A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Firefox SECRETLY storing your login credentials?



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old December 9th 18, 08:50 AM posted to alt.comp.os.windows-10
default[_2_]
external usenet poster
 
Posts: 201
Default Firefox SECRETLY storing your login credentials?

On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote:

On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.


That is not true. Firefox now includes an automatic identifying
cookie for Google with a unique ID number, AND it is intrinsic to
Firefox, you don't even have to visit google to get it!

The official story is that it is there so your privacy preferences can
be transferred to Google and sites in Google's sphere of influence.

Check it out yourself Google.com and it is called NID You can delete
it and it returns again and again. It is an encrypted cookie - each
time you open FF and visit google it is a different value, but I
haven't found anyway to stop it even with Google blacklisted in the
options.

If I start FF with the usual cookie blocker extensions in place the
google cookie will be missing until I click on google, if I disable
all extensions (FF "safe mode") the google cookie will be present
BEFORE I visit google. (or any site)

Ads
  #2  
Old December 9th 18, 10:29 AM posted to alt.comp.os.windows-10
default[_2_]
external usenet poster
 
Posts: 201
Default Firefox SECRETLY storing your login credentials?

On Sun, 9 Dec 2018 10:05:34 -0500, Keith Nuttle
wrote:

On 12/9/2018 2:50 AM, default wrote:
On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote:

On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.


That is not true. Firefox now includes an automatic identifying
cookie for Google with a unique ID number, AND it is intrinsic to
Firefox, you don't even have to visit google to get it!

The official story is that it is there so your privacy preferences can
be transferred to Google and sites in Google's sphere of influence.

Check it out yourself Google.com and it is called NID You can delete
it and it returns again and again. It is an encrypted cookie - each
time you open FF and visit google it is a different value, but I
haven't found anyway to stop it even with Google blacklisted in the
options.

If I start FF with the usual cookie blocker extensions in place the
google cookie will be missing until I click on google, if I disable
all extensions (FF "safe mode") the google cookie will be present
BEFORE I visit google. (or any site)

Cookies are not logon credential.


It is getting so that every site you visit puts cookies into your
browser.


What makes this insidious is that it is a unique identifier. Each
copy of FF has a unique cookie. If you have gmail, google groups and
a profile, etc., that cookie is tied to your name, address and so
forth assuming you handed that data to google at some point. We
should also assume that doubleclick, the tracking site, now owned by
google, also makes those connections.

All web sites may use cookies, but they can't tie it to you unless
you've logged in and they have your information. Normal cookies can
be eliminated on a site by site basis, but not this one. Normal
cookies can be cleared when you exit the FF browser, normal cookies
follow the exceptions table that you set to block certain sites...

I forget when this one was introduced in FF, but for a time some
cookie extensions could trash it, not any more or none that I've
found.

I use K-Meleon instead of FF but some sites won't work with it, or I
haven't found a work-around.

Why would you care? Well there are some marketing web sites (many of
the book a trip on-line ones do it) and they adjust the prices you see
based on your browsing history, where you live, and/or how much money
you have (hypothetically derived from your tastes and past purchases).
That's assuming you aren't doing anything criminal or have some
sexual, religious, political, or ideological bent that you might want
to keep to yourself.
  #3  
Old December 9th 18, 02:31 PM posted to alt.comp.os.windows-10
default[_2_]
external usenet poster
 
Posts: 201
Default Firefox SECRETLY storing your login credentials?

On Sun, 9 Dec 2018 13:20:34 -0500, "Mayayana"
wrote:

"default"

| We
| should also assume that doubleclick, the tracking site, now owned by
| google, also makes those connections.
|
| All web sites may use cookies, but they can't tie it to you unless
| you've logged in and they have your information.

It's much worse than that. Unless you block Google,
google analytics, fonts, etc in your HOSTS file then
google (and probably a 1/2 dozen other entities) is
following you everywhere you go. It's no problem
to get your ID from that data. That's what their whole
business model is: To collect as much as possible
and find out as much as possible from that.

Do you not remember the AOL leak some years
ago? I've forgotten the details, but a journalist
demonstrated how the "anonymous" data could easily
be used to identify specific people.

That's what computers are for. There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.

| Why would you care? Well there are some marketing web sites (many of
| the book a trip on-line ones do it) and they adjust the prices you see
| based on your browsing history, where you live, and/or how much money
| you have (hypothetically derived from your tastes and past purchases).
| That's assuming you aren't doing anything criminal or have some
| sexual, religious, political, or ideological bent that you might want
| to keep to yourself.

Again, you're understating the case. Most commercial
sites will customize if they know who you are. Even
things like duckduckgo. You'll see different search
results if you enable script and cookies. That's part of
the Facebook scandal: They customize each person's
"news" in order to titillate and get people to stay on
the site longer. Google also customizes news. I stopped
looking at their news years ago because of that.

Every time I think I'm getting too paranoid I'll see something that
suggests I'm no where close to paranoid, it is actually much worse
than I thought.

News-wise its better to hit Reuters, AP, BBC than let Google or
youtube tell you what they think you want to hear. I probably spend
more time vetting the sources of the news than I do reading it.

"studies show... etc." What studies, who did the study, what was
their stated agenda, how biased is the source, what questions were
asked, what was the socio-economic status of the questioned, how were
they selected, how large is the study, what part(s) of the
country/countries were polled, etc.?

Another interesting thing I found with using google search engine was
that if I put the boolean operators in the search string manually I
got different results than when Google does it. (using Google
"advanced search")
  #4  
Old December 9th 18, 02:40 PM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10
Mr. Man-wai Chang
external usenet poster
 
Posts: 1,941
Default Firefox SECRETLY storing your login credentials?


How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
¤£*ɶU! ¤£¶BÄF! ¤£½ä¿ú! ¤£´©¥æ! ¤£¥´¥æ! ¤£¥´§T! ¤£¦Û±þ! ¤£¨D¯«!
½Ð¦Ò¼{ºî´© (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa
  #5  
Old December 9th 18, 02:59 PM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10
Keith Nuttle
external usenet poster
 
Posts: 1,844
Default Firefox SECRETLY storing your login credentials?

On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.


--
2018: The year we learn to play the great game of Euchre
  #6  
Old December 9th 18, 03:09 PM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10
Mr. Man-wai Chang
external usenet poster
 
Posts: 1,941
Default browsers SECRETLY storing your login credentials?

On 12/9/2018 9:59 PM, Keith Nuttle wrote:
On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.


No, I am just curious how regular users could find out the truth. I just
handily picked Firefox as an example!

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.



I don't store passwords in browsers. But I was just wondering whether
browsers could be lying about privacy and security. Most users just
cannot find out, but to the trust the claims of those browsers.


--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
¤£*ɶU! ¤£¶BÄF! ¤£½ä¿ú! ¤£´©¥æ! ¤£¥´¥æ! ¤£¥´§T! ¤£¦Û±þ! ¤£¨D¯«!
½Ð¦Ò¼{ºî´© (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa
  #7  
Old December 9th 18, 04:05 PM posted to alt.comp.os.windows-10
Keith Nuttle
external usenet poster
 
Posts: 1,844
Default Firefox SECRETLY storing your login credentials?

On 12/9/2018 2:50 AM, default wrote:
On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote:

On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.


That is not true. Firefox now includes an automatic identifying
cookie for Google with a unique ID number, AND it is intrinsic to
Firefox, you don't even have to visit google to get it!

The official story is that it is there so your privacy preferences can
be transferred to Google and sites in Google's sphere of influence.

Check it out yourself Google.com and it is called NID You can delete
it and it returns again and again. It is an encrypted cookie - each
time you open FF and visit google it is a different value, but I
haven't found anyway to stop it even with Google blacklisted in the
options.

If I start FF with the usual cookie blocker extensions in place the
google cookie will be missing until I click on google, if I disable
all extensions (FF "safe mode") the google cookie will be present
BEFORE I visit google. (or any site)

Cookies are not logon credential.


It is getting so that every site you visit puts cookies into your
browser.

--
2018: The year we learn to play the great game of Euchre
  #8  
Old December 9th 18, 04:29 PM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10
KWills Shill #3
external usenet poster
 
Posts: 2
Default Firefox SECRETLY storing your login credentials?

On Sun, 9 Dec 2018 08:59:29 -0500, Keith Nuttle
wrote:

On 12/9/2018 8:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?


Quite trying to trash Firefox by implying that it is doing something
unwanted. With Firefox you have complete control.

It is no secret what Fire fox does. Go to Options. Privacy and
Security. Check "Ask to Save logins and Passwords" While there go to
saved password and delete all saved passwords.

You will then have use the significantly more secure method of managing
your password with sticky note attached to your monitor.


It's much the same with Google Chrome. The user can make use of
its storing of passwords, and other information, or not.

--
Shill #3.
Los Angeles Branch.
Strategic Writer, Psychotronic World Dominator and FEMA camp
counselor.
https://c2.staticflickr.com/4/3618/5...202191d3_b.jpg
All hail the taco! http://www.taconati.org/
  #9  
Old December 9th 18, 05:33 PM posted to alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 6,438
Default Firefox SECRETLY storing your login credentials?

"default" wrote

| Check it out yourself Google.com and it is called NID You can delete
| it and it returns again and again. It is an encrypted cookie - each
| time you open FF and visit google it is a different value, but I
| haven't found anyway to stop it even with Google blacklisted in the
| options.
|

Interesting. And seemingly unprecedented. You mean
that you get it even if you block Google cookies?
What if you block all cookies? I see that cookie but I only
acccept cookies for the session, and then only in
Firefox. (I normally use Pale Moon.) So Google never
gets a chance to read it back.

(I'm also only using FF 52. Based on their release schedule,
with the current version being 64, I guess 52 must
be at least 10 days old.

I also found other cookies from Mozilla that I never noticed
before. They were loading at startup. "moz-attribution-stub",
which seems to have a unique ID and expired last August.
Maybe an install marker. When I deleted cookies.sqlite it
didn't come back. (FF regenerates cookies.sqlite.)

I wouldn't assume Firefox is being honest. Certainly
better than Google and Microsoft. They at least aspire to
high ideals. But Google is their master. They're addicted
to hundreds of millions of dollars yearly budget and nearly
all of that comes from Google. They're also under increasing
pressure to join the fad of push services online. Many
would consider it a great feature if Firefox reminded
them to buy toothpaste or take out the rubbish. And
they have to be intrusive to offer such conveniences.

The Google cookie looks like that kind of thing. Of
course the problem with that is that people are not
told and it's usually not opt-in. Increasingly, one needs
to keep an eye on new settings for push, geo-location,
etc., to make sure you haven't had them secretly
enabled.




  #10  
Old December 9th 18, 07:20 PM posted to alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 6,438
Default Firefox SECRETLY storing your login credentials?

"default"

| We
| should also assume that doubleclick, the tracking site, now owned by
| google, also makes those connections.
|
| All web sites may use cookies, but they can't tie it to you unless
| you've logged in and they have your information.

It's much worse than that. Unless you block Google,
google analytics, fonts, etc in your HOSTS file then
google (and probably a 1/2 dozen other entities) is
following you everywhere you go. It's no problem
to get your ID from that data. That's what their whole
business model is: To collect as much as possible
and find out as much as possible from that.

Do you not remember the AOL leak some years
ago? I've forgotten the details, but a journalist
demonstrated how the "anonymous" data could easily
be used to identify specific people.

That's what computers are for. There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.

| Why would you care? Well there are some marketing web sites (many of
| the book a trip on-line ones do it) and they adjust the prices you see
| based on your browsing history, where you live, and/or how much money
| you have (hypothetically derived from your tastes and past purchases).
| That's assuming you aren't doing anything criminal or have some
| sexual, religious, political, or ideological bent that you might want
| to keep to yourself.

Again, you're understating the case. Most commercial
sites will customize if they know who you are. Even
things like duckduckgo. You'll see different search
results if you enable script and cookies. That's part of
the Facebook scandal: They customize each person's
"news" in order to titillate and get people to stay on
the site longer. Google also customizes news. I stopped
looking at their news years ago because of that.


  #11  
Old December 9th 18, 07:27 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Firefox SECRETLY storing your login credentials?

In article , Mayayana
wrote:

...There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.


there is, and it's called differential privacy.
  #12  
Old December 9th 18, 08:47 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default You get out of the game (Was: Firefox SECRETLY storing your login credentials?)

In article , Wolf K
wrote:


What's changed is that the data tied to us is being stored by people we
don't know, in databases to which we ourselves have no access, which we
can't change or expunge, and which are being used for purposes we
haven't permitted.


public data is just that, public, which means people you don't know can
(and do) access it for whatever reason they want, no permission needed,
and there's *nothing* you can do about it. that has *always* been the
case with public data.

private data *should* be private, but companies don't give a **** about
security so that too becomes public (equifax, marriott, etc.). it costs
more to properly secure their systems versus pay whatever penalties, so
they don't bother. equifax *made* money from their data breach.

what's changed is that it's now *much* easier to access that data than
it's ever been before, and no longer impractical to copy *all* of it.
  #13  
Old December 9th 18, 08:55 PM posted to alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 6,438
Default You get out of the game (Was: Firefox SECRETLY storing your login credentials?)

"Wolf K" wrote

| What's changed is that the data tied to us is being stored by people we
| don't know, in databases to which we ourselves have no access, which we
| can't change or expunge, and which are being used for purposes we
| haven't permitted.
|

I think that the more critical changes a

* Computerization of the records.
* Computers used in everyday activities.

In the old days your phone company
didn't know where you were at any given time and the
books/newspapers you read didn't report your reading
habits to an advertising company. Your car didn't know
your driving habits. Your frig didn't know your shopping
habits. There was no Amazon supermarket that would
offer you $1 off the product whose price they just
jacked up by $2 in exchange for allowing them to follow
you around and spy on you.

But what's made all of this such a problem is the ease
of access and cross-referencing. Because it's all
computerized. Like you say, your grocer knew your
likes and dislikes before. But that was between you
and him. It was all personal relationships, and records,
if they existed, were kept on paper in file cabinets.

Google's cookies would mean nothing if they
were stored in file cabinets. They'd only serve what they
were meant for: To carry forward data from one page
when you go to the next. Instead, with interconnected
databases, their cookies become part of a vast and
highly efficient spyware system.

| It's possible to change this regime, but it will take regulation of big
| business, as the EU has begun to do with its data protection laws. But
| big business will do everything it can to prevent America from following
| suit. After all, our purpose in life is to serve business, to provide
| profits. It's the American Way!
|
I think you're right. But even the EU is being
mamby pamby about it. And it's not just big businesses.
Gov't beancounters also don't want you to have privacy.

3rd-party content needs to be illegal to begin with.
They need to be stopped from even collecting the data.
It needs to be illegal for your TV or your car to collect
data. They're doing it now only because they can and
you don't see it happening.

There was an interesting article awhile back about
Estonia:

https://www.newyorker.com/magazine/2...gital-republic

Your data is accessible to anyone who needs it. There's
a general rule that anything needs to be entered only once.
Once you've typed in your birthday, you never have to do
it again. It's all centralized. At the same time, anyone who
accesses your data is recorded and they'd better have a
damned good reason or face criminal charges.

It seems like a solution for the future, but I wonder
whether it can really work. If people can access your credit
card and passport info, job history, daily schedule, etc
then how can it be made non-exploitable? Maybe Estonians
just don't have anything that anybody wants? I don't know.


  #14  
Old December 9th 18, 09:18 PM posted to alt.comp.os.windows-10
lew
external usenet poster
 
Posts: 282
Default Firefox SECRETLY storing your login credentials?

On 2018-12-09, Mayayana wrote:
"default"

| We
| should also assume that doubleclick, the tracking site, now owned by
| google, also makes those connections.
|
| All web sites may use cookies, but they can't tie it to you unless
| you've logged in and they have your information.

It's much worse than that. Unless you block Google,
google analytics, fonts, etc in your HOSTS file then
google (and probably a 1/2 dozen other entities) is
following you everywhere you go. It's no problem
to get your ID from that data. That's what their whole
business model is: To collect as much as possible
and find out as much as possible from that.

Do you not remember the AOL leak some years
ago? I've forgotten the details, but a journalist
demonstrated how the "anonymous" data could easily
be used to identify specific people.

That's what computers are for. There's no such
thing as anonymous. There's only the possibility
of reducing the data collection.

| Why would you care? Well there are some marketing web sites (many of
| the book a trip on-line ones do it) and they adjust the prices you see
| based on your browsing history, where you live, and/or how much money
| you have (hypothetically derived from your tastes and past purchases).
| That's assuming you aren't doing anything criminal or have some
| sexual, religious, political, or ideological bent that you might want
| to keep to yourself.

Again, you're understating the case. Most commercial
sites will customize if they know who you are. Even
things like duckduckgo. You'll see different search
results if you enable script and cookies. That's part of
the Facebook scandal: They customize each person's
"news" in order to titillate and get people to stay on
the site longer. Google also customizes news. I stopped
looking at their news years ago because of that.



All this about Firefox????

And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser? Guess what that
does for google, a freebie into a person's info as Chrome even states
stuff is sent to its cloud for easy accessibility for the user(?).
  #15  
Old December 9th 18, 09:31 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Firefox SECRETLY storing your login credentials?

In article , lew
wrote:


And no one mentions that a person has to login to a google account
in order to be able to use the Chrome browser?


no they don't.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 05:53 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004-2024 PCbanter.
The comments are property of their posters.