ThunderBrowse -- browse the web page within Email client

[Lu Wei]

I know Seamonkey has an integrated environment, yet apart from Seamonkey, Thunderbird has the core to render a web page too; but it is disabled by default. ThunderBrowse is an add-on to restore this functionality. I played with it for some time and it seems stable with my occasional usage.

1, Download the add-on from here, do not install directly:
https://addons.thunderbird.net/en-US/thunderbird/addon/thunderbrowse/

2, Open the downloaded xpi file with any zip extractor (7z recommended), edit the install.rdf file with a text editor, find the part:
<em:targetApplication>
<!-- Thunderbird -->
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>52.*</em:maxVersion>
</Description>
</em:targetApplication>
Modify the maxVersion to 52.* as above, save and repack into xpi.

3, Install the add-on.

4, The options you made with the add-on will not save due to unknown bugs. So some prefs should be added manually to prefs.js:
user_pref("extensions.tbrowse.ctrlclk", 2); //control+click to open in external browser
user_pref("extensions.tbrowse.middletabs", true); //Open a new tab on middleclick
user_pref("extensions.tbrowse.tabsCloseFX", true); //Tabs close like FX
user_pref("extensions.tbrowse.tabtype", 1); //tab system, use TB3
And other prefs according to your needs. Compare the options and about:config items and the meanings are easy to guess.

Now the web links are loaded just in the Email tab or window without jumping out to browser.

--
Regards,
Lu Wei
IM: xmpp:luwe...@riotcat.org
PGP: 0xA12FEF7592CCE1EA

[Mayayana]

| Now the web links are loaded just in the Email tab or window without
jumping out to browser.
|

Sounds great. I was wondering how I could make web
browsing less safe while also visiting phishing email URLs
with no control over script.

[Shadow]

On Fri, 17 Dec 2021 15:37:06 +0800, Lu Wei <luwe...@gmail.com>
wrote:

>Thunderbird has the core to render a web page too; but it is disabled by default.

For security and privacy reasons.....
You're right.
LOL
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021

[Lu Wei]

I agree this ThunderBrowse does not suit for everybody, just like
WindowsXP. And I think Noscript and UBO still work in Thunderbird; if
not, you can set viewing message body as text or simple HTML, which has
scripts disabled IMO.

[Mayayana]

"Lu Wei" <luwe...@gmail.com> wrote

| I agree this ThunderBrowse does not suit for everybody, just like
| WindowsXP. And I think Noscript and UBO still work in Thunderbird; if
| not, you can set viewing message body as text or simple HTML, which has
| scripts disabled IMO.
|

You seem to be a bit behind the times. No one who
knows better has enabled script in email for 20 years
or so. I haven't enabled HTML email at all for that long.

I also never click the links in email because more often
than not they're rigged. It's become common to tag on
tracking IDs, which need to be removed. For example:

www.acme.com/index.html?xid=1234567&uid=abcdefg....

I haven't even configured a browser for TBird. I use IE
as my default browser and block it at the firewall. So if
anything tries to go onilne without asking it gets stopped
and I get informed.

I know someone who gets emails from The Hill, a
liberal news site. The Hill includes links from other sites,
which they apparently have a deal with to get kickbacks.
I've found the person's name, email and home address
embedded in those links, base-64 encoded.

[Lu Wei]

On 2021-12-20 21:32, Mayayana wrote:
> "Lu Wei" <luwe...@gmail.com> wrote
>
> | I agree this ThunderBrowse does not suit for everybody, just like
> | WindowsXP. And I think Noscript and UBO still work in Thunderbird; if
> | not, you can set viewing message body as text or simple HTML, which has
> | scripts disabled IMO.
> |
>
> You seem to be a bit behind the times. No one who
> knows better has enabled script in email for 20 years
> or so. I haven't enabled HTML email at all for that long.
>

People using email distribute at large scale. My most colleagues know
nothing about scripts in email, certainly not because they are a bit
behind the times; in fact they tend to deem the use of email is a bit
behind the times, not to say Windows XP, even Usenet which they never
heard of.

> I also never click the links in email because more often
> than not they're rigged. It's become common to tag on
> tracking IDs, which need to be removed. For example:
>
> www.acme.com/index.html?xid=1234567&uid=abcdefg....
>
> I haven't even configured a browser for TBird. I use IE
> as my default browser and block it at the firewall. So if
> anything tries to go onilne without asking it gets stopped
> and I get informed.>
> I know someone who gets emails from The Hill, a
> liberal news site. The Hill includes links from other sites,
> which they apparently have a deal with to get kickbacks.
> I've found the person's name, email and home address
> embedded in those links, base-64 encoded.
>

The sample link seems legitimate to me. Normally I wont click it unless
it is from someone I trust. If my friend's uid needs clicking to gain
some benefit, I would like to help. I think your point is those
automatic connection without asking. Yet in that case, ThunderBrowse
does not get things worse. ThunderBrowse does not change your display
preference -- original HTML, simple HTML, or plain text -- if I click
the link with privacy information by myself, opening inside TB or
another browser does not make much difference.

[Mayayana]

"Lu Wei" <luwe...@gmail.com> wrote

| People using email distribute at large scale. My most colleagues know
| nothing about scripts in email, certainly not because they are a bit
| behind the times; in fact they tend to deem the use of email is a bit
| behind the times, not to say Windows XP, even Usenet which they never
| heard of.
|

Yes. That's a good point. If I want to reach my techie niece
I can do it in 40 seconds with a text, or 5 days via email. But
it takes me about 10 minites to write the text. And I have to turn
on my cellphone, wait for it to boot... :)

Actually, so many people use webmail these days that most
people are allowing script. I think TBird disables it by default.
And I disable HTML email. But most people I know are using gmail,
and doing it in a browser. They don't know any better.

There are spyware companies like Constant Contact that sell
spyware/mailing services, for example. Companies have their
email sent out from CC. CC embeds script and possibly web bugs
that allow them to track when the recipient opens the email and
how far down they scroll each time they open it. In traditional
email such tricks are useless. But apparently so many people
use webmail, with script fully enabled, that the CC fees are
worthwhile to companies.

| > I also never click the links in email because more often
| > than not they're rigged. It's become common to tag on
| > tracking IDs, which need to be removed. For example:
| >
| > www.acme.com/index.html?xid=1234567&uid=abcdefg....
| >
|

| The sample link seems legitimate to me. Normally I wont click it unless
| it is from someone I trust. If my friend's uid needs clicking to gain
| some benefit, I would like to help.

It depends on what you call legitimate. I wouldn't
call it legitimate to secretly embed your name, email and address
in a link to identify you when you visit a webpage. This kind of
thing is becoming common. A typical example is fbclid tacked
on by Facebook as a kind of URL cookie when people click links
on FB.

Some are legitimate, in a sense. For example, my dentist requires
me to confirm my appt. My dentist, of course, pays another
company to handle all that. I get a link about 300 characters
long. If I don't load the whole link I'll have an angry dental
receptionst calling me. So I have to allow the 3rd-party company.
Though I run the URL in New Moon with script disabled.

Moral of the story being that I wouldn't just click a URL without
checking it to see the destination and details. In general, if there's
a "?", I'll snip off everything from there on.

[gfre...@aol.com]

On Tue, 21 Dec 2021 09:01:26 -0500, "Mayayana"
<maya...@invalid.nospam> wrote:

>"Lu Wei" <luwe...@gmail.com> wrote
>
>| People using email distribute at large scale. My most colleagues know
>| nothing about scripts in email, certainly not because they are a bit
>| behind the times; in fact they tend to deem the use of email is a bit
>| behind the times, not to say Windows XP, even Usenet which they never
>| heard of.
>|
>
> Yes. That's a good point. If I want to reach my techie niece
>I can do it in 40 seconds with a text, or 5 days via email. But
>it takes me about 10 minites to write the text. And I have to turn
>on my cellphone, wait for it to boot... :)
>

I have never texted on my phone but do use email to text a lot for
those who do. When they text me back it is an Email, even if they
don't know it. Samsung/Android phones do it seamlessly. Apple sends
the text back to me as a .TXT file that I have to open in notepad or
something.

>
> Some are legitimate, in a sense. For example, my dentist requires
>me to confirm my appt. My dentist, of course, pays another
>company to handle all that. I get a link about 300 characters
>long. If I don't load the whole link I'll have an angry dental
>receptionst calling me. So I have to allow the 3rd-party company.
>Though I run the URL in New Moon with script disabled.
>

I would just ask her why she didn't call me in the first place.
I won't give a lot of these people my Email address in the first
place. I get enough spam now.

[Mayayana]

<gfre...@aol.com> wrote

| I have never texted on my phone but do use email to text a lot for
| those who do. When they text me back it is an Email, even if they
| don't know it. Samsung/Android phones do it seamlessly. Apple sends
| the text back to me as a .TXT file that I have to open in notepad or
| something.
|

I guess I've heard something about that and have an address list,
but I've never tried it. Apparently I'd need to know their carrier?
So if someone has Verizon I'd send an email to [phone #]@vtext.com?
I'll have to try that.

I've noticed that when people mistakenly text to my landline
now they dn't get an error. They used to get a message that
they'd texted a landline. Now they think it went through. I'm
increasingly dealing with people who are actually angry that I
use a landline!

| > Some are legitimate, in a sense. For example, my dentist requires
| >me to confirm my appt. My dentist, of course, pays another
| >company to handle all that. I get a link about 300 characters
| >long. If I don't load the whole link I'll have an angry dental
| >receptionst calling me. So I have to allow the 3rd-party company.
| >Though I run the URL in New Moon with script disabled.
| >
| I would just ask her why she didn't call me in the first place.
| I won't give a lot of these people my Email address in the first
| place. I get enough spam now.

I couldn't agree more, but I felt very lucky to find a good
dentist, after a couple didn't work out. There was the almost-retired
gay dentist who was ordered around by his dental assistant and
kept doing fillings that fell out. Then there was the very good
dentist, but he had too many customers and tried to pass me off
to his partner, who wanted to start with 4 crowns to pay for
his kids' college. Then there was the Russian couple who wanted
to rebuild my mouth and sign me up with a 30% interest dental
charge card...
And I find that you just can't talk to these people. They don't
understand the technology and have an automated system that
works for them.

With COVID it's become worse. For a while stores were trying
to force charge card use. My chiropractor is annoyed that I don't
use a cellphone, because they want me to call from the front entry
to see if it's OK to go in. People are just treating these things as
normal. I just have to act old and cranky, and hope they'll excuse
me for being an elderly dimwit who doesn't understand phones.
On the bright side, my dentist's computer is very friendly and seems
to be taking a shine to me. It sent me a Merry Christmas email
this morning. How sweet!

[Rink]

Op 20-12-2021 om 14:32 schreef Mayayana:

> "Lu Wei" <luwe...@gmail.com> wrote
>
> | I agree this ThunderBrowse does not suit for everybody, just like
> | WindowsXP. And I think Noscript and UBO still work in Thunderbird; if
> | not, you can set viewing message body as text or simple HTML, which has
> | scripts disabled IMO.
> |
>
> You seem to be a bit behind the times. No one who
> knows better has enabled script in email for 20 years
> or so. I haven't enabled HTML email at all for that long.

I'm pretty sure most Earthlings do not know anything about scripts.
And while I have the NoScript addon installed at Firefox,
I do not know how to stop scripts in Thunderbird.

How can I do this??

>
> I also never click the links in email because more often
> than not they're rigged. It's become common to tag on
> tracking IDs, which need to be removed. For example:
>
> www.acme.com/index.html?xid=1234567&uid=abcdefg....

I agree and also take only the part before the question mark.
In this case www.acme.com is enough.

>
> I haven't even configured a browser for TBird. I use IE
> as my default browser and block it at the firewall. So if
> anything tries to go onilne without asking it gets stopped
> and I get informed.

I use Firefox, but do not update it anymore.
I do not want the new "services" as updating in the background, etc.

I get the idea, that all new browsers are getting worse, when I look at
privacy.

>
> I know someone who gets emails from The Hill, a
> liberal news site. The Hill includes links from other sites,
> which they apparently have a deal with to get kickbacks.
> I've found the person's name, email and home address
> embedded in those links, base-64 encoded.

which is quit stupid, because they can give a random 300 characters link
and still register all details from your friend in their own computers.


Rink

[Mayayana]

"Rink" <rink.hof.ha...@planet.nl> wrote

| And while I have the NoScript addon installed at Firefox,
| I do not know how to stop scripts in Thunderbird.
|
| How can I do this??
|

Options -> Advanced -> Config Editor -> javascript.enabled = false

There are also settings on the privacy tab to block retrieving web bugs.
And you can avoid HTML by setting all options for display
and compose to plain text. I find that occasionally someone
will send me an HTML email with no text version; for example,
an email that's only images. But in general, reading as plain
text works and is safe.

| I use Firefox, but do not update it anymore.
| I do not want the new "services" as updating in the background, etc.
|
| I get the idea, that all new browsers are getting worse, when I look at
| privacy.
|

There is New Moon for XP. I don't have a link offhand.
It doesn't have a website. But basically it's simplifed Firefox.
I use both. With NM I avoid 3rd party images, iframes, and
all sorts of other things. If it doesn't work there I'll
try Firefox.

Some sites now are designed to require script and I
have to disable CSS to see them at all. Webpages are getting
bad. And some things only work in Chrome. I don't know
why. It seems to be Google-specific functionality.

[Paul]

That New Moon looks like loads of fun.

https://msfn.org/board/topic/177125-my-browser-builds-part-1/

It looks like some of the symptoms are related to the
hardware it is running on.

Paul

[Lu Wei]

On 2022-1-6 5:13, Mayayana wrote:
> "Rink" <rink.hof.ha...@planet.nl> wrote
>
> | And while I have the NoScript addon installed at Firefox,
> | I do not know how to stop scripts in Thunderbird.
> |
> | How can I do this??
> |
>
> Options -> Advanced -> Config Editor -> javascript.enabled = false
>
> There are also settings on the privacy tab to block retrieving web bugs.
> And you can avoid HTML by setting all options for display
> and compose to plain text. I find that occasionally someone
> will send me an HTML email with no text version; for example,
> an email that's only images. But in general, reading as plain
> text works and is safe.
>

All scripts in mail and news are dropped by TB. Config Editor ->
javascript.enabled only applies to feeds reader.

> | I use Firefox, but do not update it anymore.
> | I do not want the new "services" as updating in the background, etc.
> |
> | I get the idea, that all new browsers are getting worse, when I look at
> | privacy.
> |
>
> There is New Moon for XP. I don't have a link offhand.
> It doesn't have a website. But basically it's simplifed Firefox.
> I use both. With NM I avoid 3rd party images, iframes, and
> all sorts of other things. If it doesn't work there I'll
> try Firefox.
>

The official site of RoyTam's browsers build:
https://rtfreesoft.blogspot.com/search/label/browser

Among them Basilisk 52 is the closest successor of Firefox 52 on WinXP.
https://o.rthost.win/basilisk/?sort=date&order=desc

[Mayayana]

"Paul" <nos...@needed.invalid> wrote

| That New Moon looks like loads of fun.
|
| https://msfn.org/board/topic/177125-my-browser-builds-part-1/
|
| It looks like some of the symptoms are related to the
| hardware it is running on.
|

It's here:

http://rtfreesoft.blogspot.com/

Your link is old. It's confusing, though. The version I have is
28.10, from 8/2020. There seem to be concurrent releases of
27 and 28, though I don't see any sign of 28 now. And I've never
seen any explanations from the author.
I've had good luck with 28. I seem to remember a problem
with 27, but I'm not sure. It's been awhile.

Here you can find the different versions. I just checked
and found a very recent update of 28:

https://o.rthost.win/palemoon/

I haven't tried it yet. I also don't know what the SSE means.
I thought SSE was CPU instructuions introduced many years ago.
So why would there be a no SSE version? And why would there
also be SSE versions and versions that don't mention SSE?
Beats me.

[Paul]

The wiki says the first SSE was

Pentium III
AthlonXP & Duron

which means S462 Athlon before AthlonXP might not have it. And you
could still run Windows XP on such hardware.

And the dissing of processors continues. Windows 7 dropped some processors
without too much fanfare. And the Skylake limit came later. And then
we have the Windows 11 behavior (undocumented MBEC).

https://www.ghacks.net/2018/06/21/windows-7-support-dropped-for-cpus-without-sse2/

For some of these, the software community didn't do a good job
of passing along the explanation for why they're doing these
things.

Paul

[Mayayana]

"Lu Wei" <luwe...@gmail.com> wrote

| All scripts in mail and news are dropped by TB. Config Editor ->
| javascript.enabled only applies to feeds reader.
|

Ah. Thanks. That makes sense. I thought it was odd that
they'd hidden it, but I came from OE, which has a setting
to adjust security according to an IE zone.

| The official site of RoyTam's browsers build:
| https://rtfreesoft.blogspot.com/search/label/browser
|
| Among them Basilisk 52 is the closest successor of Firefox 52 on WinXP.
| https://o.rthost.win/basilisk/?sort=date&order=desc
|

I don't necessarily want the closest possible thing
to FF. I want the most up-to-date rendering, without
bloat, that still supports XP and my extensions.

I wonder if you might know about this: Never noticed
it before, but when I decided to update New Moon it
tried to call out before I enabled it. Turns out it's been
calling out to 69.195.158.195+- at load. I never noticed
that before. That IP is registered to Joe's Datacenter, LLC,
a webhosting company in Kansas City, MO.

[Shadow]

Some people enjoy watching grass grow.
I can imagine that would be similar to loading a current
Palemoon on a pre-SSE processor.

[Lu Wei]

On 2022-1-6 22:01, Mayayana wrote:
> | The official site of RoyTam's browsers build:
> | https://rtfreesoft.blogspot.com/search/label/browser
> |
> | Among them Basilisk 52 is the closest successor of Firefox 52 on WinXP.
> | https://o.rthost.win/basilisk/?sort=date&order=desc
> |
>
> I don't necessarily want the closest possible thing
> to FF. I want the most up-to-date rendering, without
> bloat, that still supports XP and my extensions.
>

Then among RoyTam's build Newmoon 27, KM-goanna, or even Firefox 45ESR
may meet your needs.

> I wonder if you might know about this: Never noticed
> it before, but when I decided to update New Moon it
> tried to call out before I enabled it. Turns out it's been
> calling out to 69.195.158.195+- at load. I never noticed
> that before. That IP is registered to Joe's Datacenter, LLC,
> a webhosting company in Kansas City, MO.
>

I don't know about this. That could be raised at support thread:
https://msfn.org/board/topic/182647-my-browser-builds-part-3/

[Mayayana]

"Lu Wei" <luwe...@gmail.com> wrote

| > I wonder if you might know about this: Never noticed
| > it before, but when I decided to update New Moon it
| > tried to call out before I enabled it. Turns out it's been
| > calling out to 69.195.158.195+- at load. I never noticed
| > that before. That IP is registered to Joe's Datacenter, LLC,
| > a webhosting company in Kansas City, MO.
| >
| I don't know about this. That could be raised at support thread:
| https://msfn.org/board/topic/182647-my-browser-builds-part-3/
|

Thanks. I think I figured it out. It was NoScript calling
home. I disabled ABE WAN IP (on the advice of a webpage
discussion I found) and it stopped.