Would it be possible to have an option to automatically apply the default settings when updating the extension? I end up doing it manually every time since the option was added.
Osprey Browser Protection discussion and updates
- Thread starter Gandalf_The_Grey
- Start date
1. It depends. Most will, just for testing.
2. No. Your settings do not get replaced.
3. That exists with system policies. You can set default settings, lock the panel, remove buttons on the block page, and even hide the panel entirely.
No, that wouldn't be ideal. People's settings would keep getting reset. Not good.
One thing that I believe would make Osprey stand head-and-shoulders above the rest is the ability to block malicious iFrames without blocking the whole site. I don't maintain my own blocklist of malicious domains, and therefore have little use for whitelisting tools like NoScript. While ad blockers can occasionally catch malicious scripts, it would help up the ante against zero-day threats if Osprey's army of vendors could "clean up" the junk on legitimate sites, catching and blocking malvertising rather than either blocking the whole site (unchecking ignore frame navigation) or letting the malicious code through (default).
Osprey isn't an ad-blocker, necessarily. It's something I'll look into, but it seems quite niche. If a website is hosting malicious advertisements, you probably don't want to visit it in the first place. It would require a lot of structural changes, but I'll see. It also wouldn't be clear to users if a part of the website is blocked, which could break functionality and confuse end users, who might just think to disable their ad-blocker.
Osprey is a lean machine, it should stay as it is, just keep adding more vendors. Adding more functionality will just make it heavy, more website breakage and confusion for most users. You have worked very hard for the past 4 months, time to relax and enjoy your accomplishment.
It's not websites intentionally hosting malicious advertisements, it's legitimate sites that are compromised when malicious code is loaded through iFrames. I understand most drive-by downloads are delivered this way, since it makes more sense to compromise a popular site for immediate access to its organic traffic flow, providing a steady stream of potential victims without an attacker having to invest in audience acquisition for a brand-new site engineered to deliver malware. The Angler kit made headlines in 2016, when they planted drive-by downloads on the New York Times, BBC, AOL, and NFL in short order.
Malvertising isn't niche, it's one of the most common exploit methods. I know uBlock Origin includes a couple of blocklists that handle XSS, but they don't have as many eyes as Osprey. Since I know Osprey already recognizes iFrames, the ability for a multi-vendor collaborative tool to block malicious iFrames without a false positive on the host site could be earth-shattering.
P.S.: I am grateful to you for creating this tool, and want to stress that I don't at all think it's bad. But, since the question was asked as to how it could be improved, I think this functionality would improve it by an order of magnitude.
Last edited:
Microsoft's own Defender Browser Protection extension also blocks the entire page when malicious advertisements are detected instead of the individual elements. I'm unsure whether blocking individual elements would be the right approach or how it would work from a UI/UX perspective. I'll look into it, but I don't know if Osprey blocking elements is the right approach. It has high potential to break websites.
True. But, the way I see it, a website hosting malicious iFrames is already broken. That said, I know next to nothing about coding, and you'll know better than I whether or not it's feasible. Perhaps a disclaimer (may break site functionality) next to a checkbox in the context menu? Either way, thank you so much for your hard work.
@Foulest
since i received internally some complain from secdns security provider,
&
as soon i did not receive any answer from you, i feel you are just stealing the technology of other secdns provider, without any authorisation of them,
hope they will not condemn you, but this is like intelllectual proprety robbering, you need to have explicit authorisation from them in your extension for having the right to make it download by the users, because this :
06/02/2025 -> Osprey/.github/PRIVACY.md at main · Foulest/Osprey
What is important to know :
We users (150) need to know the affiliate links in details you work with on the mozilla extension in therms of visibility ...
your screen schot don't mention any affiliate links, you need to be true by what you are giving to the lambda users.
conclusion :
working directly with affiliate(s) by a contract, to earn commission from third party program you don't work with, mean that you are stealing there technology until you give to the user the contract between you and the affiliate links.
since i received internally some complain from secdns security provider,
&
as soon i did not receive any answer from you, i feel you are just stealing the technology of other secdns provider, without any authorisation of them,
hope they will not condemn you, but this is like intelllectual proprety robbering, you need to have explicit authorisation from them in your extension for having the right to make it download by the users, because this :
06/02/2025 -> Osprey/.github/PRIVACY.md at main · Foulest/Osprey
Affiliate Disclosure
Osprey may contain affiliate links to products or services. If you click on an affiliate link and make a purchase, we may receive a commission at no additional cost to you. This helps support the development of Osprey.What is important to know :
We users (150) need to know the affiliate links in details you work with on the mozilla extension in therms of visibility ...
your screen schot don't mention any affiliate links, you need to be true by what you are giving to the lambda users.
conclusion :
working directly with affiliate(s) by a contract, to earn commission from third party program you don't work with, mean that you are stealing there technology until you give to the user the contract between you and the affiliate links.
Affiliates only apply to official partners, whom I have authority from. Only official partners have affiliate links.
Which provider have you received complaints from? I have written approval from almost all of them.
whait, does those partner are your ONLY official affiliate ? (Osprey/README.md at main · Foulest/Osprey)
if no, tell us who are ALL your officials partner (wich affiliate is the same term) ...
If yes, why you have this kind of situation on you 1.3.4 version (last one as today) without any modification ?
Official Partners =/= affiliates. Yes, the providers in the Official Partner section and providers marked with stars are the only ones with clickable affiliate links.whait, does those partner are your ONLY official affiliate ? (Osprey/README.md at main · Foulest/Osprey)
if no, tell us who are ALL your officials partner (wich affiliate is the same term) ...
If yes, why you have this kind of situation on you 1.3.4 version (last one as today) without any modification ?
View attachment 289935
I have absolutely no idea what you mean by the last remark.
@Fan-of-spyshelter Don't take this the wrong way, but you're always arguing in various threads. Now you're here in the Osprey Browser Protection discussion and updates thread accusing the developer of stealing technology from another secdns provider. Yesterday, there was another thread on OmniDefender in this post here #32 "saying that you have proof that this OsirisXD is a real scammer." What are you trying to achieve with these statements? If you have evidence, please contact @Jack or a moderator via PM. It's not cool to post publicly without evidence. I don't want to make enemies with anyone, please don't take my point of view the wrong way. I just think you should think carefully before posting and make sure that what you are writing is the absolute truth.
I just want to know which provider he heard complaints from, if they even exist.
so you have 4 official partner ok,
but for my last remark it's verry suspicious that you don't have any ON button from Control D, you need to remove this LOGO, if you have no authorisation from them...
or prove it you have one contract with them. (where is the api key ? ) show us this one by enabling by default for your next version 1.3.5 or something like that
also i warn your contributor to not add the others security provider you give to them cause this :
06/02/2025 -> Osprey/.github/PRIVACY.md at main · Foulest/Osprey
User Liability
Some providers may require a valid license or API key. Although those options might be enabled by default, if you enable any integration, you must ensure you have the right to do so. Osprey makes no guarantee that enabling an integration complies with the provider's Terms of Service. Any legal, financial, or technical issues arising from unauthorized use, such as service suspension, inaccurate threat data, or TOS violations, are solely your responsibility. Osprey is provided "as-is." We are not liable for interruptions, errors, or claims resulting from unauthorized API calls. Use third-party services at your own risk. You agree to hold Osprey and its maintainers harmless from any claims, damages, or costs related to enabling or using integrations you are not licensed to use.the red mark is for you @Foulest
Last edited:
@Foulest Don't listen to those people.
That one really made me laugh. I'm sitting here, and that one was funny.
I must give this extension a go this weekend 
Let me know your thoughts! Trying to grow as much as possible.I must give this extension a go this weekend
You may also like...
-
-
Osprey Browser Protection Reviews- Started by Shadowra
- Replies: 86
-
-
[Extension] Symantec browser protection(Symantec intelligence)
- Started by Vitali Ortzi
- Replies: 35
