Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 18 Apr 2014, 01:27
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Evercookies: extremely persistent browser cookies
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 4 [50 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10662
Location: Arizona USA

PostPosted: Wed 20 Oct 2010, 12:45    Post subject:  

nooby wrote:

Edit

Sorry I lure us to go off topic. We have to take this by private message instead Okay.

Please don't do that, it makes the forum less useful. Start a new thread for the new topic instead. Smile
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3219

PostPosted: Wed 20 Oct 2010, 13:24    Post subject:  

8-bit wrote:
Anyone know if a plugin called Better Privacy works?


http://murga-linux.com/puppy/viewtopic.php?t=60978
Back to top
View user's profile Send private message 
calexand

Joined: 20 Nov 2009
Posts: 87

PostPosted: Wed 20 Oct 2010, 15:01    Post subject:  

Hello all,
BleachBit 0.8.1-1 deletes EverCookies on Firefox version 3.6.9 and later, only useful with FF. I installed bleachbit_0.8.1-1_all_ubuntu1004.deb in PuppyStudio2.1 (luci/lupu 5.07) and it works perfectly.
CA
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10662
Location: Arizona USA

PostPosted: Wed 20 Oct 2010, 15:47    Post subject:  

How do you know it got rid of 'em all?
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Wed 20 Oct 2010, 18:54    Post subject:  

Quote:
evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser.

Ugh. Some people really need to be dipped in a vat of boiling oil. Mad

Quote:
Wow we have to talk to politicians that there should be laws and filter for such cookies set up on every ISP in a country or that ISP would loose license to have internet access... We have to go together in strong consumer organizations and fight back this total control society we are heading into.


Geez, nooby, if you don't like total control, don't go running to government for every little thing! Rolling Eyes

Quote:
By way of script

delete the flash information
delete all browser .sqlite files
delete all browser cache


I do this a few times a day on a 'hard day browsing'

I don't do anything at all. I just wonder if there is any good for the user in cookies, or if they are all bad. Or if they are nothing much, one way or the other? Every time I have read about them I haven't seen the need for concern, but maybe I'm not paranoid enough? If I go around deleting all my cookies, I wonder what utility from them I would lose, not to mention now having to worry about evercookies?

What's the worst way cookies are abused? I want to know if I should get exercised about them...
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 20 Oct 2010, 19:11    Post subject:  

Quote:
What's the worst way cookies are abused? I want to know if I should get exercised about them...


Commercial data collection and redirection.

By reading your browser habits you might be redirected by
a specific site to pages they feel more likely to encourage you to spend money.

I should imagine that security agencies also periodically scan and sift browsing habits to see if you are reading 'Jihad for fun and prophet'.
So the latest spook data mining project is probably using cookies and supercookies as part of their arsenal. I have no evidence for this but it would seem sensible.

Does not worry me. Does not need to worry the average Puppy.

Tin-hats are quaking at the possibilities of data collection imaginings . . . Rolling Eyes

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
calexand

Joined: 20 Nov 2009
Posts: 87

PostPosted: Wed 20 Oct 2010, 19:11    Post subject:  

@ Flash--I don't know personally. They did (do?) have a demo on their web site regarding such removals.
Have used this, in various versions, for months. Works very well!
CA
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3277
Location: Oregon

PostPosted: Wed 20 Oct 2010, 19:26    Post subject:
Subject description: Flash style browsing
 

If I make a multisession DVD of Puppy and run it like Flash does and select DO NOT SAVE when I shut down, will those Evercookies disappear as I have not saved the session?
In other words, save downloads to a USB Flash drive or hard drive and nothing else for truly safe browsing.
Back to top
View user's profile Send private message 
calexand

Joined: 20 Nov 2009
Posts: 87

PostPosted: Wed 20 Oct 2010, 19:47    Post subject:  

@ Flash--http://bleachbit.sourceforge.net/news/bleachbit-081-evercookie

This is the site with the EverCookie removal test/example.
Also appears to now work with other browsers (YMMV).
CA
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10662
Location: Arizona USA

PostPosted: Wed 20 Oct 2010, 23:19    Post subject:
Subject description: Flash style browsing
 

8-bit wrote:
If I make a multisession DVD of Puppy and run it like Flash does and select DO NOT SAVE when I shut down, will those Evercookies disappear as I have not saved the session?
In other words, save downloads to a USB Flash drive or hard drive and nothing else for truly safe browsing.

If you don't save when you shut down, where could the cookie be saved? Conceivably it could be saved on any drive that gets mounted during the session, but that would require a truly awesome level of sophistication on the part of the cookie designers. Why would they bother? I guess the NSA could be monitoring your computing habits with them.
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3219

PostPosted: Thu 21 Oct 2010, 03:28    Post subject:  

I'm concerned about ANY vulnerability that enables some clown to plant whatever on my computer hoping to enrich themselves. My own approach to a secure environment containing sensitive data consists of a pen drive running a cheapo laptop with no OS or mounted drives, using self-written apps where the data is immediately removed into a remote encrypted file.

basic .mozilla, .macromedia script: kill browser; remove anything added; restore anything changed (alter to suit).
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11049
Location: The Peoples Republic of California

PostPosted: Thu 21 Oct 2010, 19:24    Post subject:  

jpeps wrote:
I'm concerned about ANY vulnerability that enables some clown to plant whatever on my computer hoping to enrich themselves. My own approach to a secure environment containing sensitive data consists of a pen drive running a cheapo laptop with no OS or mounted drives, using self-written apps where the data is immediately removed into a remote encrypted file.

basic .mozilla, .macromedia script: kill browser; remove anything added; restore anything changed (alter to suit).


Hi jpeps,

I wish we had two forum sections for our Security section, (1) for Security and (2) for
Privacy

Since time began, websites have been able to write cookies via our browsers. Maybe the
intent was benign, it doesn't matter. There are ways to thwart this behavior and if I can offer
tips about some of the things I've done, please let me know.

In my opinion this is not a security vulnerability, rather a privacy exploit. It is a cookie
which is a tracking device. But It is clearly not a nice cookie. It's the kind of things bad
guys do: stalk us.

Now that we know about it, the power can be back in our hands. If anyone wants help
getting their power back because they don't know how, please write, I'll try and help.

I wish I didn't have to write what I'm about to write, but for the sake of those generally
interested, well, our movements are already being tracked quite effectively. This happens
even without the presence of cookies.

And for those concerned there is a lot we can to about it. Actually, with some work, it is
pretty feasible to be virtually unknown on the Internet.

Kind regards,


Bruce

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11049
Location: The Peoples Republic of California

PostPosted: Thu 21 Oct 2010, 19:37    Post subject:  

PaulBx1 wrote:
Every time I have read about them I haven't seen the need for concern, but maybe I'm not paranoid enough?


Paul,

Mostly you are correct. The 'need for concern' is that stalkers are able to track you across
multiple domains. This means basically, they can collect a lot of data on you.

But they collect data an hundreds of millions of web users.

My reason for wanting to mess with their operations is primarily because I don't like
Stalkers, Peeping Toms or someone 'reading over my shoulder'.

I think it boils down to personal preferences or perhaps in my case personal pleasure.
Meaning I enjoy thwarting them.

PaulBx1 wrote:
If I go around deleting all my cookies, I wonder what utility from them I
would lose, not to mention now having to worry about evercookies?


My practical approach is focused not so much on deleting cookies, rather on saving
cookies I want to save.

For an example, I have to sign into some sites, so I save those cookies.

Remember that a script associated with an icon takes literally less than a second to run
and clean things up. So it is super easy work.

Albeit writing the script requires some thought.

In all candor, I think your life and online life will be the same regardless of your cookies.
Except, if you start noticing advertisements which seem too close to who you are and your
interests, then, well, someones got you figured.

Best regards,


Bruce

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Tue 26 Oct 2010, 11:50    Post subject:  

Quote:
I'm concerned about ANY vulnerability that enables some clown to plant whatever on my computer hoping to enrich themselves.


Yeah, Heaven forbid that anyone should make a profit. Wink

Quote:
Except, if you start noticing advertisements which seem too close to who you are and your interests, then, well, someones got you figured.


I have noticed that, but rarely. But who cares? Someone offers me stuff that I then decline to buy. Happens every time I walk into a grocery store.

It can get to the level of an annoyance. Half my emails are offers to buy reproductive help, which I don't need yet. Smile But even that is a 30-second job to throw them away.

It's funny, on other matters I am a privacy fanatic. I hate the proliferation of cameras in public, and am eagerly awaiting the day when people shoot them down with .22 rifles. I hate the banks reporting to the government, and the tracking of credit card transactions, and of phone records. I hate the notion I'm supposed to run everything by some bureaucrats when I want to do something with my property; and I didn't bother to register with the authorities when we decided to homeschool (none of their damn business), and if I carry a gun or not is also nobody's business but my own. But I guess I just look at the Internet as being out in the public. I can see other people, and they can see me. And it's not like my opinions aren't out there, scattered all over the Internet. Everyone who has seen my stuff knows I am an anarchist and that I think the ruling class are a bunch of lowlife scum and parasites. No privacy there...

The thing I don't like about these evercookies is the notion that some outside agency can do things to my computer that I don't know about and don't approve. If they can store cookies in hidden recesses of my OS, they can store kiddie porn there too. It's not a privacy issue so much as an issue of control of your stuff.

Quote:
My practical approach is focused not so much on deleting cookies, rather on saving cookies I want to save.

For an example, I have to sign into some sites, so I save those cookies.

But, does that work with evercookies? Do they even bother to ask you?

What is the mechanism for saving cookies you want to save? I'm not aware one has that fine a control of it. Maybe I'm missing something.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10520
Location: SwedenEurope

PostPosted: Tue 26 Oct 2010, 13:57    Post subject:  

Here is something related.

If you are on an open hot spot say Cafee or Library, some transport station Lobby? or Hotel Lobby or company that allow you to surf on their wireless.

Then there exists now this week an addon to Firefox that allow people to catch the cookies that a lot of sites makes use of.

Facebook

Google log in
Yahoo login

Twitter

and many more.

Just some 30 seconds and they have same username and log in as you just gave and some say it helps to use https and some say that does not protect you.

So we have to look into that one too. It was some guy that released it on a conference this week or week before. Very many have already downloaded the exploit.

So easy that every school kid can use it.

Very sad situation because I bought a computer and a smartphone for to use on such open access points and not that is to no usage almost because they can access all I do using that free program.

It is mention all over the many sites that tells such things.

PCWorld? CNet, BBC, CNN I trust everybody has it.

Both our biggest Tabloids had it today.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 4 [50 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0872s ][ Queries: 11 (0.0059s) ][ GZIP on ]