44

There are some features available to web sites that at least some people are thinking can pose a security and/or privacy risk but that are difficult to block. Examples include Cross-site scripting, Flash's Local Shared Objects (aka "Flash cookies"), Clickjacking and clear elements, and JSON security vulnerabilities. It would be nice if Konqueror provided ways to block these sorts of attacks (optionally), as well as a way to quickly respond to new vulnerabilities like these between KDE releases.

This might break a lot of AJAX based websites and confuse many unexperienced users

It could be disabled by default.

If Konqueror would come with features that would have the same function as Firefox' NoScript, RequestPolicy, BetterPrivacy add-ons and come with the optional TACO collection of opt-out cookies, it would be the most awesome browser out there IMHO!

That's all I'm missing in Konqueror!


(OK that, and Tor and Gnash working integrations in KDE4 ...but that's another story)

I've used Tor/Privoxy in all of KDE before... use Konqueror's proxy or the system settings proxy settings to point network stuff at Privoxy and you're done. O.o

And how's NoScript different to Settings --> Configure Konqueror... --> Java/Javascript --> Disable Java/Javascript globally and Exceptions? Is it just more convenient?

Madman wrote:I've used Tor/Privoxy in all of KDE before... use Konqueror's proxy or the system settings proxy settings to point network stuff at Privoxy and you're done. O.o

I just find TorK easier to use and more powerful, but thanks for the tip :]

And how's NoScript different to Settings --> Configure Konqueror... --> Java/Javascript --> Disable Java/Javascript globally and Exceptions? Is it just more convenient?

NoScript is maybe a bit more convenient, but I think geniuses at KDE could do something even more user friendly.

But the main concern is the lack of other privacy and security measures:

Cross-site scripting etc.:
A manager -- at least in the form as currently cookies and JavaScript is managed in Konqueror -- is needed in order to protect the user from such, very common, attacks of privacy and security.

Flash/"Super" cookies, LSO:
For starters, if the user was using proprietary Adobe Flash, Konqueror could warn him/her (on first start?) about the "super-cookies"/LSO and provide a link and instructions on how to turn them off as well as suggest a FOSS Flash plugin like Gnash or SwfDec. Later on a LSO manager (like e.g. BetterPrivacy in Firefox) would be desirable.

Opt-out cookies:
Some sites (like e.g. Google) have optional opt-out cookies, which are very hard to get by if you don't know they exist (and even then!). These cookies though tell the site that you do not want to be tracked and the company (supposedly) complies. TACO is a collection of about a hundred of such cookies and it would be great if just as with AdBlock, in Konqueror it would be possible to subscribe to a maintained list/collection of such cookies.

You can disable Flash from loading until you click "Start Plugin." That saves you from from pretty much all unwanted tracking.

Alec wrote:You can disable Flash from loading until you click "Start Plugin." That saves you from from pretty much all unwanted tracking.

Even if you want to see that Flash and do click on "Start Plugin"? If so, then it's awesome :]