YSK - bypass paywall clean browser extension allows reading paywalled websites. works in android firefox too.

  • Lena@gregtech.eu
    link
    fedilink
    English
    arrow-up
    46
    arrow-down
    6
    ·
    3 months ago

    Why did they decide to host it on a random Russian git service lol

  • z3rOR0ne@lemmy.ml
    link
    fedilink
    English
    arrow-up
    15
    ·
    3 months ago

    Been using this for years. Followed them from Github to Gitlab to now GitFlic. There are ways you can get the filter list to work with Ublock Origin, but this extension is more consistent. Bless magnolia1234 for continually keeping this gem up to date.

  • 10x10@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    3
    ·
    3 months ago

    I was doing some investigating of various browser telemetry using android pcap log. I noticed that on any browser I install bypass paywall plus there is a call to gitflic.ru when viewing a page even when it’s not on the list of processed websites in the extension. I can’t tell the contents as it’s https. Considering this extension and developer have been around for a long time I’ve no reason to suspect the extension but I’m wondering why the connection? I doubt it’s checking for updates as it does it often when viewing any page. Any thoughts from anyone? I’m not trying to run down the app at all, I think it’s really good, just wondering why the connection.

    • rudyharrelson@lemmy.radio
      link
      fedilink
      English
      arrow-up
      13
      ·
      3 months ago

      I took a cursory glance through the source code (for the Firefox version, at least), and I’m not seeing any calls to the gitflic.ru URL outside of the update functions (there appear to be two different places where these might be triggered) and one function for importing custom sites:

      // Import custom sites from local/online
      function import_url_options(e, online) {
        let url = '/custom/sites_custom.json';
        if (online)
          url = 'https://gitflic.ru/project/magnolia1234/bpc_updates/blob/raw?file=sites_custom.json'  + '&rel=' + randomInt(100000);
        try {
          fetch(url)
          .then(response => {
            if (response.ok) {
              response.text().then(result => {
                import_json(result);
              })
            }
          });
        } catch (err) {
          console.log(err);
        }
      }
      

      I noticed in the manifest.json, there is the optional permissions array:

      "optional_permissions": [ "*://*/*" ],

      Which seems to grant the extension access to all URLs, so maybe that’s why the HTTP request is able to fire on any given website rather than just the ones explicitly defined in the regular permissions array. Though this is speculation on my part; I’ve only ever written one or two complex Firefox extensions. I’m not sure if the “optional permissions” array can be declined upon installation (or configured in the extension settings after installation); perhaps access to the wildcard URL can be revoked so that this update call isn’t occurring constantly.

      All looks okay to me, but this was a very quick audit.

    • 10x10@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      3 months ago

      Ok, it does look like it’s checking for list updates, just more often.l than I expected. I went into the settings and disabled as below and the calls stop. So all good!

      “check update opt-in Check for update of version (on startup and when opening options): check update enabled: NO”

      • 10x10@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 months ago

        Many thanks for checking this. When I used the following setting in the extension I didn’t see any further calls.

        “check update opt-in Check for update of version (on startup and when opening options): check update enabled: NO”

  • 3x3@lemy.lol
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    3 months ago

    Can I fork this in Microsoft’s GitHub without getting into trouble?