Tag Archives: NSA

Disable Google spies from default WordPress during update time

This method is for a default WordPress archive taken from WordPress.org site, without external plugin. The explaination are against WordPress 3.8.3, upgrading from version 3.8. We will assume here, that your public web directory is www/, but it depends on hosting service, distribution or your own configuration.

Before starting the update, SAVE YOUR FILES AND DATABASE. I also assume that you use the default wordpress directory for serving your blog and database named wordpress.

tar cf wordpress.tar www/wordpress; gzip -9 wordpress.tar     # Archive directory containing WordPress installation.
mysqldump -a wordpress >wordpress.dump; gzip -9 wordpress.dump         # Dump the associated mysql database


Continue reading

Roundcube Webmail send all written messages, at writing time, to Google(/NSA) by default

Seen in Roundcube webmail default configuration (same problem than WordPress default), everything that the user type is by default sent by RoundCube to Google for spell checking. This nor good for the industrial spying nor for private life respect as Google and USA renseignements agencies past and present practices tend to use them, as showned by Edward Snowden.

Example for version 1.0.0:

roundcubemail-1.0.0/config/defaults.inc.php

In previous versions, that was in main.inc.php.dist (that display default values), so you need to cp it to main.inc.php and change those values, for obvious security purpose:

roundcubemail-0.x.x/config/main.inc.php.dist

Continue reading

WordPress and Google

By default, WordPress sent everything you type when you edit a page to google, “to help you correct your spell”:

In the file wp-includes/js/tinymce/plugins/spellchecker/config.php, you will see the default :


        // General settings
        $config['general.engine'] = 'GoogleSpell';
        //$config['general.engine'] = 'PSpell';
        //$config['general.engine'] = 'PSpellShell';
        //$config['general.remote_rpc_url'] = 'http://some.other.site/some/url/rpc.php';

        // PSpell settings
        $config['PSpell.mode'] = PSPELL_FAST;
        $config['PSpell.spelling'] = "";
        $config['PSpell.jargon'] = "";
        $config['PSpell.encoding'] = "";

        // PSpellShell settings
        $config['PSpellShell.mode'] = PSPELL_FAST;
        $config['PSpellShell.aspell'] = '/usr/bin/aspell';
        $config['PSpellShell.tmp'] = '/tmp';

        // Windows PSpellShell settings
        //$config['PSpellShell.aspell'] = '"c:\Program Files\Aspell\bin\aspell.exe"';
        //$config['PSpellShell.tmp'] = 'c:/temp';

Replace in the first packet of rules Google by pspell (a host working spellchecker) pspell/aspell must be installed on your server,, and the php version you use :


        // General settings
        //$config['general.engine'] = 'GoogleSpell';
        $config['general.engine'] = 'PSpell';
        $config['general.engine'] = 'PSpellShell';
        //$config['general.remote_rpc_url'] = 'http://some.other.site/some/url/rpc.php';