funsec mailing list archives
Re: Firefox' privacy mode not so private
From: <Toralv_Dirro () McAfee com>
Date: Tue, 15 Sep 2009 09:31:34 -0500
With all those webvideo sites around nowadays it is kinda hard to sound convincing when stating "I don't use flash" :) For the missing deterioration: That's one of the reasons I still follow this list cheers, Toralv ________________________________ From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Imri Goldberg Sent: Tuesday, September 15, 2009 4:11 PM To: funsec () linuxbox org Subject: Re: [funsec] Firefox' privacy mode not so private I have to say, I'm surprised that this discussion hasn't deteriorated to: Reply 1: I don't use flash Reply 2: I don't use gui browsing, it's text based browsing for me Reply 3: etc... a-la http://xkcd.com/378/ . On Tue, Sep 15, 2009 at 3:18 PM, <Toralv_Dirro () mcafee com<mailto:Toralv_Dirro () mcafee com>> wrote: You can configure Flash directly by visiting http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html (Website Privacy Settings / Website Storage Settings) And while you're there, there are lots of other settings you may want to adjust... cheers, Toralv ________________________________ From: funsec-bounces () linuxbox org<mailto:funsec-bounces () linuxbox org> [mailto:funsec-bounces () linuxbox org<mailto:funsec-bounces () linuxbox org>] On Behalf Of Imri Goldberg Sent: Tuesday, September 15, 2009 1:40 AM To: funsec Subject: [funsec] Firefox' privacy mode not so private Heya It seems this was some kind of a 'known secret', but firefox' privacy mode isn't private. Apparently, websites[1] can use flash to store 'Local-Shared-Objects' (LSOs, see http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically cookies. Firefox' regular capabilities of 'clear all private data' and 'privacy mode', which supposedly don't leave any record of your browsing history, don't erase these files. Simplest solution: erase the files. Other solutions: install BetterPrivacy (disclaimer: I didn't use it enough to vouch for it), uninstall flash (and delete the files), install a flash-blocker, etc. I've also written a short blog post on the subject, you can also leave your comments there: http://www.algorithm.co.il/blogs/index.php/security/privacy-mode-not-so-private/ Cheers, Imri [1] websites include at least google and youtube, various cdns (which may be used by multiple websites), etc. -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/<http://www.algorithm.co.il/blogs/> -------------------------------------- -- insert signature here ---- ________________________________ Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444 -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/<http://www.algorithm.co.il/blogs/> -------------------------------------- -- insert signature here ---- ________________________________ Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Firefox' privacy mode not so private Imri Goldberg (Sep 14)
- Re: Firefox' privacy mode not so private Paul Ferguson (Sep 14)
- Re: Firefox' privacy mode not so private Reed Loden (Sep 14)
- Re: Firefox' privacy mode not so private Valdis . Kletnieks (Sep 15)
- Re: Firefox' privacy mode not so private Toralv_Dirro (Sep 15)
- Re: Firefox' privacy mode not so private Imri Goldberg (Sep 15)
- Re: Firefox' privacy mode not so private Toralv_Dirro (Sep 15)
- Re: Firefox' privacy mode not so private der Mouse (Sep 15)
- Re: Firefox' privacy mode not so private Imri Goldberg (Sep 15)
- Re: Firefox' privacy mode not so private David Lodge (Sep 15)
- Re: Firefox' privacy mode not so private Nick FitzGerald (Sep 15)
- Re: Firefox' privacy mode not so private Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 15)
- Re: Firefox' privacy mode not so private Nick FitzGerald (Sep 15)