Should i remove all the restrictions while using 'youtube data api v3' (https://console.cloud.google.com/apis/credentials) in development mode and then add restrictions when testing is done?
Is is possible to use localhost in some format, I'm not sure how a port will be specified in this case.
Is this safe to do so?
Related
Research On Firefox Extensions Connections
I have read the FAQ's on Firefox Extensions (https://addons.mozilla.org/en-us/faq) and have looked at their community forums for information but wasn't able to find anything on how extensions actually connect and collect your data.
The closest I found was the Mozilla Wiki page on data collection (https://wiki.mozilla.org/Firefox/Data_Collection) but it only gives you the basic opt in/out data collection levels.
What I'm trying to understand:
If I'm using a manually configured anonymous proxy in Firefox, could the extension potentially send my actual IP address (not my proxy IP address) back to a third party?
Example: Translate Extension
For example, if I were to use the Google Translate for Firefox, would Google be able to see my original IP?
What I was thinking
Since the proxy is the only way for the browser to connect to the internet, the extension would have to use the proxy IP address to connect and thus, would only be able to see the proxy IP address. However, I would love to be sure that there is no back door or way of the extension revealing my original IP.
Any insight is greatly appreciated. We are not doing anything unethical, we just have to maintain separate IP usage for various clients and do not want to risk mixing their information. Thanks again.
Firefox extensions are usually not limited in what they can do, only extensions based on the WebExtensions framework are sandboxed - currently the majority of Firefox extensions is still either classic XUL-based extensions or based on the Add-on SDK, these don't have inherent restrictions. So in theory an extension can do lots of things in order to deanonymize you, for example:
Use nsIDNSService in order to retrieve your local IP address (usually, this address isn't valid outside your local network however).
Change browser settings, in particular disable your configured proxy server.
Use external command line tools in order to read out system information or send a request bypassing the browser.
Read files on your hard drive in order to find your name.
Note that Chrome also offers an API to modify browser's proxy settings extensions, and a similar API is planned for WebExtensions. So even sandboxing doesn't always protect against deanonymization, and you need to trust the extensions you are installing.
However, the extensions hosted on Addons.Mozilla.Org are usually reviewed by Mozilla (the ones that aren't reviewed yet have a yellow install button and a warning). One aspect that the reviewers look into is: does this add-on do what it claims to do or are there unexpected side-effects? Any unexpected functionality has to be strictly opt-in, with full explanation about the implications. This was introduced in 2009 as the No Surprises policy and works remarkably well. Chrome Web Store doesn't have any comparable policy.
I have the following problem to solve:
I few months ago I startet a website where you can watch youtube videos which aren't available in your country. Everythings works fine but now I want to offer a new method where I route all the requests directly over my server. Therefore I will later use a custom DNS-Server. Right now I use the hosts file for testing but I have really no idea how i can identify the user. I can promp the user user to login on a website but I will that it works systemwide so if he use a youtube downloader for example it have to work there either and not only in the browser where I could use a session system with cookies. I want a solution where the user can identify himself once in a time like a website or something like this but how can my server detect if this is a user which is logged in or if he is not?
There are several ways that this could be accomplished with varying levels of difficulty.
standard proxy server over https. Your service could simply be a proxy server and then every "client" would update their browser to point to your proxy server. You could also simplify this by using a proxy PAC file (proxy auto config).
An anonomyzing interface. The end user would not be able to use their standard search tools etc, instead they would have to use a web page much like what google translate does.
A browser plugin. There are already firefox plugins which do something similar to this. They change the way that the browser resolves DNS. This may be the best bet for you but would require development work.
An actual install utility that you have your users install on their machines which update the dns servers.
In this documentation for InternetOpen, the MSDN says:
Use INTERNET_OPEN_TYPE_DIRECT if the system on which the application is running uses a direct connection to the Internet. ...
Use INTERNET_OPEN_TYPE_PROXY if the system on which the application is running uses one or more proxy servers to access the Internet.
INTERNET_OPEN_TYPE_PRECONFIG looks at the registry values ProxyEnable, ProxyServer, and ProxyOverride. ... If ProxyEnable is zero, the application uses INTERNET_OPEN_TYPE_DIRECT. Otherwise, the application uses INTERNET_OPEN_TYPE_PROXY and uses the ProxyServer and ProxyOverride information.
I interpreted this to mean that if you were writing an application where there's any possibility of the user being behind a proxy, you should use INTERNET_OPEN_TYPE_PRECONFIG, and Windows will automatically go for the "direct" option if the user isn't behind a proxy.
However, a number of users have run into problems with badly configured Windows installs, which have a bad proxy server configured for some reason. Because we use INTERNET_OPEN_TYPE_PRECONFIG, internet access doesn't work for those users. Some of them can resolve the bad configuration, but not all.
Is there any downside to just using INTERNET_OPEN_TYPE_DIRECT instead of _PRECONFIG? It sounds like we should use _PRECONFIG if we want to be a good citizen, but we can save ourselves and our users a lot of headaches if we just use _DIRECT instead.
We would like to setup a small Wifi access point where we provide free internet in and around our store, with store banner pop ups added to any web content they browse using this net connection. What do we need to do this? I am expecting some kind of C# solution, but I can live with Java too.
you could try CoovaAP. It provides support for dd-wrt routers, and it is fairly easy to use and configure. I'm using it successfully at home.
Most Wifi access points allow to control access with a Radius server on the backend. To add some additional content you might consider using deloradius in combination with CoovaChilli.
You can try Socifi - free public WiFi advertising and monetization platform.
www.Socifi.com
I have a website in which I want to be able to detect a certain user based upon a permanent attribute of a specific user.
My original plan was to use an ip address but those are difficult to maintain since they can change frequently.
Cookie's and Sessions are almost out of question because they expire and tend to be difficult to manipulate.
Basically what i want to be able to do is detect if the current client visiting the website is a special user without having to deal with logins / passwords. To use something more permanent.
The user agent plugin could work but then, if i ever upgrade firefox or whatever i would have to go in and manually update the user agent string.
I found this script: https://addons.mozilla.org/en-US/firefox/addon/6895 but it doesn't work for newest version of firefox 3. It would be a perfect solution because it sends special headers at specific websites.
Short of writing my own extension does anyone have ideas of what to do? Do i need an extension? Should i try to write my own?
You could generate a SSL client certificate, and have your users install it. From then on, their browser would identify them using their certificate.
HOWTO: Securing A Website With Client SSL Certificates
SSL and Certificats (IIS 6.0)