Privacy and the XOs BrowseActivity

February 5, 2009 at 15:23 | Posted in Privacy/Security, XO | 2 Comments
Tags: , , , , , , , ,

As mentioned in earlier posts I have been looking into ways for users to increase the Privacy/Security stance of the BrowseActivity. My biggest annoyance in this field so far has been the lack of a way to clear cookies and the browsing history. I was further miffed to find that the BrowseActivity completely ignores some of the About:config settings related to the history and p cookies.

I have found the the following do work:

using about:config and setting:

network.cookie.cookieBehavior to  1 will indeed block third party cookies.

network.cookie.lifetimePolicy to 2 will make all cookies “session only” clearing them when the browser closes.

The above two settings will only effect cookies that come in after the settings are changes third party and persistant cookies that came in before will be uneffected. But we’ll clear thous out in a sec.

you can control Java and JavaScript with:

security. enable_java and javascript.enabled . They can be set to true to allow or False to disallow either java or javascript. Keep in mind that the XO does not ship with a Java run time environmentso the effects of security. enable_java are meaningless unless you install Java. Disabling JavaScript will break many sites but is also a lot safer so you might what to write that down some place if you think you might ever take your XO to risky websites.

Now for the History and Cookies.. After some poking around I found that the XOs Browse Activity stores cookies and the history in sqlite databases. These can be tricky to track down, but not to worry. if you have a G1G1 XO. (I’m guessing that is most of you). you can:

open the Terminal Activity

Become root with either the “become root” button or by typing su – at the commandline

change back to the olpc directory with: cd /home/olpc

then type: find isolation/ -name places.* -delete

that will find and delete your browsing history (where you’ve been)

now type: find isolation/ -name cookies.* -delete

you guessed it, that will clear out all the cookies.

If I have the time I may write a quick Activity that will flush the cookies and the Browsing history, If I get really clever with it it might even be able to remove all of the “Browse Activity”s from the journal. But at least you have this for now.

If you are worried about Browsing privacy on the XO you might also want to check out my post on Privoxy on the XO

Happy and safe computing :)

Updates….

October 16, 2008 at 15:58 | Posted in Privacy/Security | Leave a comment
Tags: , , , , , , , , ,

Just a short entry to let people (RSS) know that I’ve made updates to My “Flash ‘Cookies’, a hidden bane” entry and also put a link in the Side Bar to downloadable Flash LSO (cookie) removal scripts.

Enjoy

Flash ‘Cookies’, a hidden bane

July 28, 2008 at 09:57 | Posted in Privacy/Security | 22 Comments
Tags: , , , , ,

—- N.B.

I have made several updates to this post as I have noticed continued interest in it.

There is follow up to this in the comments below for those looking for a way to delete Flash cookies. I’ll be posting an windows bat file to do about the same soon. There is now a link in the sidebar to the right to downloadable versions of the LSO (Flash Cookie) removal scripts one for XP and one for Linux. I have yet to find a functional way to stop the cookies from being set as it seems blocking them seriously messes with some sites functionality.

There is another privacy bane on the net. “Flash Cookies”, or technically “local Shared Objects”. There is a good explanation of them on this Blog and also a link to the Adobe Flash Settings Manager which will let you manage them think you are managing them. These “cookies” are not cleared when you clear you browser’s cookies, are not stopped by telling your browser to prevent cookies, are not stopped by normal cookie managers. You currently have to use the Settings manager, or root them out and delete them manually.

you can go to the Settings manager and dong the following:

- Setting the default storage size to 0 (none) on the “Global Storage Settings” tab

- Unchecking “Allow third-parties Flash content to store data on your computer”

- Unchecking “Store common Flash components to reduce download time”

- Check “Never Ask Again” (some sites manage to ignore this.. but see below)

(bare in mind that I am draconian about my privacy, and would rather have things asking me for permission all the time rather then doing things without asking. You can, of course, set things to you own liking.)

– It has been pointed out that the above has little permanent effect as there seems to be little or no enforcement of the above settings and sites go ahead and store LSO’s even with the limit set to 0 –

- Bookmark the settings manager (you’ll want to come back to it now and then)

If a site is annoying about asking for storage go to the Settings manager from a new browser tab or window and use the “Website Storage Settings” tab in the Settings manager to tell the site to never ask again.

You can also use the “Website Storage Settings” to allow sites that you want/need to save data and limit how much they can store.

If ever there was a good reason for using NoScript, (which prevents flash and other things from running without permission) this is one. (of many)

– I strongly recommend the use of NoScript as an increasing number of sites have started using flash “web beacons” to track people (they hide a transparent 1×1 flash object on the webpage just so they can set an LSO (flash cookie) –

Good day, And happy and safe surfing.

What a night

April 7, 2008 at 23:24 | Posted in Privacy/Security, Tech | Leave a comment
Tags: , , , , , , , , , ,

Fist there is news of a bot-net bigger then storm dubbed Kraken which you can read more about here, here and here

And Then, there is info filtering out. albeit a little after the fact about Phorm, which if it work as described here would be a major threat to the average users privacy and even to those that used cookie blockers as it hijacks white listed cookies.

Guess it is time for someone to start working on a Phorm stripper add-on for Firefox that would identify the hijacked cookies and strip the Phorm tag off of them.

It is late so I have not had a chance to look into to this as deeply as I’d like to. I’ll write more on it in the coming days.

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.

%d bloggers like this: