URL = /l/?kh=-1&uddg=http%3A%2F%2Fwww.walmart.com%2Fc%2Fkp%2Fwin dow-air-conditioners That's where Fiddler shows your web browser connected. You do go to the Walmart site directly but DuckDuckGo is still tracking on what you click. |
#72
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| I got the idea because that is what happens there. When I do a search
| on "window air conditioner" and hover the mouse over the Walmart hit, | the web browser's status window shows the link should go directly to the | Walmart's site. However, the *real* URL at DuckDuckGo is: | | http://r.duckduckgo.com/l/?kh=-1&udd...r-conditioners | | Peculiar that you can't see that. There's an explanation he https://duck.co/help/results/rduckduckgocom They say it's part of their privacy function, which you can disable if you like in the settings... assuming you're allowing cookies and script so that such settings work. "r.duckduckgo.com" is in a .js file if the entire webpage is downloaded. The page gets dynamically written. I'm seeing a simplified version because I'm not enabling script. There's no way I know of for the redirect to happen without script because my browser interprets the link. The click does not go to DDG, of course. (If it could then URLs would be meaningless.) What I don't understand is why, if you're so concerned about privacy, you're enabling script by default. That's like watching nervously for burglars while leaving your front door open. If you disable script you should see the very clean and simple version of DDG, which still provides an option to proxy through their server, but the actual links just go exactly where they say they do. Fiddler sounded interesting but it seemed to malfunction. First, their webpage was a mess and I had to view it with no style. When I installed it told me I needed .Net 2. (Bad sign.) As it turns out I had to install .Net 2 for graphics, so that's OK. But apparently it's not a late enough version of .Net 2 for Fiddler. (I have no idea how that's possible. It seems that 2 should mean 2.) In any case, first it showed a .Net error involving a call to a non-existent method deep within that .Net muck, and then the program came up but didn't work. I think I've seen enough of Fiddler. There's no excuse for using .Net to write software. |
#73
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
Mayayana wrote:
| I got the idea because that is what happens there. When I do a search | on "window air conditioner" and hover the mouse over the Walmart hit, | the web browser's status window shows the link should go directly to the | Walmart's site. However, the *real* URL at DuckDuckGo is: | | http://r.duckduckgo.com/l/?kh=-1&udd...r-conditioners | | Peculiar that you can't see that. There's an explanation he https://duck.co/help/results/rduckduckgocom They say it's part of their privacy function, which you can disable if you like in the settings... assuming you're allowing cookies and script so that such settings work. Read it again. It claims they prevent use of the HTTP header Referer (yep, it's mispelled) from identifying you when clicking on their link to the target site. That does not eliminate the use of of the window object's title to carry that info but I doubt DDG is doing that if they are eradicating the Referer header. Of course, if that is of concern to you then you can not have your web browser use the Referer header. Just be aware that some sites don't like direct navigation to some of their web pages. Some of their web pages are supposed to be accessible only by one of their parent pages so they check in their child page if the Referer page was one of their parent pages, or they can use the window object's title to convey that info, or they can use cookies, or they can use local DOM storage on your computer. Blocking cookies is trivial but it can result in navigational problems at web sites. So use private mode and purging cookies on exit. Same for blocking the Referer header: configure your web browser not to include it but be aware some sites may malfunction. You assume DDG is not using an identifying title for their window object in your web browser that would identify your connection to the target site was from DDG. You can disable DOM storage in your web browser but that will also affect some web sites; for example, the crossword puzzle sites that I visit download a table of the answers to the puzzle to verify my entries as I make them instead of having to push the entry up to their server to check each one. I've hit other sites, mostly my favorites, that also require DOM storage be enabled. By purging this data on exit of the web browser, I eliminate tracking between surf sessions but not during them. "r.duckduckgo.com" is in a .js file if the entire webpage is downloaded. The page gets dynamically written. I'm seeing a simplified version because I'm not enabling script. There's no way I know of for the redirect to happen without script because my browser interprets the link. The click does not go to DDG, of course. (If it could then URLs would be meaningless.) Do you really believe that the prevalent majority of DDG visitors have scripting disabled in their web browser? They're led into trusting DDG to protect them so why would they be disabling scripting there? What I don't understand is why, if you're so concerned about privacy, you're enabling script by default. That's like watching nervously for burglars while leaving your front door open. I've used Firefox with NoScript. I ended up having to whitelist all my favorite/bookmark sites along with those I visit. So there was little point in using FF+NoScript. Way too many sites rely on scripts for them to render correctly that disabling scripting altogether would be a much worse bane than leaving it enabled. As I mentioned, I do NOT have scripting enabled when visiting unknown or untrusted sites. If you disable script you should see the very clean and simple version of DDG, which still provides an option to proxy through their server, but the actual links just go exactly where they say they do. Fiddler sounded interesting but it seemed to malfunction. First, their webpage was a mess and I had to view it with no style. When I installed it told me I needed .Net 2. (Bad sign.) Yeah, versus C runtime libs included or updated in Windows. I always smirk when someone thinks .Net Framework is so evil when all it is is another framework of libraries. If you don't trust .Net then you don't trust C runtimes which means the only programs you permit on your computer are written in assembly. There's no excuse for using .Net to write software. Then there is no excuse for using C runtimes, VB runtimes, various APIs in Windows, or anything except assembly to write software. Uh huh. Yet I bet you have several open source products on your computer. How about all those codecs (yep, code to encode and decode) on your computer from unknown sources used in front-end multimedia apps? Just more FUD about Net Framework. |
#74
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
| | Read it again. It claims they prevent use of the HTTP header Referer | (yep, it's mispelled) from identifying you when clicking on their link | to the target site. That does not eliminate the use of of the window | object's title to carry that info Sheesh. You make things so complicated. How in the world would the title string get sent to the target URL? It would have to be packaged, by script, in the link, or even more bizarre, sent as part of the GET request. That just doesn't make sense. Yes, I block referrers, and cookies, and script in Pale Moon. (I allow some script, frames and session cookies in Firefox for the rare cases where that's needed.) I don't find that I have trouble at most sites. Having a server reject my visit me because of no referrer is *very* uncommon. There are many cases where there's naturally no referrer. | Do you really believe that the prevalent majority of DDG visitors have | scripting disabled in their web browser? They're led into trusting DDG | to protect them so why would they be disabling scripting there? | You're probably right. Even people using DDG for privacy will probably, for the most part, fit the ostrich model of online caution: People who want better privacy and security, but only if they don't have to lift a finger to get it. Anyone who enables script routinely and thinks they're concerned about privacy or security is fooling themselves. But I don't see why you're so distrustful of DDG. "Led into trusting" sounds like you're accusing them of tricking people -- pretending to focus on privacy as a marketing tool to cover their spying! That sounds very farfetched to me. I expect that if DDG were anywhere near so nefarious then we would have heard about it. So it seems safe to assume that anyone using DDG is probably improving their online privacy at least a bit, even if they don't bother with any other efforts. (On the other hand, most of them are probably logged into gmail and facebook most of the time, being closely watched by a half dozen companies as they travel online, and thus getting little benefit from using DDG. Google and Facebook taken together will be recording just about anything a person writes or reads while online, if one uses those sites.) | I've used Firefox with NoScript. I ended up having to whitelist all my | favorite/bookmark sites along with those I visit. So there was little | point in using FF+NoScript. Way too many sites rely on scripts for them | to render correctly that disabling scripting altogether would be a much | worse bane than leaving it enabled. | You can also use it to disable script partially. For instance, I was at a site this AM that I used FF for, in order to allow remote images. As it turned out I didn't need to enable script, but even if I had I could have enabled only the local script and blocked the 3 others coming from remote sources. (Often one of the non-essential script sources is Google's ubiquitous analytics spyware and/or other ad/tracking companies.) | There's no excuse for using .Net to write software. | | Then there is no excuse for using C runtimes, VB runtimes, various APIs | in Windows, or anything except assembly to write software. Not at all. That's like saying if you don't want to eat McDonalds frankenfood then you have to hunt game or forage for grasses and berries. .Net is a massive wrapper designed for server-side, corporate software. It was designed to compete with java. Very little Windows software is written in .Net, so there's little reason to install it. Microsoft didn't pretend otherwise when .Net first came out: http://web.archive.org/web/201011121...eliverspr.mspx (They've removed the page from their own server.) ..Net was not meant for Windows software and is poorly suited to Windows software, just as Java is. ..Net is slow, very big and superfluous. If someone is writing actual Windows software in .Net there's a good chance they don't know what they're doing. It's not that it can't be done or that it's somehow risky. It's just a poor choice of tools. If you don't trust .Net then you don't trust C runtimes That makes no sense. First, it has nothing to do with trust. .Net is just a very high-level wrapper. People don't need to know what they're doing to throw together ..Net muck. Second, VC++ runtimes, which I assume is what you're talking about, are unrelated. (Though they've also become more bloated in recent iterations.) There's a difference between installing a few MB of support libraries for Microsoft's main programming tools and installing hundreds of MBs of libraries for an unnecessary VM. There's a great example of .Net muck in a program called LessMSIerables. It's a program to unpack MSI installer files. Microsoft provides a full API for that in msi.dll. The API is documented and also has a dispatch version for scripting. LessMSIerables is a ..Net program that uses Microsoft's Wix Windows Installer libraries. Wix is also a superfluous wrapper, around MSI itself. Something like 8 MB. So we're talking about a wrapper of hundreds of MB, to use another wrapper of 8 MB, to use the tiny msi.dll API that's pre-installed on all Windows PCs. LessMSIerables is OSS, but it contains very little code! That one small program requires dozens or hundreds of MB of dependency software to be installed, simply because the author either couldn't be bothered to do the job right or didn't know any better. Why would I want to install all of that unnecessary stuff if I don't need to? And why would I trust the .Net developer to be the one writing the best software, when there's a good chance they don't even have basic familiarity with the Win32 API? If someone needs to write quickie front-ends for corporate intranet applets then .Net is a good choice. That's what it was made for. Used for Windows software it belies probable ignorance and is unnecessary bloat. |
#75
|
|||
|
|||
Does a Duckduckgo privacy equivalent exist for DNS servers?
Mayayana wrote:
Sheesh. You make things so complicated. How in the world would the title string get sent to the target URL? It's a trick that I've used when cookies might be disabled. In one page you load, you can set the window object's title. Well, they call it the title but name might be a better attribute descriptor. This is not the title bar of the window but the name of the window object. Then when you load another page, it can check what is the window object's title. It's a sneaky trick during a web browser session to pass info to the next page you load that can then check the object's attribute value. Yep, I believe it requires Javascript. While you don't have scripting enabled for that site, I really doubt that is the modus operandi of the vast majority of those visiting DDG. As I recall (been awhile since I looked into this), the next web page has to be loaded inside the same window. That is, you replace the document rather than load a new one. It's the [window.]document.title property. The window parent object isn't really needed in the definition since it's the default object. Yes, I block referrers, and cookies, and script in Pale Moon. Referer blocking (omission) is possible by adding a site to the Trusted Sites security zone; however, I'm not whitelisting every site that I've put in my favorites list. It's been ages IE has blocked the Referer header in an HTTPS page whether or not insecure HTTP content is included: that is, for HTTPS pages, IE doesn't include the Referer header: https://support.microsoft.com/en-us/kb/178066. Considering later and more advanced local data caching (DOM storage), cookies and Referer are pretty trivial and ancient tracking methods. It's like worrying about stone chips used to repave a road possibly getting into your tire treads and working its way in to puncture your tire when straight ahead are tire spikes to ensure you'll get a flat. Referer when used within a site to control or monitor navigation within a site has purpose. The abuse of using it cross-domain is what worries most users looking to plug a pinhole when other methods of tracking are more effective, some of which you can't do anything about on your end. I configure IE to prompt on mixed content. I want to know when a site is mixing insecure content with secure content (anything insecure means the page really is insecure despite using HTTPS). Firefox with a deeply buried option (2 of them) lets me do the same but doesn't afford me a prompt to let me choose. I might visit my banks site and find it has mixed content but after checking I might determine it's okay so I have a prompt to which I can Yes to allow the insecure HTTP delivered content (and then send a complaint to my bank and/or their web author about the poor design of mixing secure and insecure content). In Firefox, no such prompt so you'd have to whitelist the site which would give it more permissions that I want to grant all at once. I only block (disable) scripting on-demand when visiting unknown or untrusted sites. If I'm trusting a site that I've visited often (but still want them in the Internet security zone to disable some unwanted behaviors) then I'm going to allow scripting there. This is no different than you using Firefox+NoScript and then whitelisting the good site by adding exceptions in NoScript. I've used NoScript. It can sometimes be a real pain in the ass to use. Most users leave DOM storage enabled in their web browsers. They don't know about the feature. It supplants cookies, window object title, Referer, using a shared database (one site records your visit in a database shared with other sites - so NOTHING you do in your web browser will prevent that tracking, not even disabling Javascript). After awhile of disabling DOM storage, I found too many sites that required it. Typically the web programmer doesn't even test if DOM storage is available and blindly starts assigning variables into DOM storage (which fails and you can see the errors). Then their other script fails because those variables are not defined (for those users that have disabled DOM storage). I eventually changed to enabled DOM storage but configure IE to purge it upon exit. The site can use it during a web session but not across web sessions. But I don't see why you're so distrustful of DDG. Not really distrustful. Just that users think DDG does nothing about gathering logistics for their own use: load balancing, load tracking, dead links, regional characteristics (geographical load), maintaining their site, and so on. The claim was DDG does not track. Yes, it does, but hopefully for their own purposes and without keeping anything identifiable of you (although I would think they would need the IP address for geolocation logistics but once tallied they could delete the IP info). Ixquick does tracking, too, for their own purposes. Of those two, I don't know if I'd go with DDG or Ixquick, but either affords some reduction of tracking of YOU, not what you did there. | There's no excuse for using .Net to write software. | | Then there is no excuse for using C runtimes, VB runtimes, various APIs | in Windows, or anything except assembly to write software. Not at all. That's like saying if you don't want to eat McDonalds frankenfood then you have to hunt game or forage for grasses and berries. .Net is a massive wrapper designed for server-side, corporate software. It was designed to compete with java. Really? Server-side. Nope. It's a local library. Java is also not running up on the server. Java applets get downloaded to your computer and they run locally. That's why you must install a local interpreter for Java. Perhaps you are confusing .Net with ASP. There are interfaces within .Net to use ASP but that's an interface you choose to use. You can use the web interface to build web-centric apps, yes. That's a small part of the framework. There have been a host of tools to perform a portion of the tools in .Net. Instead you get a framework to rolls them all together and as such will occupy more disk space for features you may never use. Of course, with all the other tools, you have to waste disk space installing them and rolling them into your project for distribution. .Net 4, I think, eats up 2 GB of disk space. Well, yes, the C runtimes are much smaller (25 MB) but not after you have to compile your own libraries to either roll into .exe or include as DLLs to add all the functions you have to build versus them already available in a programming framework. Just look at all the space you would have to consume to install a plethora of SDKs. https://en.wikipedia.org/wiki/.NET_Framework Do you really think someone writing a clock program (display a clock, replace the tray clock, etc) are bothering with the ASP interface in ..Net? Frameworks are not unique to Microsoft or Windows. https://en.wikipedia.org/wiki/Software_framework It is a pity that, as with C, VB, and other runtimes that Microsoft doesn't encompass the old version rather than require multiple versions be concurrently installed because some apps may not only require the old version but check if it is available and not run if not. A customized install of .Net where you get to pick what components you want to install would be greatly appreciated but of value only to programmers or those expert to know what parts of .Net an application actually uses. Something like the Office install where you can configure components to install on "first use". Rather than install the huge bloat of the entire .Net package, install only what is needed. However, just where would the rest of the .Net package come from if not installed when an app needed some other component of .Net? A web installer? Yuck. Digging through your discs to find the .Net installer CD? Oui vey. Perhaps a compressed archive to reduce disk consumption so it was already available when "first use" happened but it would still consume disk space ad infinitum for components you may never use but might. Of course, all the other runtimes consume more space than your apps will need of the functions contained therein. Disk waste is an incumbent artifact of all programs that don't bloat their .exe by carrying all functions within that file rather than carrying along DLLs or relying on system availibility of runtimes. You do realize, right, that programmers have long had to find free or payware libraries to include in their projects so they didn't have to reinvent the wheel or someone figured out something they can't or don't want to bother discovering anew. There are a huge number of libraries out there to include in projects. No, .Net isn't going to replace all of them but it sure covers a lot of features, so it's just another library that you (programmer or user) don't have to pay for. If someone is writing actual Windows software in .Net there's a good chance they don't know what they're doing. I've seen plenty of C, C++, VB, Python, Perl, and other code where that same lambast applies. Bad programmers can code badly in whatever language they use or whatever libraries are available to them. It's not that it can't be done or that it's somehow risky. It's just a poor choice of tools. There are still some programmers proficient in assembly. Not too many programs, especially end-user apps, are written using it. Too much time, too much debugging, too much reinventing the wheel, and only code execution speedup if carefully coded. That makes no sense. First, it has nothing to do with trust. .Net is just a very high-level wrapper. A wrapper to WHAT? It doesn't call on the C runtimes. So what are the runtimes that .Net requires in addition to its own installation? There's a difference between installing a few MB of support libraries for Microsoft's main programming tools and installing hundreds of MBs of libraries for an unnecessary VM. Same is true when you install VideoLAN's VLC, Irfanview, XnView, and a plethora of other video viewing or editing software. They will include a ton of codecs that you will never use but some users might. Of course, we are getting WAY off course here versus the original thread where DDG was merely mentioned as a model of privacy that the user was looking in DNS servers. So I think we should stop drilling farther off topic. I'll let a rebuttal from you but won't reply since this subthread is getting unrelated to the original topic. Been interesting, though. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|