this is a great article, but I’m very uncomfortable with this line:
The importance of understanding Unicode extends beyond localization and diversity. Failing to understand Unicode may lead to vulnerabilities in your code.
when will we stop treating “localization and diversity” as less-important issues?
To me, “extends beyond X” doesn’t mean X is not important. The opener is conveying surprise, and for people unfamiliar, it probably will be surprising that Unicode misunderstandings could result in security vulnerabilities.
The best way to figure that out is probably to post a screenshot of the dashboard and a link to the site over at the support subreddit for umatrix. I don’t have umatrix installed on any browser on this machine, so I can’t look myself directly. But based on privacybadger’s status display, I’d bet it’s blocking something load bearing from ajax.googleapis.com rather than merely refusing to send a cookie there. (I find privacybadger, after a couple of days on a fresh system, blocks 99% of what I care about with much less fiddling, FWIW.)
Huh. Looks like they sell telemetry tools to site owners. Not, at least on the face of it, the kind of stuff that tracks you across different sites (though I didn’t look deeply enough to exclude that) but it’s easy to imagine a telemetry saas landing on a few blocklists.
This site has a white div over the content unless CSS is disabled. Awful.
Hmm seems to work fine for me.
this is a great article, but I’m very uncomfortable with this line:
when will we stop treating “localization and diversity” as less-important issues?
To me, “extends beyond X” doesn’t mean X is not important. The opener is conveying surprise, and for people unfamiliar, it probably will be surprising that Unicode misunderstandings could result in security vulnerabilities.
Does anyone know why uMatrix doesn’t like this site?
NextDNS blocks the domain name for me as it’s listed in https://github.com/StevenBlack/hosts.
The best way to figure that out is probably to post a screenshot of the dashboard and a link to the site over at the support subreddit for umatrix. I don’t have umatrix installed on any browser on this machine, so I can’t look myself directly. But based on privacybadger’s status display, I’d bet it’s blocking something load bearing from ajax.googleapis.com rather than merely refusing to send a cookie there. (I find privacybadger, after a couple of days on a fresh system, blocks 99% of what I care about with much less fiddling, FWIW.)
No it really has the whole site blocked by default
Huh. Looks like they sell telemetry tools to site owners. Not, at least on the face of it, the kind of stuff that tracks you across different sites (though I didn’t look deeply enough to exclude that) but it’s easy to imagine a telemetry saas landing on a few blocklists.