 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Tue 18 Jun 2013, 21:52 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
Evercookies: extremely persistent browser cookies
|
 
|
View_previous_topic :: View_next_topic |
| Page 3 of 4 Posts_count | Goto page: Previous 1, 2, 3, 4 Next |
| Author | Message | ||||||
|---|---|---|---|---|---|---|---|
|
jpeps
Joined: 31 May 2008 Posts: 2449 |
Hi PaulBx1, Don't get me wrong...I'm in total agreement with you that others should have the right to plant whatever on your computer 
|
||||||
|
|||||||
 |
|||||||
|
PaulBx1
Joined: 16 Jun 2006 Posts: 2308 Location: Wyoming, USA |
You shouldn't do anything on an open wifi connection other than, say, check the weather. Anything more than that is asking for trouble. Even logging into a website is not a good idea, unless you don't mind handing your password out to everyone. Email? Forget it. |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 9476 Location: SwedenEurope |
Hahahah Paul you should have told me that one year ago and I had not bought the Acer 10 inch screen Nettop I used now and not the two android smartphones either. I bought these to use at open spots to check emails and forum entries when me travel. _________________ I'm a noob so I use Google Search of Puppy Forum |
||||||
|
|||||||
|
|||||||
Jasper
 Joined: 25 Apr 2010 Posts: 889 Location: England |
Hi, For those who are not already aware - Firefox 3.6.12 (with a security fix) is available today if you need it. My regards My apology - I have now put this message in a new thread in this section. |
||||||
|
|||||||
|
|||||||
|
Flash
Official Dog Handler  Joined: 04 May 2005 Posts: 9906 Location: Arizona USA |
Here's an interview of the creator of the Evercookie, Samy Kamkar. Very instructive.
|
||||||
|
|||||||
|
|||||||
|
jpeps
Joined: 31 May 2008 Posts: 2449 |
In short, a challenge to act against the best interests and desires of the owner of the computer; very stupid and at best, bad business. |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 9476 Location: SwedenEurope |
Hope I am not too naive. What one need to do then is some program that recognize when an Evercookie is about to be set and that that program just pretend that all works by giving faked confirmation all has been set up and as the evercookie wants it but in reality that sites evercookie is blacklisted in some list so it is not set next time either? Does it help to do like some told us that they made an ever updated pupsave. so when one start anew in the morning the pupsave of yesterday get scrapped and the backup are loaded and that way nothing that did happen change that backup? One store things one want to keep like email and html pages and pics and muic outside of pupsave and only reuse a never write to back up that is reused again and again? I guess those that use a CD with puppy is like that for us with frugal they can write anything to our HDD I guess. One would need a program that looked for evercookies and be able to erase them. . _________________ I'm a noob so I use Google Search of Puppy Forum |
||||||
|
|||||||
|
|||||||
|
jpeps
Joined: 31 May 2008 Posts: 2449 |
Example of accurate targeting when clicking on the above link: Italian Cookies, Biscotti Perfect gift, easy online ordering. |
||||||
|
|||||||
|
|||||||
|
PaulBx1
Joined: 16 Jun 2006 Posts: 2308 Location: Wyoming, USA |
Well, I suspect the point was that, if he could develop them, others could and probably have developed them. Better to get the issue out on the table before they have taken over half the world's computers and filled them with garbage. Sounds like noscript can prevent them. I suppose I ought to try it yet again... |
||||||
|
|||||||
|
|||||||
Bruce B
 Joined: 18 May 2005 Posts: 10823 Location: The Peoples Republic of California |
I hope in this post to make the Evercookie seem less fearsome, more understandable and very easy for us Puppy users to clean up. - Macromedia Super Cookies Websites can use your macromedia flash files to track you across multiple domains. Flash is not a part of your browser and it doesn't have controls over the data Macromedia stores. We have control! /root/.macromedia is the parent directory where the data is stored. If you don't want to be tracked by the content in those sub-directories, delete the parent. Edited to add: it will recreate itself, so the deleting should be part of your normal keeping things clean routine. The recreating itself means it will make new directories and store new data. Once deleted the previous data is history. I mention the /root/.macromedia directory because it is a portion of the technology the Evercookie uses - Silverlight isolated storage I'm not even using it. To the extent the rest of us are not using it, there is no Silverlight exploit. - HTML5 - Various Storage Locations Don't kill me with fearsome generalities. We are running specific operating systems and browsers. The OS here is Puppy Linux. The browser is SeaMonkey. (or whatever the user or puplet installed) SeaMonkey stores its cache under the parent directory /root/.mozilla in a directory called Cache Every time we empty the Cache we also empty the supposed but non-existent various HTML5 storage locations. - Clearing your private data Google is main sponsor for Mozilla. Need I say more? Google doesn't seem to believe in deleting data, not in my opinion. Don't play fool to thinking setting your Mozilla browser really deletes data by using browser settings. If we are serious about deleting private data, write a script to delete the *.sqlite files in the profile directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ End of post. The Evercookie is gone as well as a lot of other tracking information stored on YOUR PERSONAL computer. ~ _________________ New! Puppy Linux Links Page |
||||||
|
|||||||
|
|||||||
|
PaulBx1
Joined: 16 Jun 2006 Posts: 2308 Location: Wyoming, USA |
Bruce, you mentioned the sqlite files before. I guess I don't understand how you can delete all of them, since that includes (for example) signon.sqlite. I couldn't function without site login information stored in the browser. No way I could remember every login. |
||||||
|
|||||||
|
|||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10823 Location: The Peoples Republic of California |
PaulBx1, I understand exactly what you mean. For others, deleting the *.sqlite means all the information in them is gone. But you don't necessarily want to keep deleting all the information because some of it you want. I've been learning Windows XP lately, so first I'll explain how it did it with XP. 1) delete all *.sqlite 2) when the browser starts it will make fresh *.sqlite files 3) go to the trusted sites you regularly visit and enter your login information 4) after you have done this, shut down the browser. 5) copy all the *.sqlite files (which have basically only information you do want) to a different directory, such as one level up 6) make a batch file to delete the *.sqlite files in the profile directory and copy back the ones which have the login information you want ~~~~~~~~~~~~~~~ You can use the same basic technique with the Linux bash script. ~~~~~~~~~~~~~~~ Now I'll offer an experiment for anyone who wants to do some testing. In Windows go through step 4 and make the files read-only In Linux go through step 4 and make the files immutable using the chattr utility. I don't remember if the operative switch is -i or +i , I think it is +i, if so the command would be: chattr +i *.sqlite ~~~~~~~~~~~~~~~~ I learned to do this in the Netscape days. There was a period in time where a lot of sites wanted cookies enabled. I made the cookie file read-only and no site ever balked. Moreover, it seemed they had the cookie feedback they wanted, which caused me to suspect the cookie information existed in some cache even though it was never written to disk. ~~~~~~~~~~~~~~~~~ In conclusion, the first steps I outlined do work. It requires a little work to get it setup, but once setup it is a piece of cake. The read-only / immutable portion of the post would be experimental insofar as I haven't tested it. But I think it stands a good enough chance of working, that its worth a try. Bruce One last thought. The sqlite files are binary. Puppy's strings utility will display text in these binary files. A hexeditor will also. If anyone has some sqlite files that have been in use for a while, and you want to see the contents, you'll get an idea of kind of personal data they contain. Also, and very importantly, they were mentioned as a storage point for the topic of discussion: Evercookies ~ _________________ New! Puppy Linux Links Page |
||||||
|
|||||||
|
|||||||
droope
 Joined: 31 Jul 2008 Posts: 814 Location: Uruguay, Mercedes |
Hiya
Cookies are no way evil... or harmful... Just information being stored.
Aaanyway, noscript + blocking flash kills evercookies.
Regards, Droope _________________ What seems hard is actually easy, while what looks like impossible is in fact hard. “Hard things take time to do. Impossible things take a little longer.” –Percy Cerutty Mi blog (Spanish) |
||||||
|
|||||||
|
|||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10823 Location: The Peoples Republic of California |
Cookies are tracking devices. People's main consideration about them would be 'privacy related', which is why I'd much rather this forum had a section for Privacy and another for Security. I like Trackers in cyberspace about as much as I do Stalkers and Peeping Toms in the real world. Which is not at all.
The Evercookie uses JavaScript APIs do to it's dirty work. So, if JavaScript is turned off one wouldn't get this kind of cookie. But turning it off wouldn't delete the cookie if it existed. It would prevent it from being used. _________________ New! Puppy Linux Links Page |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 9476 Location: SwedenEurope |
And if one turn of java then many sites refuse to let one make a comment or write in their forum or to read the text until one allow at least the major Ad provider to show their ad and then one see the text one look for. So it is not easy. I try to use NoScript in FireFox but Opera and Chrome have their own Ad blockers and those are too difficult for me to learn how to use. So I am kind of locked to use FireFox and as far as I know they have no addon yet for an EverCookie? But are EverCookie being used now on many sites? First I thought that almost every big site used them and now I rad that it is only a concept a guy showed off and almost none use them but that in the future maybe a lot of sites would? _________________ I'm a noob so I use Google Search of Puppy Forum |
||||||
|
|||||||
|
|||||||
| Page 3 of 4 Posts_count | Goto page: Previous 1, 2, 3, 4 Next |
|
|
View_previous_topic :: View_next_topic |
|
Forum index » Off-Topic Area » Security |
Rules_post_cannot Rules_reply_cannot Rules_edit_cannot Rules_delete_cannot Rules_vote_cannot You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group