Forum Discussion
Top Feedback Summary for December 1
Hi, There was no mention of the "open in new tab" issues.
Currently the website is able to block both right click and Ctrl click, and sites such as MSN abuse this issue to make life difficult for anyone clicking on an advertising link.
I can't see any reason for the website to be able override the user's explicit intention.
- HotCakeXDec 03, 2020MVPSpoiler
BedfordTim wrote:Hi, There was no mention of the "open in new tab" issues.
Currently the website is able to block both right click and Ctrl click, and sites such as MSN abuse this issue to make life difficult for anyone clicking on an advertising link.
I can't see any reason for the website to be able override the user's explicit intention.
Hi,
I think that's a grey area, to decide which party has the right to control the experience.
users have the right to use their browsers and website developers have the right to setup their website and user experience however they want.
anyway, there are extensions to fix this for now until they make it built in or something
- TimIronsDec 04, 2020Brass Contributor
Thanks for the extension. At least it proves I am not alone in seeking out a fix.
The real danger is that when combined with breaking the back button, a user can be trapped and lose access to earlier sites in the chain. Remember many users are not able to use the browsers history. There needs to be a very strong case for anything that results in an outcome the user did not expect or, even worse, wanted to avoid.
- HotCakeXDec 04, 2020MVP
TimIrons wrote:Thanks for the extension. At least it proves I am not alone in seeking out a fix.
The real danger is that when combined with breaking the back button, a user can be trapped and lose access to earlier sites in the chain. Remember many users are not able to use the browsers history. There needs to be a very strong case for anything that results in an outcome the user did not expect or, even worse, wanted to avoid.
Why many users are not able to use browsers' history?
breaking the back button how?
I personally use ublock origin + tracking prevention set to strict in Edge (whitelisted some domains like Microsoft domains, Twitter etc.)
you can also use extensions like NoScript to stop websites from doing anything malicious.
There is uMatrix too
- While NoScript's main point is script blocking, it has many "extra" security features (some hidden), such as XSS filter, ABE, ClearClick, inclusion type checking, etc.
- µMatrix is useful for easy per-site permissions as well as some generic content-type filtering (the latter being partially defense-in-depth with NoScript). For example I use it to restrict which sites can load content from "generic" CDNs such as cloudfront.net. However, µMatrix does not have fine-grained blocking (it is an "Internet firewall" acting only on domains).
- uBlock Origin is useful largely for privacy protection & the like (µMatrix is cumbersome for that, and NoScript is a security tool not a privacy tool). It's also the best way to really fine-tune the other add-ons' permissions.
so
- uBO alone doesn't protect against first-party attacks or special attacks like XSS/CSRF (maybe clickjacking to some extent, by blocking frames; not comprehensive)
- NoScript alone doesn't give privacy-oriented control such as site-specific permissions (unless you want to spend a lot of time with ABE)
- uMatrix alone doesn't provide surrogates (or similar), or protocol-specific whitelisting (ie HTTPS only), nor can it block scripts in some special cases like data: URIs, and it will miss some special attacks like tabnapping.
- NoScript + uBO could cover everything, but the interface for third-party requests in uBO is less advanced than uMatrix.
- uBO + uMatrix covers most things, just not some special cases.
- NoScript + uMatrix is comprehensive, but will have a lot of double-handling unless you use something like cascading permissions.
for maximum protection and worry-free browsing, use all 3 of them + tracking prevention in Edge.they all support import/export for configurations so you only have to configure them once