X (formerly Twitter) doubles down on harvesting user data

[Governor]

I used to be able to access x.com, but this changed a few weeks ago.
This is what I get now.
First I get this warning from the noscript plugin:

Censoship on x.com-1.png (154.49 KiB) Viewed 1425 times

When I choose "Load anonymously", I get this:

Censoship on x.com-2.png (183.23 KiB) Viewed 1425 times

Elon Musk is not a "good guy". Remember, he wants to put chips in our brains.

[geo_c]

hmmm......

That's an interesting message.

How does it know that gab.com will aquire info from a logged in X user? Perhaps gab.com has a script operating in your browser.

[darksun]

could be a false positive or an overly-too-cautious behavior of the noscript plug-in.

Not directly linked to x.com but also to many other websites that have configuration that triggers this noscript privacy-focus feature.

A simple google search would give you other reported scenarios.

example with explanation: https://security.stackexchange.com/ques ... arns-about

or search

Cross-tab identity leak protection

[Governor]

could be a false positive or an overly-too-cautious behavior of the noscript plug-in.

Not directly linked to x.com but also to many other websites that have configuration that triggers this noscript privacy-focus feature.

A simple google search would give you other reported scenarios.

example with explanation: https://security.stackexchange.com/ques ... arns-about

or search

Cross-tab identity leak protection

Great info. Thanks.
IDK if it is a false positive, but I got the direct message from x.com advising me to turn off "privacy related extensions". No chance of that happening (me turning them off).

[mouldy]

Elon Musk is not a "good guy" in this shit show. Remember, he wants to put chips in our brains.

Must be those worshipping at the altar of capitalism that think the capitalist priest class is honorable and actually gives a damn about the peon class. For the uninitiated, ANYBODY that somehow amasses mega wealth far beyond the dreams of mere mortal joe and jane lunchbox (and many smaller nation states) is NOT a good guy. You dont get richer than god being a good guy.

Which begs the question why people vote for wealthy politicians with idea somehow they will make life better for the little guy. Hint: they wont. They look after their own and try to push the burden of funding the govt off onto the little guy. Maybe try to get the little guy to SUBSIDIZE the wealthy and laugh all the way to the bank over their little joke. Their actual mantra, "Privatize the profits, socialize the expenses/losses"

[rockedge]

Maybe try to get the little guy to SUBSIDIZE the wealthy and laugh all the way to the bank over their little joke. Their actual mantra, "Privatize the profits, socialize the expenses/losses"

When some people I know try to convince me that there are those billionaires that identify with the middle class working people and are looking out for them I usually reply with "huh, still looking for the trickle down effect and/or Voodoo economics boosts" and how the billionaires need more breaks to "invest" and be "job creators"

And by gauging how the "middle" gets treated you can imagine how it's going to be for the working poor or lower.

[williwaw]

You dont get richer than god being a good guy.

yes, It's a basic premise of most traditional faiths.

@Governor

I got the direct message from x.com advising me to turn off "privacy related extensions". No chance of that happening.

But what if it is one of your other "privacy" addons that enabled the cross-site exchange of information?
The link darksun posted above seems informative. Do you get the same message from X.com when you type https://x.com/ into the addressbar of a freshly opened browser instance?
Or only when you click on a link to x.com when logged into gab.com?

you can imagine how it's going to be for the working poor or lower.

you can find good info under "Animal Husbandry" at the library if you wish to optomize milk production.

[Governor]

I got the direct message from x.com advising me to turn off "privacy related extensions". No chance of that happening.

But what if it is one of your other "privacy" addons that enabled the cross-site exchange of information?

The link darksun posted above seems informative. Do you get the same message from X.com when you type https://x.com/ into the addressbar of a freshly opened browser instance?
Or only when you click on a link to x.com when logged into gab.com?
---------
I don't need to be logged in anyplace to get the message when going to x.com from there

I deleted Firefox Cookies, Cache, Service Workers, Local Storage, and IndexedDB and tried opening a link to x.com from from another site.
The noscript message seems to be consistent. But I still don't know if any other plugins could be involved.

No cookies or cache, x.com from another site.png (150.44 KiB) Viewed 1300 times

Here is one from forum.puppylinux.com (when going to x.com from there).

Censoship on x.com-3.png (150.06 KiB) Viewed 1300 times

There are third party programs in use on forum.puppylinux.com, could they be triggering the response?
googleapis.com, gstatic.com, jsdelivr.net, bootstrapcdn.com, fastly.net

[Governor]

hmmm......

That's an interesting message.

How does it know that gab.com will aquire info from a logged in X user? Perhaps gab.com has a script operating in your browser.

The same noscript message appears on the sites I have tried so far. See:
https://www.forum.puppylinux.com/viewto ... 85#p126685

[Governor]

could be a false positive or an overly-too-cautious behavior of the noscript plug-in.

Not directly linked to x.com but also to many other websites that have configuration that triggers this noscript privacy-focus feature.

A simple google search would give you other reported scenarios.

example with explanation: https://security.stackexchange.com/ques ... arns-about

or search

Cross-tab identity leak protection

According to my Firefox security plugins, when accessing puppylinux.com, info is being passed on to the following sites:

Code: Select all

youtube.com
yting.com
fonts.googleapis.com
doubleclick.net
jnn-pa.googleapis.com
google.com
bootstrapcdn.com
ajax.googleapis.com
jsdelivr.net
gstatic.com
ggpht.com
play.google.com
postimage.cc
rockedge.com
fonts.gstatic.com
jsdelivr.map.fastly.net
cdn.jsdelivr.net
maxcdn.bootstrapcdn.com

[williwaw]

add those sites to /etc/hosts and see what happens

I installed a firefox plugin that showed all the different sites that were pinged when you loaded a page. Some of the media site pages contacted hundreds of servers.

I removed that addon, just didnt like knowing. :lol:

[Governor]

add those sites to /etc/hosts and see what happens

I installed a firefox plugin that showed all the different sites that were pinged when you loaded a page. Some of the media site pages contacted hundreds of servers.

I removed that addon, just didnt like knowing.

I understand. I think the majority of people probably feel like that. Personally, I just can't do the "ignorance is bliss" thing anymore.

I tried adding gstatic.com to the hosts file and over half the sites I visited wouldn't work. If anyone is not scared of the power google has, they probably ought to be.

Cheers!

[geo_c]

I reinstalled NoScript. I had used it in the past.

I'm able to check the box in the firefox settings (I'm using LibreWolf) that says 'Limit cross-origin referrers,' under the LibreWolf section, but that opton may only be configured in LibreWolf.

You can probably change that setting using about:config if you don't have a box for it.

There are a lot of options in NoScript. I don't ever click on X.com links, or most messaging apps pages. They are generally just too intrusive.

However I tried it from a metager search, had to turn on javascript to get anything, but the login page came up without the warning.

I could screenshot all the NoScript settings, but it's complicated, like an abusive relationship, one is always questioning reality.

[Governor]

I reinstalled NoScript. I had used it in the past.

I'm able to check the box in the firefox settings (I'm using LibreWolf) that says 'Limit cross-origin referrers,' under the LibreWolf section, but that opton may only be configured in LibreWolf.

You can probably change that setting using about:config if you don't have a box for it.

There are a lot of options in NoScript. I don't ever click on X.com links, or most messaging apps pages. They are generally just too intrusive.

However I tried it from a metager search, had to turn on javascript to get anything, but the login page came up without the warning.

I could screenshot all the NoScript settings, but it's complicated, like an abusive relationship, one is always questioning reality.

Sure, I would like to see the screenshot if it is not too much trouble.
Thanks!

[geo_c]

Okay, I'll show you my settings, though the defaults are pretty restrictive. Basically an untrusted site has nothing checked, and the default I bounce around between enabling scripts and fonts. My monitor is big so you should enlarge the images by clicking the image linking to the postimg.cc site.

I used NoScript last night so I have a long list of untrusted sites. I like this extension. It's really informative.

Searching x.com with metager:

X opens from metager, no warning. I have the LibreWolf block cross-origin referrers checked:

long list of untrusted sites, mostly just the origin sites are trusted, maybe an img support site or two. Notice I don't even have metager in that list, it's running on the default setting:

Here are the Advanced settings with 'Sanitize cross site suspicious requests checked:

Here are the Trusted settings:

Here are the Default settings, in this shot I have unrestricted CSS enable to use color changer extension, but you can toggle that how you like:

And like I said, the Untrusted site settings have absolutely no boxes checked.
Hope that helps.

[williwaw]

I just can't do the "ignorance is bliss" thing anymore.

either can I, I just changed my ways and reinstall a new, out of the box, unconfigured vanilla browser instance before opening every page.

everything you do from the first click makes you more unique.
every "privacy" addon you add makes you more unique

maybe I should configure DHCP to find me a new IP each time I launch a reinstall?

[jp734]

I'm liking how the duckduckgo browser protects your privacy. Unfortunately, it's not available for Linux but I have it installed on my android phone and loving it. It will even show you how many it blocks every time you browse. I'm not a coder but maybe someone can create a DDG browser for linux?

[Governor]

Okay, I'll show you my settings, though the defaults are pretty restrictive. Basically an untrusted site has nothing checked, and the default I bounce around between enabling scripts and fonts. My monitor is big so you should enlarge the images by clicking the image linking to the postimg.cc site.

I used NoScript last night so I have a long list of untrusted sites. I like this extension. It's really informative.

Searching x.com with metager:

X opens from metager, no warning. I have the LibreWolf block cross-origin referrers checked:

long list of untrusted sites, mostly just the origin sites are trusted, maybe an img support site or two. Notice I don't even have metager in that list, it's running on the default setting:

Here are the Advanced settings with 'Sanitize cross site suspicious requests checked:

Here are the Trusted settings:

Here are the Default settings, in this shot I have unrestricted CSS enable to use color changer extension, but you can toggle that how you like:

And like I said, the Untrusted site settings have absolutely no boxes checked.
Hope that helps.

Yes, this helps. Thanks for posting.
I went to my forum.puppylinux: Board index User Control Panel Board preferences Edit display options
and temporarily set display option to one post per page. After that, I could download your entire post by itself, including all images in one html file with the post title as filename.

I used the "SingleFile" addon for Firefox. It uses the data URI Scheme which provides a way to include data in-line in web pages instead of using external resources. In case anyone is interested, see here:

I changed a few noscript settings and I am no longer getting the noscript warning message when I go to x.com. Also the x.com warning has not shown up. I did not do a scientific analysis so I am not sure which setting is involved, but it seems safe to conclude that one of the settings is implicated in triggering the message. Nonetheless, it is illuminating to know that x.com is blocking browsers with certain privacy configuration feature(s).

EDIT: The x.com warning is back.

After deleting cache and cookies, i typed in x.com in the address bar, this text appeared in the address bar along with the usual warning message that privacy [ Some privacy related extensions may cause issues on x.com. Please disable them and try again.]:
https://x.com/?mx=2&failedScript=vendor

On subsequent attempts to access x.com from the address bar, this text appeared in the address bar along with the usual warning message that privacy [ Some privacy related extensions may cause issues on x.com. Please disable them and try again.]:
https://x.com/?failedScript=polyfills

[darksun]

@jp734

if you are looking for a privacy & security focused web browser for linux I advice you to try this

https://mullvad.net/en/download/browser/linux

that page also contains a description of the software' features and scope

[Governor]

@jp734

if you are looking for a privacy & security focused web browser for linux I advice you to try this

https://mullvad.net/en/download/browser/linux

that page also contains a description of the software' features and scope

Interesting. I downloaded the package file, but could get no further. I could find no real instructions, only a very brief instruction that didn't work.

<SIGH>
I don't understand why nearly every undertaking have to be such a struggle, or why can't they just make a downloadable program that works OOTB.

Code: Select all

echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/mullvad.list
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory
deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] https://repository.mullvad.net/deb/stable bookworm main

[geo_c]

EDIT: The x.com warning is back.

After deleting cache and cookies, i typed in x.com in the address bar, this text appeared in the address bar along with the usual warning message that privacy [ Some privacy related extensions may cause issues on x.com. Please disable them and try again.]:
https://x.com/?mx=2&failedScript=vendor

On subsequent attempts to access x.com from the address bar, this text appeared in the address bar along with the usual warning message that privacy [ Some privacy related extensions may cause issues on x.com. Please disable them and try again.]:
https://x.com/?failedScript=polyfills

My guess is that NoScript drops cookies in your profile, and maybe when you delete the cache you lose some of the settings. And since you have a failed script message from x.com, you might need to enable scripts in order for it to work.

EDIT: On second thought, my LibreWolf deletes the cache and cookies evertime I shut it down, so maybe that's not relevant.

[darksun]

@jp734

if you are looking for a privacy & security focused web browser for linux I advice you to try this

https://mullvad.net/en/download/browser/linux

that page also contains a description of the software' features and scope

Interesting. I downloaded the package file, but could get no further. I could find no real instructions, only a very brief instruction that didn't work.

<SIGH>
I don't understand why nearly every undertaking have to be such a struggle, or why can't they just make a downloadable program that works OOTB.

Code: Select all

echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/mullvad.list
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory
deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] https://repository.mullvad.net/deb/stable bookworm main

@Governor

I have installed that software many times and never have had issues.

- What OS are you using?

- please also post here the output of

Code: Select all

lsb_release -cs ; whereis lsb_release

[williwaw]

<SIGH>
I don't understand why nearly every undertaking have to be such a struggle, or why can't they just make a downloadable program that works OOTB.

they are supplying a browser that most users would like to download in a secure envrionment.
did you try the commands in a fresh savefile to rule out misconfigurations?

EDIT: The x.com warning is back.

did you delete the addons that the error messages said were causing the issue and try again?

[jp734]

@jp734

I have installed that software many times and never have had issues.

- What OS are you using?

- please also post here the output of

Code: Select all

lsb_release -cs ; whereis lsb_release

I have it installed.on my phone but have never tried installing on my linux PCs. Can you install it on Linux? I never thought you could. If I can, Ill be happy to do it.

But i think you meant to ask @Governor about the link you provided

[darksun]

@jp734

I have installed that software many times and never have had issues.

- What OS are you using?

- please also post here the output of

Code: Select all

lsb_release -cs ; whereis lsb_release

I have it installed.on my phone but have never tried installing on my linux PCs. Can you install it on Linux? I never thought you could. If I can, Ill be happy to do it.

But i think you meant to ask @Governor about the link you provided

Oh yes sorry I meant my message to be for Governor

Mullvad web browser is not available for mobile phones but for Windows Linux and macOS as of today.

[Governor]

@jp734

I have installed that software many times and never have had issues.

- What OS are you using?

- please also post here the output of

Code: Select all

lsb_release -cs ; whereis lsb_release

I have it installed.on my phone but have never tried installing on my linux PCs. Can you install it on Linux? I never thought you could. If I can, Ill be happy to do it.

But i think you meant to ask @Governor about the link you provided

Oh yes sorry I meant my message to be for Governor

Mullvad web browser is not available for mobile phones but for Windows Linux and macOS as of today.

Here it is:

Code: Select all

• PUPMODE=13
 • PDEV1='nvme0n1p2'
 • DEV1FS='ext3'
 • PUPSFS='nvme0n1p2,ext3,/Bookworm64_10.0.6/puppy_dpupbw64_10.0.6.sfs'
 • PUPSAVE='nvme0n1p2,ext3,/Bookworm64_10.0.6/dpupbw64save-2024-06-25-basic-02'
 • PMEDIA='ataflash'
 

Code: Select all

# lsb_release -cs
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory
No LSB modules are available.
bookworm
# whereis lsb_release
lsb_release: /usr/bin/lsb_release
# 

[Governor]

<SIGH>
I don't understand why nearly every undertaking have to be such a struggle, or why can't they just make a downloadable program that works OOTB.

they are supplying a browser that most users would like to download in a secure envrionment.
did you try the commands in a fresh savefile to rule out misconfigurations?

EDIT: The x.com warning is back.

did you delete the addons that the error messages said were causing the issue and try again?

The message on x.com does not specify any addons, it says this:
⚠️ Some privacy related extensions may cause issues on x.com. Please disable them and try again.

I am not about to begin disabling privacy addons because they interfere with a site tracking me!

[darksun]

Code: Select all

# lsb_release -cs
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory
No LSB modules are available.
bookworm
# whereis lsb_release
lsb_release: /usr/bin/lsb_release
# 

have you tried to look that warning up using a web search engine such as google? It seems like you might have an issue with your locales and there are possible solutions online.

Is that warning truncating the mullwad web browser installation process listed here https://mullvad.net/en/download/browser/linux or you yourself have stopped after having seen that warning?

please post the output of

apt update && apt install mullvad-browser

[williwaw]

I am not about to begin disabling privacy addons because they interfere with a site tracking me!

did you configure no-script for that site?
https://noscript.net/usage/#persite-preferences-editor

[Chelsea80]

@Governor

I don't know anything about this, so this might help or not.

What does this mean?

# lsb_release -cs
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory
No LSB modules are available.
bookworm
# whereis lsb_release
lsb_release: /usr/bin/lsb_release
#

Answer:

This output provides information about the Linux system you're using. Let's break it down:

The command lsb_release -cs was executed:
This command is used to display the codename of the current Linux distribution.
The output "bookworm" indicates that you're running Debian 12 (codenamed Bookworm).
There's a warning message:

text
/bin/lsb_release: line 8: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8): No such file or directory

This suggests there might be an issue with the system's locale settings.
The message "No LSB modules are available." indicates that the Linux Standard Base modules are not installed or not found on your system.
The whereis lsb_release command was then executed:
This command locates the binary, source, and manual page files for a command.
The output shows that lsb_release is located at /usr/bin/lsb_release.

In summary, you're running Debian 12 (Bookworm), but there might be some issues with locale settings and LSB modules. The lsb_release command is located in the /usr/bin directory, which is standard for user commands.