EvilZone
Hacking and Security => Anonymity and Privacy => : m0l0ko November 14, 2012, 11:20:14 AM
-
I'm reading this magazine called The Hackers Manual 2012 (its brilliant, I highly recommend getting it if you're a linux user) and it made me aware of how networks of sites (i.e. the way google is connected to thousands of other big sites) track your activity across the internet by exchanging cookies. show you how to monitor cookies with wireshark but they only mention using the http.cookie filter. If I browse google using ordinary http protocol then I notice that every search term I enter gets stored in a cookie. If I use https though, nothing comes up and wireshark doesn't seem to have a https.cookie filter. Does this mean google only uses cookies on you when you're using non encrypted protocol?
I'm gonna quote a useful post from page 2 of this thread:
This add-on in some ways can be informative if you've never been aware of tracking and if you're worried about being tracked but there are a number of other add-ons you could use instead such as: Better Privacy, NoScript, Ghostery, AdBlockPlus, Request Policy and Privacy Choice.
Ghostery is brilliant, doesn't interfere with any essential scripts.
-
Well this is hard to tell.
The might have another way of tracking you.
Knowing google, thell track you anyway anywhere and everything.
Thats google, biggest database in the world in the hands of a private corp.
Its like a dream come true.
No but really, just delete your cookies.
Use no referer , noscript , browser agent spoofing, 'google sharing' (moxie marlinspike).
Trackmenot is interesting.
Man my firefox is stuffed with these addons, well if thats what it takes these days.
Also use midori for other stuff
-
Try Better Privacy. It removes long-term cookies everytime you shut down firefox
-
Try Better Privacy. It removes long-term cookies everytime you shut down firefox
have ccleaner setup to run on boot works pretty well too
-
Good idea.
-
Well this is hard to tell.
The might have another way of tracking you.
Knowing google, thell track you anyway anywhere and everything.
Thats google, biggest database in the world in the hands of a private corp.
Its like a dream come true.
No but really, just delete your cookies.
Use no referer , noscript , browser agent spoofing, 'google sharing' (moxie marlinspike).
Trackmenot is interesting.
Man my firefox is stuffed with these addons, well if thats what it takes these days.
Also use midori for other stuff (linux)
I'm sure google and facebook are dreams come true for intelligence agencies too. Thanks, I'll look into all those things. I have noscript and better privacy (a firefox addon that deletes LSOs). I recently installed an addon called cookie monster, haven't used it yet though. I'm assuming I can set it up so it deletes cookies every time I leave a website, if not I'm sure there are addons that will do that. What advantage does midori have?
-
Btw you can also set your browser to delete cookies once you close it..
-
Well midori is just a very light weight browser (at least used to be)
FF with all these addons and crap is slow and in general I dont like slow applications.
Most tools I use in fact are CLI.
I just need something next to firefox if I just want speed and dont care about sec.
FF is like the battleship and is slow as one.
-
FF with all these addons and crap is slow and in general I dont like slow applications.
wtf are you on and why aren't you sharing? (check attachment)
FF has it built into the settings, there is no need for a addon. There are only like 3 addons I use for FF, https everywhere, noscript, and adblockplus. Then I do those FF speed tweaks in the about:config and it beats IE, Opera, Chrome, and Safari in loading pages without a problem.
-
wtf are you on and why aren't you sharing? (check attachment)
FF has it built into the settings, there is no need for a addon. There are only like 3 addons I use for FF, https everywhere, noscript, and adblockplus. Then I do those FF speed tweaks in the about:config and it beats IE, Opera, Chrome, and Safari in loading pages without a problem.
Use no referer , noscript , browser agent spoofing, 'google sharing' (moxie marlinspike).
Trackmenot is interesting.
These are not in firefox by default...
wtf are you on and why aren't you sharing? (check attachment)
What do you mean by this, i dont understand sorry?
-
What do you mean by this, i dont understand sorry?
I mean what kind of crack are you on and why aren't you sharing it with the community
-
Well crack is irrelevant.
IMO I started a couple of interesting threads, shared a tool I coded.
Try to help people here and there, such as in this thread.
Plus the fact that I have far too little time in general, due to real life nonsense.
And Im wondering what your issue with me is?
-
Well crack is irrelevant.
IMO I started a couple of interesting threads, shared a tool I coded.
Try to help people here and there, such as in this thread.
Plus the fact that I have far too little time in general, due to real life nonsense.
And Im wondering what your issue with me is?
Lol proxx, not an american I take it? He didn't mean offense by that, its our way of saying what the hell are you talking about? Or where did you get that idea? He doesn't mean your a crack smoker, and thae fact that he asked why you aren't sharing is how we show that were joking, don't take it seriously.
Guess you learned something new today ^_^
-
Lol proxx, not an american I take it? He didn't mean offense by that, its our way of saying what the hell are you talking about? Or where did you get that idea? He doesn't mean your a crack smoker, and thae fact that he asked why you aren't sharing is how we show that were joking, don't take it seriously.
Guess you learned something new today ^_^
+1
And sorry, I like to forget that not everyone is from America xD and some of our slang, or "expressions" can be misinterpreted. I have no problem with you whats so ever proxx
-
I officially feel like a moron now but thanks for explaining this :)
-
I officially feel like a moron now but thanks for explaining this :)
Its ok we still <3 you :-*
-
Uhm.. In response to the original topic, ofc there is no plain-text cookie information with SSL. That's the point.. SSL == encrypted traffic. There are (most of the time anyway, there could be) no difference in information storage on the server and client side with or without SSL(HTTPS).
-
If you want to know who is tracking you online check out the Collusion add-on for FF, or to see how well your preventative efforts are working.
"Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the web."
http://www.mozilla.org/en-US/collusion/ (http://www.mozilla.org/en-US/collusion/)
-
If you want to know who is tracking you online check out the Collusion add-on for FF, or to see how well your preventative efforts are working.
"Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the web."
http://www.mozilla.org/en-US/collusion/ (http://www.mozilla.org/en-US/collusion/)
Sounds alot like Ghostery to me
-
This add-on in some ways can be informative if you've never been aware of tracking and if you're worried about being tracked but there are a number of other add-ons you could use instead such as: Better Privacy, NoScript, Ghostery, AdBlockPlus, Request Policy and Privacy Choice.
-
Anyone whos on linux, heres an easy way to delete LSOs:
sudo rm -rf $HOME/.macromedia/Flash_Player/#SharedObjects/*/*
-
Anyone whos on linux, heres an easy way to delete LSOs:
sudo rm -rf $HOME/.macromedia/Flash_Player/#SharedObjects/*/*
Are you sure the second /* at the end is necessary?
-
Good point. The second /* is useless. I only recently started learning how LSOs work, I'd read that they can be freely accessed by any site, so I've been using BetterPrivacy. If you chmod 000 the SharedObjects folder, you'd prevent sites from being able to write LSOs completely, but would that interfere with other flash apps on their site?
-
Good point. The second /* is useless. I only recently started learning how LSOs work, I'd read that they can be freely accessed by any site, so I've been using BetterPrivacy. If you chmod 000 the SharedObjects folder, you'd prevent sites from being able to write LSOs completely, but would that interfere with other flash apps on their site?
Well a better method would be to run a browser through a shellscript that would afterwards delete the files.
Or at logoff/reboot depending if you turn on the machine or not.
Otherwise a cron can be set to rm the files.
-
Yeah a cron shell script that wipes all these files would do it nicely, that bleachbit program seems to wipe out everything, if it has a good CLE then I can make various bleachbit cron jobs. Restricting access to the LSO folder is more of a hardening measure. Why let sites write LSOs in the first place since they're not necessary. I have BetterPrivacy, and the LSO window is always empty because nothing can read the folder where LSOs are stored. Same thing could be done for things like cookies.sqlite for firefox. A shell script that contains an array of files/directories, and an array of file permissions to chmod them. I'm gonna try that and see if firefox can still run without it, or whether it changes the file permissions (can it do that?).