Uninstall to pay respects

Hudson Morales
Hudson Morales

https://forum.userstyles.org/discussion/53233/announcement-to-the-community?

Press Uninstall to pay respects

All urls found in this thread:
https://forum.userstyles.org/discussion/53233/announcement-to-the-community?
https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/
https://www.reddit.com/r/firefox/comments/5lwc0d/announcement_to_the_community_stylish/dbz9rya/
https://github.com/JackCDK/osprey
https://addons.mozilla.org/en-US/firefox/addon/stylrrr/?src=api
Cooper Roberts
Cooper Roberts

just fork it you dumb faggot

Tyler Peterson
Tyler Peterson

someone already has, this thread is for the people unaware that a very widely used addon is now literally sending all of your browsing activity to an ad company

Ayden Reyes
Ayden Reyes

I'll stay on version 2.0.7 until a better alternative comes along, considering how well it works on top of being GPLv3 there's little chance this will be a big deal.

What is an addon creator to do after reaching market saturation and seeing revenue from donations dry up? If they sell out completely like adblock did a competitor or fork will eat their user base. In this case their partnership with a data mining firm seems only to apply to people in the userstyles community and not the users of the addon.

Calling it malware is a bit of a stretch.

William Robinson
William Robinson

a tidbit from the linked thread:

I installed Stylish (v 1.6.3) from the Chrome store to investigate. I did not install any user styles. I went to the front page of Hacker News, and the Network tab in the dev tools of Stylish showed a POST to "https://api.userstyles.org/tic/stats" (I added a space in URL to prevent URL parsing). I randomly clicked on a link on the page and another POST was made to "api .userstyles.org". I manually entered the URL of the page here in a new tab and another POST was made to "api .userstyles.org".

I then looked at the data sent in the POST. It is a two-pass base64 encoded data, and the data sent is as follow:

vmt=1.6.3
lav=21
wv=1
gr=chrome
di=541
pxe=[a unique identifier reused for each page visited]
knl=https%3A%2F%2Fnews.ycombinator.com%2F
gp=http%3A%2F%2Fmattwarren.org%2F2016%2F12%2F12%2FResearch-papers-in-the-.NET-source%2F
ver=https%3A%2F%2Fnews.ycombinator.com%2F
st=1483716982098
ch=9

Notice the unique id (pxe) and the browsing data, i.e. the URLs navigated to (gp) and from (ver).

So yes, Stylish can now build a profile of your browsing history.

2.0.7 appears safe, as these requests do not occur.

Nolan Perry
Nolan Perry

thunder lol

Kevin Edwards
Kevin Edwards

Fucking kikes.

What's the fork called?

Mason James
Mason James

You should have addons updates disabled for Firefox < 49 anyway[1], update them manually.

btw this fucking site stopped working with NoScript since it was compromised/sold to kikes. Any alternatives? I'm mostly on IRC these days.

[1] https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/

[1]

Jeremiah Morris
Jeremiah Morris

NoScript since it was compromised/sold to kikes. Any alternatives?
uBlock Origin / uMatrix.

Julian Sanchez
Julian Sanchez

I regularly use this site with Dillo and with the Tor Browser Bundle with the security slider all the way up (which includes NoScript blocking everything). It works for me. What kind of problems are you having?

Logan Parker
Logan Parker

You're mostly a fucking retard who does not know what they're talking about and fucks up cause/effect.

Jordan Cooper
Jordan Cooper

echo 'user_pref("extensions.update.enabled", false);' >> ~/.mozilla/firefox/<PROFILE>/user.js

Disable extention updates. This will keep this this spyware at 2.0.7 for now.

Joseph Baker
Joseph Baker

Never used it, but it's terrible how much this shit is being shoved into software now days.

NoScript since it was compromised/sold to kikes
What the fuck are you talking about?

Nathaniel Robinson
Nathaniel Robinson

Or you can just turn off auto-updates for this extension specifically, under addons, and not be a total fucking retard who neglects updates.

James Gray
James Gray

You're right. It isn't NoScript, it's the referer. 8ch doesn't accepts posts without a referer. I was confusing it with 4chan. It's the only website I use which complains about this. See network.https.sendRefererHeader, network.http.sendSecureXSiteReferrer (sic), network.http.referer.spoofSource, network.http.referer.XOriginPolicy. It's one of those that breaks it.

I'm talking about 8ch.

Isaiah Smith
Isaiah Smith

It isn't NoScript, it's the referer. 8ch doesn't accepts posts without a referer. I was confusing it with 4chan.
You can post on 4chan without JS enabled, you just can't use the catalog which makes the faster boards unusable.

network.http.sendSecureXSiteReferrer
This is the one.

Christian Price
Christian Price

It's the only website I use which complains about this
Every video broadcasting website in existence breaks if you don't send real referers.

Jason Gomez
Jason Gomez

Hi Everyone,
My name is Natalie and I’m the new Product Manager of Stylish. I’m happy to join the conversation and get to know you all.
As if the advertiser newspeak and the fact that it's opt-out isn't warning enough, this bitch starts talking. If it's really to help the add-on, why do you have full-time staff to desperately defend your terrible decision?

Jackson Wood
Jackson Wood

product manager
We at stylish wish to give you the best user experience possible which is why we have hired full time staff to assure that your data will flow freely to us uninterrupted. Since this add-on is free to use, you are the product and she will manage you.

Matthew Adams
Matthew Adams

he double base64 encoded the data to prevent people from telling what was going on
This is the kind of situation that makes me wish I had a stash of good reaction faces

Ryan Smith
Ryan Smith

tfw you will never hate fuck Natalie, chain her in a basement and force her to use free, privacy respecting software for the rest of her captive life
Why even live?

Justin Turner
Justin Turner

mfw still using v1.5.2

Nicholas Stewart
Nicholas Stewart

Dillo
The OS?

Julian Young
Julian Young

Mozilla says this won't happen in firefox

https://www.reddit.com/r/firefox/comments/5lwc0d/announcement_to_the_community_stylish/dbz9rya/

Jace Gutierrez
Jace Gutierrez

Such as? I use mpv (youtube-dl) for everything. I know YouTube works in my browser though, I just prefer mpv as player.

Jackson Hill
Jackson Hill

No, the browser. I don't think there's any operating system called Dillo.

Thomas Cruz
Thomas Cruz

Distrowatch

Jordan Thomas
Jordan Thomas

So do I, but it doesn't work with obscure porn sites.

Jeremiah Flores
Jeremiah Flores

Use Inspect Element on the player frame and 9/10 you'll find the .mp4 link in seconds. You might have to allow some domains to go through if you're blocking them with ublock or request policy.

One quirk of disabling javascript and going through the source is seeing hidden messages becomes commonplace. Sometimes they're asking for job applicants.

Nicholas Nelson
Nicholas Nelson

Or you could update manually like a system administrator and not have to ask mozilla to stop raping your bandwidth.

Zachary Allen
Zachary Allen

just fork it you dumb faggot
oh shit the fork is compromised fork it

Never change, Holla Forums.

Elijah Powell
Elijah Powell

You should have addons updates disabled for Firefox < 49 anyway

tfw been using v24 for 3 years because of their bullshit in the updates

Gabriel Long
Gabriel Long

someone already made a fork stop complaining

https://github.com/JackCDK/osprey

Aiden Smith
Aiden Smith

chrome only

Easton Thompson
Easton Thompson

Read thread nigger

Wyatt Clark
Wyatt Clark

If they're going to do something like this, I don't want their plugin anymore, I'd rather use a fork.

Jeremiah Fisher
Jeremiah Fisher

The addon was used for garbage reasons anyway.

Ryder Perry
Ryder Perry

Using stylish
userContent.css is a thing. Only dumb niggers use that addon.

Adam Richardson
Adam Richardson

Man they have their head so far up their ass. What is this, product manager, "here at stylish, we..." IT'S A FUCKING BROWSER ADD-ON that let's you use themes, for fucks sake. How do they even have a team for that? It's something you make in a few weeks and then fix bugs once in a while with new browser versions.

Anthony Anderson
Anthony Anderson

You could use this:
https://addons.mozilla.org/en-US/firefox/addon/stylrrr/?src=api

Bentley Gonzalez
Bentley Gonzalez

Fork it yourself then. No one is going to bother maintaining a firefox fork when this isn't going to happen on firefox.

Austin King
Austin King

so it's just an extension that makes shittily made web 2.0 websites look less shit or normal websites more tacky?

don't people who use this shit claim they have nothing to hide?

Eli Stewart
Eli Stewart

It's an extension that lets you inject CSS on a per domain or specific URL basis.

I am vision impaired and use it here to change font and background colors so I can more easily read.
I also use it on streaming sites to remove other elements than the video div.

Evan Rodriguez
Evan Rodriguez

use it on streaming sites to remove other elements than the video div
Same

I also use it to remove stupid bullshit elements (like "WE USE COOKIES TO TRACK YOU CLOSING THIS MEANS YOU ACCEPT IT") that pop up in certain sites every time unless you enable cookies when you close it.

Brayden Martin
Brayden Martin

I am vision impaired and use it here to change font and background colors so I can more easily read.
Hell, my only "vision impairment" is nearsightedness and I still make heavy use of userstyles to reduce eyestrain on frequently visited sites. About the only one I'm missing is for the ticketing system at work.

Zachary Russell
Zachary Russell

I'm pretty sure there's some EU law that requires that to be visible so watch out if you're doing this in Europistan.

Andrew Hill
Andrew Hill

Welcome to open source. You have a choice.

The propietary alternative is to eat shit and have your privacy raped.

Jayden Collins
Jayden Collins

disabled cookies is bad. it leaves an identifier
enable cookies, then use something that makes non-whitelisted cookies self destruct, like Self-Destructing Cookies for firefox. if you do it like that, you both do not leave an additional identifier and don't have unwanted cookies, all while making dealing with cookies easier

Adrian Johnson
Adrian Johnson

Well then I guess you'd better arrest me officer

Jace Davis
Jace Davis

If you want to go down that path, you shouldn't customize your browser/computer at all or use any plugins, because there will always be some kind of "identifiers" for you.

Xavier Myers
Xavier Myers

just give up
I knew someone like you would reply. Like clockwork.

Jayden Reed
Jayden Reed

there is the no Resource URI leak add-on...
Isn't it similar to what the tor browser suggests?

Jaxson Long
Jaxson Long

You're the one telling people to give up.

Hunter Russell
Hunter Russell

a bit booty blasted, user? your post makes no sense

Disable AdBlock to view this page

Disable AdBlock to view this page