Pages: [1]   Go Down

Author Topic: Lula tries a sneaky https connection? (wrong : automatic user remembering)  (Read 3306 times)

alain

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 465

Hi

I get a very annoying security message when coming to Lula.
It seems to make a sneaky https connection, but I don't find it inside the html (otherwise I would easely block it).

Why????  and how do I get rid off it easy (url or url-part if more).

EDIT : It was a strange error msg, but at Lula probably related to trying to remember a user/password combination on my browser. Strange that it is doing that on the normal website pages.
« Last Edit: November 11, 2010, 05:13:53 am by alain »
Logged

mguertin

  • Guest
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #1 on: November 11, 2010, 02:18:46 pm »

Hi

I get a very annoying security message when coming to Lula.
It seems to make a sneaky https connection, but I don't find it inside the html (otherwise I would easely block it).

Why????  and how do I get rid off it easy (url or url-part if more).

EDIT : It was a strange error msg, but at Lula probably related to trying to remember a user/password combination on my browser. Strange that it is doing that on the normal website pages.

Hi Alain

Can you give me more information on this?  What page were you loading and when exactly did this happen?

Thanks

Mark
Logged

alain

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 465
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #2 on: November 11, 2010, 03:26:30 pm »

Hi Alain

Can you give me more information on this?  What page were you loading and when exactly did this happen?

Thanks

Mark
What's new (and others).
It's a browser security setting on my side and probably lula contains user/password fields on all(?) pages.  The browser tries to fill it in and the security setting gives a warning (which was in my humble opinion related to https).  I had some previous sites that gave warnings and all did "strange" https requests.  Those where easy to block, but Lula was the first I didn't find a https request inside the source, I thought it was a sneaky "js-script thing".  Unneeded https is one off the ways the fingerprint and track users.

BTW The privacy problematic things like google and all "others" are blocked automagicaly by me. 
Logged

mguertin

  • Guest
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #3 on: November 11, 2010, 03:41:29 pm »

Aha, that clears things up.  It's probably picking up that each page on the site has a login area (that's hidden unless you click to show it) for contributor login -- at the top right corner of each page.  It's not https or anything sneaky or any nefarious javascript actions, it's just the place that site contributors log in to our system to post their articles in the like.  If you want to see the actual form fields to block them on your side click on the contributor login link and they will be displayed and you can block them from there.
Logged

alain

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 465
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #4 on: November 11, 2010, 03:56:30 pm »

Aha, that clears things up.  It's probably picking up that each page on the site has a login area (that's hidden unless you click to show it) for contributor login -- at the top right corner of each page.  It's not https or anything sneaky or any nefarious javascript actions, it's just the place that site contributors log in to our system to post their articles in the like.  If you want to see the actual form fields to block them on your side click on the contributor login link and they will be displayed and you can block them from there.

I see now.
Surprisingly it keeps my forum account.  Am I correct that all forum users are tracked on the site also (after the cookie is written)?
(I usually visit "what's new" first and then login on the forum.)
Logged

mguertin

  • Guest
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #5 on: November 11, 2010, 04:00:48 pm »

The authentication system is tied directly with the forums so it is correct in having your forum credentials in there.  Right now it's only of benefit to site contributors to log in, but in the near future it will be beneficial to all users to login to have extended functionality.  The forum cookies do track what you're read, your last visit, etc.
Logged

alain

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 465
Re: Lula tries a sneaky https connection? (wrong : automatic user remembering)
« Reply #6 on: November 11, 2010, 05:27:34 pm »

The authentication system is tied directly with the forums so it is correct in having your forum credentials in there.  Right now it's only of benefit to site contributors to log in, but in the near future it will be beneficial to all users to login to have extended functionality.  The forum cookies do track what you're read, your last visit, etc.

Ok thanks for the clarification.  (I know what's possible with local tracking and sessionbound tracking is very useful to improve a website, but avoid global trackingservices like the plague.)
Logged
Pages: [1]   Go Up