If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote: On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote: How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. That is not true. Firefox now includes an automatic identifying cookie for Google with a unique ID number, AND it is intrinsic to Firefox, you don't even have to visit google to get it! The official story is that it is there so your privacy preferences can be transferred to Google and sites in Google's sphere of influence. Check it out yourself Google.com and it is called NID You can delete it and it returns again and again. It is an encrypted cookie - each time you open FF and visit google it is a different value, but I haven't found anyway to stop it even with Google blacklisted in the options. If I start FF with the usual cookie blocker extensions in place the google cookie will be missing until I click on google, if I disable all extensions (FF "safe mode") the google cookie will be present BEFORE I visit google. (or any site) |
Ads |
#2
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Sun, 9 Dec 2018 10:05:34 -0500, Keith Nuttle
wrote: On 12/9/2018 2:50 AM, default wrote: On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle wrote: On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote: How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. That is not true. Firefox now includes an automatic identifying cookie for Google with a unique ID number, AND it is intrinsic to Firefox, you don't even have to visit google to get it! The official story is that it is there so your privacy preferences can be transferred to Google and sites in Google's sphere of influence. Check it out yourself Google.com and it is called NID You can delete it and it returns again and again. It is an encrypted cookie - each time you open FF and visit google it is a different value, but I haven't found anyway to stop it even with Google blacklisted in the options. If I start FF with the usual cookie blocker extensions in place the google cookie will be missing until I click on google, if I disable all extensions (FF "safe mode") the google cookie will be present BEFORE I visit google. (or any site) Cookies are not logon credential. It is getting so that every site you visit puts cookies into your browser. What makes this insidious is that it is a unique identifier. Each copy of FF has a unique cookie. If you have gmail, google groups and a profile, etc., that cookie is tied to your name, address and so forth assuming you handed that data to google at some point. We should also assume that doubleclick, the tracking site, now owned by google, also makes those connections. All web sites may use cookies, but they can't tie it to you unless you've logged in and they have your information. Normal cookies can be eliminated on a site by site basis, but not this one. Normal cookies can be cleared when you exit the FF browser, normal cookies follow the exceptions table that you set to block certain sites... I forget when this one was introduced in FF, but for a time some cookie extensions could trash it, not any more or none that I've found. I use K-Meleon instead of FF but some sites won't work with it, or I haven't found a work-around. Why would you care? Well there are some marketing web sites (many of the book a trip on-line ones do it) and they adjust the prices you see based on your browsing history, where you live, and/or how much money you have (hypothetically derived from your tastes and past purchases). That's assuming you aren't doing anything criminal or have some sexual, religious, political, or ideological bent that you might want to keep to yourself. |
#3
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Sun, 9 Dec 2018 13:20:34 -0500, "Mayayana"
wrote: "default" | We | should also assume that doubleclick, the tracking site, now owned by | google, also makes those connections. | | All web sites may use cookies, but they can't tie it to you unless | you've logged in and they have your information. It's much worse than that. Unless you block Google, google analytics, fonts, etc in your HOSTS file then google (and probably a 1/2 dozen other entities) is following you everywhere you go. It's no problem to get your ID from that data. That's what their whole business model is: To collect as much as possible and find out as much as possible from that. Do you not remember the AOL leak some years ago? I've forgotten the details, but a journalist demonstrated how the "anonymous" data could easily be used to identify specific people. That's what computers are for. There's no such thing as anonymous. There's only the possibility of reducing the data collection. | Why would you care? Well there are some marketing web sites (many of | the book a trip on-line ones do it) and they adjust the prices you see | based on your browsing history, where you live, and/or how much money | you have (hypothetically derived from your tastes and past purchases). | That's assuming you aren't doing anything criminal or have some | sexual, religious, political, or ideological bent that you might want | to keep to yourself. Again, you're understating the case. Most commercial sites will customize if they know who you are. Even things like duckduckgo. You'll see different search results if you enable script and cookies. That's part of the Facebook scandal: They customize each person's "news" in order to titillate and get people to stay on the site longer. Google also customizes news. I stopped looking at their news years ago because of that. Every time I think I'm getting too paranoid I'll see something that suggests I'm no where close to paranoid, it is actually much worse than I thought. News-wise its better to hit Reuters, AP, BBC than let Google or youtube tell you what they think you want to hear. I probably spend more time vetting the sources of the news than I do reading it. "studies show... etc." What studies, who did the study, what was their stated agenda, how biased is the source, what questions were asked, what was the socio-economic status of the questioned, how were they selected, how large is the study, what part(s) of the country/countries were polled, etc.? Another interesting thing I found with using google search engine was that if I put the boolean operators in the search string manually I got different results than when Google does it. (using Google "advanced search") |
#4
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 ¤£*ɶU! ¤£¶BÄF! ¤£½ä¿ú! ¤£´©¥æ! ¤£¥´¥æ! ¤£¥´§T! ¤£¦Û±þ! ¤£¨D¯«! ½Ð¦Ò¼{ºî´© (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#5
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:
How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. -- 2018: The year we learn to play the great game of Euchre |
#6
|
|||
|
|||
browsers SECRETLY storing your login credentials?
On 12/9/2018 9:59 PM, Keith Nuttle wrote:
On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote: How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. No, I am just curious how regular users could find out the truth. I just handily picked Firefox as an example! It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. I don't store passwords in browsers. But I was just wondering whether browsers could be lying about privacy and security. Most users just cannot find out, but to the trust the claims of those browsers. -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 ¤£*ɶU! ¤£¶BÄF! ¤£½ä¿ú! ¤£´©¥æ! ¤£¥´¥æ! ¤£¥´§T! ¤£¦Û±þ! ¤£¨D¯«! ½Ð¦Ò¼{ºî´© (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#7
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 12/9/2018 2:50 AM, default wrote:
On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle wrote: On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote: How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. That is not true. Firefox now includes an automatic identifying cookie for Google with a unique ID number, AND it is intrinsic to Firefox, you don't even have to visit google to get it! The official story is that it is there so your privacy preferences can be transferred to Google and sites in Google's sphere of influence. Check it out yourself Google.com and it is called NID You can delete it and it returns again and again. It is an encrypted cookie - each time you open FF and visit google it is a different value, but I haven't found anyway to stop it even with Google blacklisted in the options. If I start FF with the usual cookie blocker extensions in place the google cookie will be missing until I click on google, if I disable all extensions (FF "safe mode") the google cookie will be present BEFORE I visit google. (or any site) Cookies are not logon credential. It is getting so that every site you visit puts cookies into your browser. -- 2018: The year we learn to play the great game of Euchre |
#8
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote: On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote: How could we find out whether browsers are secretly storing your login credentials? Where is the guarantee? Where is the certification? Quite trying to trash Firefox by implying that it is doing something unwanted. With Firefox you have complete control. It is no secret what Fire fox does. Go to Options. Privacy and Security. Check "Ask to Save logins and Passwords" While there go to saved password and delete all saved passwords. You will then have use the significantly more secure method of managing your password with sticky note attached to your monitor. It's much the same with Google Chrome. The user can make use of its storing of passwords, and other information, or not. -- Shill #3. Los Angeles Branch. Strategic Writer, Psychotronic World Dominator and FEMA camp counselor. https://c2.staticflickr.com/4/3618/5...202191d3_b.jpg All hail the taco! http://www.taconati.org/ |
#9
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
"default" wrote
| Check it out yourself Google.com and it is called NID You can delete | it and it returns again and again. It is an encrypted cookie - each | time you open FF and visit google it is a different value, but I | haven't found anyway to stop it even with Google blacklisted in the | options. | Interesting. And seemingly unprecedented. You mean that you get it even if you block Google cookies? What if you block all cookies? I see that cookie but I only acccept cookies for the session, and then only in Firefox. (I normally use Pale Moon.) So Google never gets a chance to read it back. (I'm also only using FF 52. Based on their release schedule, with the current version being 64, I guess 52 must be at least 10 days old. I also found other cookies from Mozilla that I never noticed before. They were loading at startup. "moz-attribution-stub", which seems to have a unique ID and expired last August. Maybe an install marker. When I deleted cookies.sqlite it didn't come back. (FF regenerates cookies.sqlite.) I wouldn't assume Firefox is being honest. Certainly better than Google and Microsoft. They at least aspire to high ideals. But Google is their master. They're addicted to hundreds of millions of dollars yearly budget and nearly all of that comes from Google. They're also under increasing pressure to join the fad of push services online. Many would consider it a great feature if Firefox reminded them to buy toothpaste or take out the rubbish. And they have to be intrusive to offer such conveniences. The Google cookie looks like that kind of thing. Of course the problem with that is that people are not told and it's usually not opt-in. Increasingly, one needs to keep an eye on new settings for push, geo-location, etc., to make sure you haven't had them secretly enabled. |
#10
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
"default"
| We | should also assume that doubleclick, the tracking site, now owned by | google, also makes those connections. | | All web sites may use cookies, but they can't tie it to you unless | you've logged in and they have your information. It's much worse than that. Unless you block Google, google analytics, fonts, etc in your HOSTS file then google (and probably a 1/2 dozen other entities) is following you everywhere you go. It's no problem to get your ID from that data. That's what their whole business model is: To collect as much as possible and find out as much as possible from that. Do you not remember the AOL leak some years ago? I've forgotten the details, but a journalist demonstrated how the "anonymous" data could easily be used to identify specific people. That's what computers are for. There's no such thing as anonymous. There's only the possibility of reducing the data collection. | Why would you care? Well there are some marketing web sites (many of | the book a trip on-line ones do it) and they adjust the prices you see | based on your browsing history, where you live, and/or how much money | you have (hypothetically derived from your tastes and past purchases). | That's assuming you aren't doing anything criminal or have some | sexual, religious, political, or ideological bent that you might want | to keep to yourself. Again, you're understating the case. Most commercial sites will customize if they know who you are. Even things like duckduckgo. You'll see different search results if you enable script and cookies. That's part of the Facebook scandal: They customize each person's "news" in order to titillate and get people to stay on the site longer. Google also customizes news. I stopped looking at their news years ago because of that. |
#11
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , Mayayana
wrote: ...There's no such thing as anonymous. There's only the possibility of reducing the data collection. there is, and it's called differential privacy. |
#12
|
|||
|
|||
You get out of the game (Was: Firefox SECRETLY storing your login credentials?)
In article , Wolf K
wrote: What's changed is that the data tied to us is being stored by people we don't know, in databases to which we ourselves have no access, which we can't change or expunge, and which are being used for purposes we haven't permitted. public data is just that, public, which means people you don't know can (and do) access it for whatever reason they want, no permission needed, and there's *nothing* you can do about it. that has *always* been the case with public data. private data *should* be private, but companies don't give a **** about security so that too becomes public (equifax, marriott, etc.). it costs more to properly secure their systems versus pay whatever penalties, so they don't bother. equifax *made* money from their data breach. what's changed is that it's now *much* easier to access that data than it's ever been before, and no longer impractical to copy *all* of it. |
#13
|
|||
|
|||
You get out of the game (Was: Firefox SECRETLY storing your login credentials?)
"Wolf K" wrote
| What's changed is that the data tied to us is being stored by people we | don't know, in databases to which we ourselves have no access, which we | can't change or expunge, and which are being used for purposes we | haven't permitted. | I think that the more critical changes a * Computerization of the records. * Computers used in everyday activities. In the old days your phone company didn't know where you were at any given time and the books/newspapers you read didn't report your reading habits to an advertising company. Your car didn't know your driving habits. Your frig didn't know your shopping habits. There was no Amazon supermarket that would offer you $1 off the product whose price they just jacked up by $2 in exchange for allowing them to follow you around and spy on you. But what's made all of this such a problem is the ease of access and cross-referencing. Because it's all computerized. Like you say, your grocer knew your likes and dislikes before. But that was between you and him. It was all personal relationships, and records, if they existed, were kept on paper in file cabinets. Google's cookies would mean nothing if they were stored in file cabinets. They'd only serve what they were meant for: To carry forward data from one page when you go to the next. Instead, with interconnected databases, their cookies become part of a vast and highly efficient spyware system. | It's possible to change this regime, but it will take regulation of big | business, as the EU has begun to do with its data protection laws. But | big business will do everything it can to prevent America from following | suit. After all, our purpose in life is to serve business, to provide | profits. It's the American Way! | I think you're right. But even the EU is being mamby pamby about it. And it's not just big businesses. Gov't beancounters also don't want you to have privacy. 3rd-party content needs to be illegal to begin with. They need to be stopped from even collecting the data. It needs to be illegal for your TV or your car to collect data. They're doing it now only because they can and you don't see it happening. There was an interesting article awhile back about Estonia: https://www.newyorker.com/magazine/2...gital-republic Your data is accessible to anyone who needs it. There's a general rule that anything needs to be entered only once. Once you've typed in your birthday, you never have to do it again. It's all centralized. At the same time, anyone who accesses your data is recorded and they'd better have a damned good reason or face criminal charges. It seems like a solution for the future, but I wonder whether it can really work. If people can access your credit card and passport info, job history, daily schedule, etc then how can it be made non-exploitable? Maybe Estonians just don't have anything that anybody wants? I don't know. |
#14
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 2018-12-09, Mayayana wrote:
"default" | We | should also assume that doubleclick, the tracking site, now owned by | google, also makes those connections. | | All web sites may use cookies, but they can't tie it to you unless | you've logged in and they have your information. It's much worse than that. Unless you block Google, google analytics, fonts, etc in your HOSTS file then google (and probably a 1/2 dozen other entities) is following you everywhere you go. It's no problem to get your ID from that data. That's what their whole business model is: To collect as much as possible and find out as much as possible from that. Do you not remember the AOL leak some years ago? I've forgotten the details, but a journalist demonstrated how the "anonymous" data could easily be used to identify specific people. That's what computers are for. There's no such thing as anonymous. There's only the possibility of reducing the data collection. | Why would you care? Well there are some marketing web sites (many of | the book a trip on-line ones do it) and they adjust the prices you see | based on your browsing history, where you live, and/or how much money | you have (hypothetically derived from your tastes and past purchases). | That's assuming you aren't doing anything criminal or have some | sexual, religious, political, or ideological bent that you might want | to keep to yourself. Again, you're understating the case. Most commercial sites will customize if they know who you are. Even things like duckduckgo. You'll see different search results if you enable script and cookies. That's part of the Facebook scandal: They customize each person's "news" in order to titillate and get people to stay on the site longer. Google also customizes news. I stopped looking at their news years ago because of that. All this about Firefox???? And no one mentions that a person has to login to a google account in order to be able to use the Chrome browser? Guess what that does for google, a freebie into a person's info as Chrome even states stuff is sent to its cloud for easy accessibility for the user(?). |
#15
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , lew
wrote: And no one mentions that a person has to login to a google account in order to be able to use the Chrome browser? no they don't. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|