persistent forms of cookies described.

For discussions about security.
Post Reply
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

persistent forms of cookies described.

#1 Post by nooby »

http://nikcub.appspot.com/persistant-an ... tp-headers
The problem with these techniques is that they bypass user and browser privacy settings centered around cookies. You can block all cookies and yet ETag, Last-Modified and other methods can be used to track your browser.

In terms of Last-Modified, the spec says that it should be a date - but it also mentions that there are potential issues with the clock being out of sync. Most library implementations simply store and replay the date string - they do not bother attempting to parse it since date parsing is such a pain in the ass. Browsers are doing the same thing, which is why this bug exists. It means that Last-Modified works just as well as a cookie, but without the privacy controls

I will be filing a bug report with the open source browsers and requesting that the date is parsed properly. This won't completely solve the problem, since users can still be tracked by setting a unique datetime - but perhaps one of the more innovative browser's will come up with a solution where the time is rounded off to the nearest hour, and some basic sanity checking is done. There is no other real solution, other than clearing and disabling your cache, but conditional GET's still take place during a browser session with some browsers.

Try this bug out yourself by using the demo page I have setup.
Interesting stuff but I am not clever enough to know what to do about it.

Does it help to manually delete the files that store it? Where?
I use Google Search on Puppy Forum
not an ideal solution though

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#2 Post by Sylvander »

What I normally do...
Is to not save the session.
i.e. No auto-save during the session...
And choose to not save at shut-down.

Don't know enough to be sure that effectively does the job of not saving any of the cookies stored by the web-browser.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#3 Post by Lobster »

Use Growl Security enhancements in the Beta 5 of Slacko
Menu/Network
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

Thanks guys, both of these solutions needs the knowledge you two have :)

Sylvander. Yes I did a few experiments but I guess me not clever enough

and most importantly as long as you have the partition mounted that you boot from. And to unmount it while you have booted from it usually is not recommended is it? Then the cookie is set either way so them follow you until you reboot.

So does it really help? Okay it is gone after you reboot but that could be hours down the lane :)

Lobster. I guess I should look into that one then.
But I am using SnowPuppy 5 most of them time and Lupu 528 next
and Slacko I only boot to be able to give reports on it.

it refuses to show pictures in 1024 x 768 so Slacko B1 to B5 is not for me!
I use Google Search on Puppy Forum
not an ideal solution though

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#5 Post by Sylvander »

1. "...as long as you have the partition mounted that you boot from. And to unmount it while you have booted from it usually is not recommended is it?"
(a) Yes, the partition holding the pupsave file is auto-mounted, but I don't understand why you mention unmounting it. :?
It isn't necessary to unmount [or is the proper term dismount?] the partition.
So no problem there.

2. "Then the cookie is set either way so them follow you until you reboot."
That's true, but...
It takes little effort/time to reboot.
And I do that often and frequently.

3. "So does it really help?"
I believe it does.

4. "Okay it is gone after you reboot but that could be hours down the lane"
I'm never online for hours at a time.
Normally work in short bursts of 1/2 or 1 hour.
Normally during a single session I only go to [at most, probably] 1 website that might leave cookies I wouldn't like, so...
I go to that at the end of a session.
Anything I want to save I do at the beginning of the session, and save then.
The stuff I don't want saved is done at the end of the session and not saved.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#6 Post by nooby »

Yes one have to be that at it so them give up on following us around :)

They made comments about FaceBook and it's tracking of users today in the local news here from Finland and Sweden's TV stations.
And IDG News has texts about it too. Some 60% disapprove of the latest policies of FB. Them abuse our privacy many seems to think.

so it is sad that such people should have that much power over us.
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply