Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Jul 2014, 01:53
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Evercookies: extremely persistent browser cookies
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 4 [50 Posts]   Goto page: 1, 2, 3, 4 Next
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10927
Location: Arizona USA

PostPosted: Fri 15 Oct 2010, 16:55    Post subject:  Evercookies: extremely persistent browser cookies  

http://www.schneier.com/blog/archives/2010/09/evercookies.html
Quote:
Evercookies

Extremely persistent browser cookies
:
WARNING -- When you visit this site, it stores an evercookie on your machine.

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Specifically, when creating a new cookie, it uses the following storage mechanisms when available:

* Standard HTTP Cookies
* Local Shared Objects (Flash Cookies)
* Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
* Storing cookies in Web History (seriously. see FAQ)
* HTML5 Session Storage
* HTML5 Local Storage
* HTML5 Global Storage
* HTML5 Database Storage via SQLite

And the arms race continues....

The safest way I know to check out the website linked to at the top of the quote would be to boot Puppy from a live CD with the puppy pfix=ram boot option. Alternatively, boot from a multisession DVD and don't save to it when you shut down.
Back to top
View user's profile Send private message 
rian


Joined: 03 Oct 2010
Posts: 63

PostPosted: Fri 15 Oct 2010, 17:24    Post subject:  

Well... I hope Mozilla is on this... a new browser option under the cookie section to prevent "evercookies" from being set... Until everyone starts using them (Hulu, YouTube, Google et al) and we can't get sites to run without allowing them...! Then there'll have to be a cleaner to wipe them... they're starting to sound like viruses and rootkits!
Back to top
View user's profile Send private message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Sat 16 Oct 2010, 04:29    Post subject: Noscript  

I presume something like Noscript kills this stone dead?

Two problems with that. When you whitelist or allow a site in Noscript how do you know it won't have evercookies?

When I try and add Noscript to Seamonkey in fairly recent Puppies it doesn't work. (Does anyone know which version of Noscript works with 1.1.18 SM?)

Presumably a script could be written in Linux to look at creation times and dates after you close a browser and just delete anything stored in those various locations?

Or maybe you could mount a virtual filesystem at the start of a browsing session and delete it when you have finished? You'd have to put all the cookies and URLs you wanted to keep somewhere else though.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 16 Oct 2010, 09:04    Post subject:  

In another thread I tried to remember a program that was supposed to delete almost anything. I failed to remember it then but it could be a windows version of CClean or CCleaner? Something like that.

Maybe that one has updatd to clean out such evercookies?

I only wild guess?

But it seems to be an arms race indeed. We will have to accept them or else they block us from looking at the page.

Wow we have to talk to politicians that there should be laws and filter for such cookies set up on every ISP in a country or that ISP would loose license to have internet access.

We have to go together in strong consumer organizations and fight back this total control society we are heading into.

I get angry. Why should one need to be an expert to protect against such nasty things they set up?

The developers doing it should be fined a huge sum for accepting to create such code. .

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Terryphi


Joined: 02 Jul 2008
Posts: 759
Location: West Wales, Britain.

PostPosted: Sat 16 Oct 2010, 09:29    Post subject:  

Someone posted a comment to this article in The Register
http://forums.theregister.co.uk/forum/1/2010/09/23/invulnerable_evercookies/ and claimed that evercookies do not work when Opera is used in privacy mode.
Back to top
View user's profile Send private message Visit poster's website 
dogle

Joined: 11 Oct 2007
Posts: 328

PostPosted: Sat 16 Oct 2010, 17:35    Post subject:
Subject description: "Bar room lawyers assemble!"
 

Thanks, Terryphi.

Hmm, addressing the lawyers (bar room or otherwise) in our happy band, what criminal charges might you or I face if we sought to interfere with someone else's computer without their consent (or even knowledge)?

Minor Pentagon-hackers appear to get crucified, even outwith the USA.

Wherever you are, what is your own state's legal position on interfering with someone else's kit? I could go to jail if I sought covertly to tweak your box - does BigBiz get away with this somehow?
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 17 Oct 2010, 19:50    Post subject:  

I noticed that Firefox is using sqlite now to store cookies, which can get added to a clean-up script. It's also being used for history.

/root/.mozilla/firefox/wsscx6ug.default/cookies.sqlite
/root/.mozilla/firefox/wsscx6ug.default/cookies.sqlite-journal


To see what gets changed, touch /tmp/mark before loading browser, and then:

Code:

#!/bin/sh
find /root/.mozilla -newer /tmp/mark -not -type d > /tmp/list 
cat /tmp/list


Note: Some of the changed files are necessary for add-ons, etc, so be sure to back them up before deleting. No problem with the cookie files, though.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 19 Oct 2010, 18:43    Post subject:  

I appreciate Flash posting this information.

A cookie is a tracking device and is of little value to the stalker who designed it if it doesn't
last long.

For example; if someone installed a GPS tracking device on your car and you removed it
two miles later, it had little value to the tracker. Moreover once removed it has zero value to
the tracker.

Prior to my learning about this wicked cookie I have been practicing 'good house keeping'
regarding my browser. Specifically, the following is how I run the browser clean.

By way of script
    delete the flash information
    delete all browser .sqlite files
    delete all browser cache

I do this a few times a day on a 'hard day browsing'

Also, every couple weeks I delete the mozilla profile and built it from scratch. This might
seem a lot of work, but once a system is developed, it only takes a few minutes.

The article Flash linked to doesn't say how to remove the evercookies, but the house
keeping advice posted would delete them, along with web bugs, super cookies and
whatever.

~~~~~~~~~~~~~~~~~~~~~

Note: If the user wants to keep some specific cookies, there are a variety of ways of doing
this and still keep things clean.

~~~~~~~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 20 Oct 2010, 06:27    Post subject:  

Thanks Bruce that is good to know.

And I sure trust you guys are that "savvy" to be able to set it up.

and maybe all newbies except me can follow the instruction but I feel very unsure if I am able to.

so I would appreciate if many of us try these advices out and tell as much as possible what puppy we tried it on.
If we have the browser outside of the pupsave or not?

Which script we used and step for step how one set it up.

And to end it all.

I heard about FaceBook that they kind of have build a database with "contacts" of all their users.

So even if you and me are serious about our email addresses and so on. Facebook know our email addresses telephone numbers maybe even if we never have been on facebook through our friends and relative sharing their contact lists with facebook who share it with their partners.

So these evercookies maybe is even more sinister than we think now. Through the accumulative databases they know about us even if we delete everything. Because out friends tells them about us.

They did a lot of tests giving evidence for this to be true. Using persons that never had been at FB and FB still had several of their friends showing up.

and worse. Even if one give a totally fake name and address and fake birthday FB still knows who you are through the MAC address of the hardware you use and the IP range.

So one would need to go to a public library and give false data to them or else them would unknowingly reveal your true identity to FB.

I red this on BBC if my memory not fails me. yes here it is

http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/10/not_on_facebook_facebook_still.html

Quote:
If you hate the idea of social networking and have never been on Facebook, then Facebook knows nothing about you. Correct? So how come when you set up a profile on the social network for the first time, it can suggest friends for you?


_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3400
Location: West Lothian, Scotland, UK

PostPosted: Wed 20 Oct 2010, 07:03    Post subject:  

In this thread at the PC-Guide forums [at least I think it was there], I first saw mention that an evercookie stores itself in many [8 listed here] different/diverse locations...
And only one need remain un-eliminated for the evercookie to restore all [8?] locations.

Hence you MUST eliminate all to finish it off. Sad

What I do is...
Use a pupsave on a Flash Drive...
And make the necessary configuration and code change...
So I can choose to NOT SAVE back to the pupsave [neither during, nor at shut-down] any changes made to the session.

And naturally, I keep backups of all the various pupsaves at various points in time.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 20 Oct 2010, 07:20    Post subject:  

Sylvander that seems to be a practical way to stop such then.

The evercookie is only written to these places that all of them only exists in RAM until the write to pubsave is activated.

Where do you save the emails you want to keep then? Oh maybe you only use webmail?

Have you placed Seamonkey or ThunderBird outside of pupsave and them save on the HDD?

But does not one of the evercookie save as bookmarks something hidden. I dont' remember they have tried to be clever I heard.


But maybe you use CD/DVD and never save to HDD?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3400
Location: West Lothian, Scotland, UK

PostPosted: Wed 20 Oct 2010, 09:12    Post subject:  

1. Shortly after beginning to use Puppy...
I began using smm ["SaveMyModem"] to look at my emails whilst they are still on the POP3 server.
Almost all are deleted whilst still on the server.

2. If I ever need to fetch any emails onto the PC...
At this time...
I will boot into my old operating system [Win2000Pro], which is installed to the 1st partition on the 1st internal HDD....
And use Outlook Express to fetch them, and store them all in that location.
Actually I moved the storage folder [and various other things] off the Windows partition [C:]...
To a suitably named folder on D: [2nd partition on the 1st HDD].
[So I can restore the Windows partition without any of the "Moved" items being affected]
There is definitely an advantage to keeping all the fetched emails, and the address book, all in one location.

3. When I first began using Puppy...
I installed Thunderbird...
And began fetching some->[certain_chosen_type_of] emails into that Puppy [a full install of Boxpup-413]...
Except I moved the Thunderbird storage folder off the Boxpup filesystem, and symlinked back...
So that I could restore a backup of the Boxpup folder system without losing recent emails [they would be untouched by the restore].

4. I've since migrated to a newer PC...
And haven't yet got around to installing Thunderbird on any of my Puppies:
[6-off 1GB pupsaves, each in 1 of 6-off 1.3GB partitions, on an 8GB Flash Drive] plus...
[6 suitably named Puppy folders, in the root folder of the 2nd of my 2 internal HDD's].
So far I've COPIED 3 of the pupsaves from their partition on the Flash Drive, into their own folder on the internal HDD.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 20 Oct 2010, 10:59    Post subject:  


Edit

Sorry I lure us to go off topic. We have to take this by private message instead Okay.



Hi, Sylvander.

Quote:
Posted: Wed 30 Dec 2009, 08:55
1. I'd like to see a good Puppy replacement for Mailwasher.

I use SaveMyModem [smm], but it isn't quite as good as Mailwasher.
e.g. Cannot copy and paste [or click] URL's to easily go to a webpage.
No means to set a rule for hiding [and deleting] emails from a particular sender or domain.


so there is no good replacement for Mailwasher then?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1087
Location: England

PostPosted: Wed 20 Oct 2010, 11:35    Post subject:
Subject description: Mailwasher
 

Hi nooby,

Mailwasher works well with Wine. I continue to use version 2.0 which is ancient, but the current version also works well.

A possible disadvantage is that the free version can only access one email account.

My regards
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3355
Location: Oregon

PostPosted: Wed 20 Oct 2010, 12:41    Post subject:  

Anyone know if a plugin called Better Privacy works?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 4 [50 Posts]   Goto page: 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0995s ][ Queries: 12 (0.0041s) ][ GZIP on ]