Martii Moderator

Nevermind... you published an obfuscated script as your second deed. Bye bye.

--- /scripts/joeman/Grepotemas/source@0.2+c526adb
+++ /scripts/joeman/Grepotemas/source
@@ -22,7 +22,7 @@
 // ==/UserScript==
 var version = '0.2';
  *  CHANGES :
  *  0.2 :
  *  Script created

It is my understanding that whenever a script utilizes cloneInto, specifically in this .user.js with cloneInto(out, document), that says transfer the script to the sites DOM context which makes it more detectable if they are watching. If the script had stayed in a sandboxed environment (its own context) it is less likely to be detected. While cloneInto is safer from DOM to .user.js engine it doesn't stop the DOM from scouring/detecting whatever is in its own context. i.e. it's a little better than unsafeWindow however not much.

The IIFE here in the script loader appears intact, however the function call in the loaded script appears to send and an empty object. That too could lead to more detections. Which brings me to another point... script loaders aren't always good at keeping privacy all around.

Re: @ThankYou:

HTML5 stutters around when I am doing multiple things

Another note too.. in Chromium based browsers they've been "tweaking" the video acceleration just about every version (usually for DRM which is bad three letter word acronym in my book)... so if you see a brief black screen in your browser at startup that is what that is. Newer video drivers for the OS level can help improve that which can lead to less video buffering. So perhaps a different browser wouldn't be doing those sort of "tweaks" yet.

Re: @ThankYou:

I know that I was using Flash just a week ago, so I assume its still there somewhere.

Well if you look at L62, L69, and L85 it uses a hashed SWF file (the player). If I try to get that particular url from the console it says roughly:

ERROR 403: Forbidden.

... hashes are usually used for versioning but can also be used for deprecations with EOLs. So if you can find the current hashed player url itself (check the gist source and there is currently one that isn't hashed that I was able to download) you might be able to reenable that .user.js to work by changing the player url. However there is no guarantee that the site ops will keep it available in the future. The data stream url can change too and make the player useless. I don't actually use that site or that .user.js but know a bit about SWF usage and website ops.

See also:

  • object tag for how those work. It is best to try the sites settings as they know their hashes better than anyone... but the next bullet point shows...
  • Twitch blog on their deprecation... which means they probably are trying to shake off the flash usage. Deprecation notices and actual EOL can occur at different times so you might have hit that wall.

Re: @ThankYou:

HTML5 stutters around when I am doing multiple things, Flash never did.

Unfortunately Flash'es days are numbered. The days of a lot of HTML5 buffering are here already on sites that I utilize and severe degradation of the streaming quality during high traffic times with HTML5 instead of a direct, unfettered, OS connection (that has other considerations too which is why the browsers and Adobe have decided to EOL flash based technologies).

As far as is concerned I am unfamiliar if there is a setting to toggle it but I wouldn't count on pepper-flash for Chromium based browsers and actual Flash for other browsers being around for too many more years if not even sooner. Early 2020 is going to be a lot of massive changes to browsers and of course everywhere in between.

Alternative suggestions... which sort of lead out of OUJS here..

  1. If you are using Windows and don't need NetBIOS for connecting to another machine on your network you can try disabling that to get a bandwidth boost. OSX has something similar and Linux has Samba which may, or may not, be installed by default. Please use a search engine on how to disable those for your platform.
  2. If your network doesn't have a router... get one. That can reduce some internet connection traffic as well to help assist with some of the buffering issues of HTML5.

There are probably more suggestions but I'm already outside of OUJS with this tangent. So good luck.

Friendly ping here... :)

  1. Your Script Info currently has USO S3 urls (e.g. which were blocked about a year or so ago so they show as broken images.
  2. linkage is also currently broken... plus they went https.
  3. Contribution url to is also currently broken... plus they went https too.

Just a heads up.

Thanks for the look.

Yes I'm here.


  • Please ignore if you wish as these comments will be done periodically throughout the day.

Re: @ne_işe_yarıyor_bu:


Please do not use the underscore (_) for spaces. You nearly got marked as a spammer.

Turkish translation, courtesy of google, without the underscores to english is:

What does it work for?

Don't quite see the point of hiding a username variable when you end up sending it to the server anyway.

Then that statement negates the statement you make on the homepage here of:

it's no longer saved anywhere

Technically it is saved in the script compared to the original script which is saved with GM_setValue which is usually more secure than exposing it in the DOM. ;)

Your choice... might want to watch your down votes as this could be a reason why.

It would be a strong security measure to place your entire Userscript into an IIFE to protect the variables from being accessed in those .user.js engines that run the script in the page scope. Not every version wraps and GM stopped doing that a while back in the 3.x line when using @grant none.

e.g. username could be tampered/read with more easily if you don't... along the lines of what you said with:

it's no longer saved anywhere

(function () {
  // This is an IIFE

  var username = 'farow'; // Local function scope instead of global.

  // ...

cuzi's script does this already.

Never mind. You've stripped a license header in WinConfig... that is eligible for account removal.

Currently the header vs the @license key are mismatched and this looks like a library.

Firstly please use GPL-3.0 to match e.g.

// @license GPL-3.0

Your Neopets script seems to have a similar issue with mismatched licensing.

Secondly to make this a library please delete the script and go to and then modify the header to look like this and republish:

// ==UserScript==
// @exclude *
// ==UserLibrary==
// @name           Includes : Php
// @description    Php Functions
// @copyright      2009, w35l3y (
// @license        GPL-3.0 
// @version BETA
// ==/UserLibrary==
// @namespace
// @author         w35l3y
// @email
// @homepage
// @include        nowhere
// @grant GM_addStyle
// @grant GM_deleteValue
// @grant GM_getResourceText
// @grant GM_getValue
// @grant GM_log
// @grant GM_registerMenuCommand
// @grant GM_setValue
// @grant unsafeWindow
// ==/UserScript==

At minimum, failure to change the @license key to match is grounds for removal of this and the NeoPets scripts... or any script that is mismatched with declared licensing vs headered licensing.

If any other scripts are libraries, meant to be called by other pieces of code, please make them a library in the future.

Thank you for your immediate cooperation,
OUJS Staff

And you have another script with this... please remedy as soon as possible before default TOS action is applied.

Thanks again,
OUJS Staff

Current license prevents derivatives which is a TOS violation.

Please remedy quickly before you are eligible for removal.

OUJS Staff

Please delete your script and reupload it with what site it affects.

Currently the default of New Userscript and the @match pattern is a bit too wide and useless for people.

Also curious why you are sending someones uname to which is a private server.

Thank you for your cooperation,

// @license      Copyright by Marthijn Hoiting

... is not OSI approved licensing. Please reread the TOS before eligible for removal.

Secondly if you want it to say that use:

// @copyright 2017, Marthijn Hoiting (

Thanks for addressing this on all of your scripts as soon as possible.

// @license abcd123huy is not a valid OSI license. Please re-review the TOS link at the bottom of every page before eligible for removal.


TOS Violation.

Also if you need to set @license to an OSI approved license you place that key in your UserScript metadata block.

However you've broken the TOS (link at the bottom of every page) and there is no going back as you should have read it especially before you publish.


Please reread the Terms of Service link regarding licensing at the bottom of every page. You have less than 24 hours to fix this or you and your account will be eligible for removal.

OUJS Admin

If you don't fix the 401 status permanently of your @icon in the Userscript metadata block this script and your account are eligible for removal.

Thank you for your immediate attention on this matter,
OUJS Admin