[OT] privacy Tools

A friendly reminder for those who value privacy...
https://www.privacytools.io/

On 8/6/2016 7:04 PM, /less wrote:
A friendly reminder for those who value privacy...
https://www.privacytools.io/


Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

For Mozilla-based browsers, install the Secret Agent extension from
https://www.dephormation.org.uk/index.php?page=81. By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.

--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.

On 08/06/2016 09:28 PM, David E. Ross wrote:

[snip]

Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

In Firefox, is this any better than the GUI option (privacy tab, "keep
until I close Firefox")? It seems worse (unable to set exceptions).

[snip]

--
Mark Lloyd
http://notstupid.us/

"Atheist: A person who believes in one less god than you do." [Rev.
Donald Morgan, Atheologist]

On 8/6/2016 7:36 PM, Mark Lloyd wrote:
On 08/06/2016 09:28 PM, David E. Ross wrote:

[snip]

Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

In Firefox, is this any better than the GUI option (privacy tab, "keep
until I close Firefox")? It seems worse (unable to set exceptions).

[snip]


Yes, having exceptional cookies retained requires some work. The
following is the same for Firefox and my SeaMonkey. My home page is the
export of my bookmarks into an HTML file.

1. I terminate SeaMonkey.

2. I mark cookies.sqlite for read-write.

3. I launch SeaMonkey.

4. I visit the site whose cookies I wish to retain, navigating through
a number of that site's Web pages.

5. I return to my home page, which sets no cookies.

6. I launch the Cookie Manager via a PrefBar button imported from
http://prefbar.tuxfamily.org/buttons.html#permissionsmenu and delete
those cookies from the visited Web site that I do not want to keep.

7. I terminate SeaMonkey.

8. I mark cookies.sqlite for read-only.

This also requires periodically using the Cookie Manager to see if
cookies.sqlite contains any cookies that have expired. If there are
expired cookies, I repeat steps 1-3 and 6-8, using the Cookie Manager
to delete the expired cookies.

I know by this process that I have only those cookies that I really want.

--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.

On Sun, 7 Aug 2016 09:04:32 +0700, /less wrote:

A friendly reminder for those who value privacy...
https://www.privacytools.io/


Were I running NSA or CIA or more-secret activity, I would
certainly operate VPN privacy groups.

On Sat, 6 Aug 2016 19:28:38 -0700, "David E. Ross"
wrote:

On 8/6/2016 7:04 PM, /less wrote:
A friendly reminder for those who value privacy...
https://www.privacytools.io/


Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

For Mozilla-based browsers, install the Secret Agent extension from
https://www.dephormation.org.uk/index.php?page=81. By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.

Am I alone in the practice of deleting all cookies frequently?
What have I been missing by doing so? (better-directed ads?)

On 08/06/2016 10:28 PM, David E. Ross wrote:
On 8/6/2016 7:04 PM, /less wrote:
A friendly reminder for those who value privacy...
https://www.privacytools.io/


Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

For Mozilla-based browsers, install the Secret Agent extension from
https://www.dephormation.org.uk/index.php?page=81. By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.


Secret Agent won't work with FF48 on.

--
Caver1

On Sat, 6 Aug 2016 19:28:38 -0700, David E. Ross wrote:

... By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.

This is a clever method, but won't it invalidate session IDs? For example,
the Google search PREF cookie which contains search settings including
session ID (even when not logged in).

IME, the settings are bound to the session ID, and the session ID is bound
to the client characteristics (e.g. IP address, User-Agent, etc.) If the
characteristic is different, the session ID as well as the settings will
become invalid. The session ID will be replaced by a new one and the
settings will be reset back to default values. So, there's no way to save
the search settings.

| Am I alone in the practice of deleting all cookies frequently?
| What have I been missing by doing so? (better-directed ads?)

The only notable thing I can think of that you might
miss by deleting cookies is the ability to not have
to log in repeatedly to websites where you use a
service.

You can set cookies to delete at browser close
in Firefox. You can also block 3rd-party cookies.
That gives you all of the convenience with very
little privacy intrusion, and you don't need to
remember to delete them. You also don't need to
set them read-only or do any other special actions.

There's never been any excuse for 3rd-party
cookies. The whole system was originally designed
to make sure 3rd-parties couldn't access cookies.
Companies like Google get around that by having
their files linked from webpages. So they can't actually
access the cookie you get at somewhere.com, but
since their ads/fonts/analytics/javascript libraries are
linked from nearly all commercial websites, they can follow
you around the Internet, watching all of your movements.
In many cases they can even track how far down a
webpage you read.

There was actually an article this past week about an
attack that allows stealing data from an https webpage.
As usual, the attack requires javascript enabled. But it
also happens to require 3rd-party cookies enabled, which
is unusual:

http://arstechnica.com/security/2016...m-https-pages/

It's another case of the increasing problem of malware
launched via 3rd-party ads that can be posted on any
legitimate website, because large, commercial sites are
subcontracting their ad business to massive ad servers
that sell ad space to advertisers. All of it is done
automatically, with no human contact or human relationships,
so it's easy for malware writers to get access to mainstream
sites simply by buying ad space. They're literally paying
sites like Yahoo, NYT, etc for space to plant their malware
installer, while those sites wash their hands of both
the privacy and security problems. They're too busy
stuffing their sites with any old content... written by
young, underpaid, semi-literate interns... so that they can
host more ads... to worry about how the online ad business
works.

| This is a clever method, but won't it invalidate session IDs? For example,
| the Google search PREF cookie which contains search settings including
| session ID (even when not logged in).
|

Do you mean current search parameters or
search preferences? I search Google with script
and cookies completely disabled. It remembers
the current search parameters, presumably because
there's a session ID in the URL.

On the other
hand, if you want Google to remember your
personal preferences then you're *asking* them
to track you. If you allow Google cookies you're
asking them to track you. In that case there's
no point thinking about thwarting being tracked.
That would be like using a "loyalty card" at the
supermarket while refusing to tell them your name.
With the loyalty card they already know your
name, address, phone number and shopping history.

Mayayana wrote:

You can set cookies to delete at browser close
in Firefox. You can also block 3rd-party cookies.

That's what I do, plus a *very* small number of permanent cookies of
sites that insist and which I consider worthwhile.

That gives you all of the convenience with very
little privacy intrusion

You do on the other hand get a metric shedload of "EU cookie popups"
after every browser restart, I'm slowly building a list of adblock
element hiding rules to banish those.

On 8/6/2016 11:21 PM, masonc wrote:
On Sat, 6 Aug 2016 19:28:38 -0700, "David E. Ross"
wrote:

On 8/6/2016 7:04 PM, /less wrote:
A friendly reminder for those who value privacy...
https://www.privacytools.io/


Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

For Mozilla-based browsers, install the Secret Agent extension from
https://www.dephormation.org.uk/index.php?page=81. By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.

Am I alone in the practice of deleting all cookies frequently?
What have I been missing by doing so? (better-directed ads?)


Twice each week, I visit a Web site to view a report on open bugs
against Mozilla products. If I deleted all cookies, I would then have
to enter which columns of the report I want to see and in which order
those columns would appear.

As a subscriber to the hard-copy print edition of the Los Angeles Times,
I get free access to all of the LA Times Web edition, which otherwise
requires paid access. If I deleted all cookies, I would have to go
through the process of reconfirming that I am supposed to have that free
access to the Web edition.

For four financial institutions, retained cookies allow me access to my
accounts by logging-in without having to wait for a phone call or E-mail
message with an access code.

--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.

On 8/7/2016 2:52 AM, Caver1 wrote:
On 08/06/2016 10:28 PM, David E. Ross wrote:
On 8/6/2016 7:04 PM, /less wrote:
A friendly reminder for those who value privacy...
https://www.privacytools.io/


Mark your cookies file (e.g., cookies.sqlite for Mozilla-based browsers)
as read-only. Web servers will think they are setting cookies, but
those cookies disappear as soon as you terminate your browser.

For Mozilla-based browsers, install the Secret Agent extension from
https://www.dephormation.org.uk/index.php?page=81. By changing your
outgoing HTTP headers on each request to Web servers, this confuses
attempts to track your browser.


Secret Agent won't work with FF48 on.


Switch to SeaMonkey. It has a better user interface than Firefox and
less frequent updates while still using the same Gecko rendering engine
as Firefox. SeaMonkey will NOT mandate that all extensions you want to
install must be signed.

SeaMonkey is for experienced users who do not need their browser
dumbed-down. SeaMonkey is NOT evolving to look like Chrome because most
users, if they wanted Chrome, would install and use Chrome.

--
David E. Ross

Perhaps it was a smart decision for Hillary Clinton to use her
private E-mail server while Secretary of State. According to
current Secretary of State John Kerry, we know that the Russians
and Chinese have hacked the State Department's servers. In the
meantime, a claim by the Romanian hacker known as Guccifer
(Marcel Lehel Lazar) that he hacked into Clinton's E-mail
server proved false.

On 8/7/2016 6:27 AM, Mayayana wrote:
| This is a clever method, but won't it invalidate session IDs? For example,
| the Google search PREF cookie which contains search settings including
| session ID (even when not logged in).
|

Do you mean current search parameters or
search preferences? I search Google with script
and cookies completely disabled. It remembers
the current search parameters, presumably because
there's a session ID in the URL.

On the other
hand, if you want Google to remember your
personal preferences then you're *asking* them
to track you. If you allow Google cookies you're
asking them to track you. In that case there's
no point thinking about thwarting being tracked.
That would be like using a "loyalty card" at the
supermarket while refusing to tell them your name.
With the loyalty card they already know your
name, address, phone number and shopping history.



That's what I do. I get discounts for presenting the card.
The fact that it's a fake identity is of no consequence.
They know SOMEONE is buying stuff, they just can't connect it to me.

En el artículo , Andy Burns
escribió:

You do on the other hand get a metric shedload of "EU cookie popups"
after every browser restart

+1. Really irritating.

I just go through the cookies manually once in a while and delete the
ones I don't want.

A cookie poisoner plugin would be an idea - fill intrusive tracking
cookies with false information to poison the ad-flinger's databases. No
idea if such a thing exists.

--
(\_/)
(='.'=) systemd: the Linux version of Windows 10
(")_(")