[arch-general] Firefox user data autofill doesn't work as before

Thu Mar 9 03:49:27 UTC 2017

On 03/08/2017 10:07 PM, Ralf Mardorf wrote:
> Ok I understand, https://aur.archlinux.org/login/ is an insecure web 
> site, since the issue mentioned by the OP happens with this login. 
> However, for my taste it's not a problem to select the user name,
> but this history problem is an issue for me, as well as the
> safebrowsing that gets added, even if you removed it. Some of many
> issues, that are reason for me to use other web browsers. Could you
> explain what's actually insecure with
> https://aur.archlinux.org/login/ ? It's a https page, not a http
> page.

I cannot, in fact, explain what is insecure about
https://aur.archlinux.org/login/ but this is probably because it works
perfectly for me...

You are dreaming. Please wake up.

> The history once upon a time worked as the history still works for 
> nearly any other browser. Fortunately there are other browsers we
> could chose and a lot of people migrated to other browsers. It's not
> an unrelated rant, since the OP dislikes two changes, I try to
> explain that many users discontinued using Firefox. By the pulseaudio
> thread I already mentioned other firefox based and firefox alike
> projects. That web browser developers go different ways in general is
> not only an issue for firefox, that's why there's vivaldi ;).

Yes, please let's answer the OP by telling him to find an alternative
browser. Thanks for clearing that up, I was *wondering* what your post
was getting at. :)

> However, in regards to security firefox would be the last browser I 
> would use. Java script settings were removed

Isn't that what NoScript is for? Sorry, I don't really understand this
tangential issue since I kind of like Javascript (at least in the sense
that I like pages looking the way they are supposed to, and the really
offensive sites I don't even visit anyway...)

Also, apparently Internet Explorer has moved up in the world! :p
(I assume you aren't just going to compare Firefox to the webkit-based
family of clones, this at least gets us three options to quibble over.)

> and since they by default anyway use google's safe browsing, users at
> least should consider to use the security advantages of chrome. Btw.
> for some tasks I'm still using firefox, but security isn't one of
> those tasks.

Well, clearly if Firefox uses Google's Phishing Protection[1] then that
proves Google Chrome is far more secure, so I guess that settles it.

Sorry for talking. And even more sorry for using such a clearly inferior
(from a security perspective) web browser.

But really, you should have said so in the first place, instead of
wasting our time discussing silly things like the "abstruse behaviour"
of the featureset of such an insecure browser.
.
/s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s
/s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s
/s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s /s

[1] Safe Browsing (since renamed to the far more accurate Phishing
Protection) has *nothing* to do with security[2].

[2] Certainly not for Firefox, anyway.

-- 
Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170308/1ba8a0ae/attachment.asc>