-
therube
-
therube
how low will they go. only their hair dresser knows for shure.
-
therube
sure.
-
njsg
let me guess, for telemetry?
-
therube
not quite sure how/what FF downloads "by default", as in like how the stub downloader plays in, but from a page like:
-
therube
-
therube
sure enough you'll get a full installer, with a unique hash each time. now that's smart.
-
therube
this part - in the binary .exe will be different:
-
therube
__MOZCUSTOM__:campaign%3D%2528not%2Bset%2529%26content%3D%2528not%2Bset%2529%26dltoken%3D50fa1ecf-0f37-487e-8e24-b63ea7c8a077%26experiment%3D%2528not%2Bset%2529%26medium%3D%2528direct%2529%26source%3D%2528other%2529%26ua%3Dfirefox%26variation%3D%2528not%2Bset%2529
-
therube
& more specifically this:
-
therube
dltoken%3D50fa1ecf-0f37-487e-8e24-b63ea7c8a077
-
therube
presumably the digital certificates of the downloads are valid. & if one were to base "correctness" (validity) on that basis, & yet the hashes vary, i.e. the actual file content, to me, that is simply moronic.
-
therube
7-zip, while saying that the "archive" is correct, also says there is a checksum error:
-
therube
7-Zip 21.07 (x64) : Copyright (c) 1999-2021
-
therube
Scanning the drive for archives:
-
therube
1 file, 53527184 bytes (52 MiB)
-
therube
Testing archive: Firefox Setup 98.0.1.exe
-
therube
WARNINGS:
-
therube
Checksum error
-
therube
you MUST answer the default browser dialog (i.e., you cannot not answer, ESC, out of it)
-
therube
-
therube
"and privacy every time you browse."
-
therube
yep, we're attaching a GUID to your ass. that's private! well at least, most consider it a private part.
-
therube
hah! you cannot even close that window/dialog from the (Windows) taskbar. it does not close. (you have to actually answer or kill it.)
-
tomman
How do you generate unique .EXEs without tampering with the signature?
-
tomman
signing EXEs on the fly doesn't sound too viable for me
-
therube
and! and it also, during the install, automatically pinned itself to the Windows taskbar (or some such)
-
therube
what a crock-a-doodle-do!
-
tomman
the solution is obvious
-
therube
not to mention installing the "maintenance service"
-
tomman
let's raise Mozilla's CEO salary again!
-
therube
not to mention removing .ru search engines from itself (in the name of political correctness, i suppose)
-
therube
appear these id's are in the "header" part of the file, so outside of the purview of the digital signature, i suppose. but if something like that can be done, then could not "anything" i.e. malware just as well be put there, & if that is the case, just what is the point of this digital certificate?