Tags: activity, browse, clear, cookies, History, howto, OLPC, privacy, XO
As mentioned in earlier posts I have been looking into ways for users to increase the Privacy/Security stance of the BrowseActivity. My biggest annoyance in this field so far has been the lack of a way to clear cookies and the browsing history. I was further miffed to find that the BrowseActivity completely ignores some of the About:config settings related to the history and p cookies.
I have found the the following do work:
using about:config and setting:
network.cookie.cookieBehavior to 1 will indeed block third party cookies.
network.cookie.lifetimePolicy to 2 will make all cookies “session only” clearing them when the browser closes.
The above two settings will only effect cookies that come in after the settings are changes third party and persistant cookies that came in before will be uneffected. But we’ll clear thous out in a sec.
Now for the History and Cookies.. After some poking around I found that the XOs Browse Activity stores cookies and the history in sqlite databases. These can be tricky to track down, but not to worry. if you have a G1G1 XO. (I’m guessing that is most of you). you can:
open the Terminal Activity
Become root with either the “become root” button or by typing su – at the commandline
change back to the olpc directory with: cd /home/olpc
then type: find isolation/ -name places.* -delete
that will find and delete your browsing history (where you’ve been)
now type: find isolation/ -name cookies.* -delete
you guessed it, that will clear out all the cookies.
If I have the time I may write a quick Activity that will flush the cookies and the Browsing history, If I get really clever with it it might even be able to remove all of the “Browse Activity”s from the journal. But at least you have this for now.
If you are worried about Browsing privacy on the XO you might also want to check out my post on Privoxy on the XO
Happy and safe computing
Tags: about, adobe, cookies, delete, download, flash, info, lso, removal, stop
Tags: cookies, flash, local shared objecs, lso, manager, privacy
I have made several updates to this post as I have noticed continued interest in it.
There is follow up to this in the comments below for those looking for a way to delete Flash cookies. I’ll be posting an windows bat file to do about the same soon. There is now a link in the sidebar to the right to downloadable versions of the LSO (Flash Cookie) removal scripts one for XP and one for Linux. I have yet to find a functional way to stop the cookies from being set as it seems blocking them seriously messes with some sites functionality.
There is another privacy bane on the net. “Flash Cookies”, or technically “local Shared Objects”. There is a good explanation of them on this Blog and also a link to the Adobe Flash Settings Manager which will let you manage them think you are managing them. These “cookies” are not cleared when you clear you browser’s cookies, are not stopped by telling your browser to prevent cookies, are not stopped by normal cookie managers. You currently have to use the Settings manager, or root them out and delete them manually.
you can go to the Settings manager and dong the following:
- Setting the default storage size to 0 (none) on the “Global Storage Settings” tab
- Unchecking “Allow third-parties Flash content to store data on your computer”
- Unchecking “Store common Flash components to reduce download time”
- Check “Never Ask Again” (some sites manage to ignore this.. but see below)
(bare in mind that I am draconian about my privacy, and would rather have things asking me for permission all the time rather then doing things without asking. You can, of course, set things to you own liking.)
– It has been pointed out that the above has little permanent effect as there seems to be little or no enforcement of the above settings and sites go ahead and store LSO’s even with the limit set to 0 –
- Bookmark the settings manager (you’ll want to come back to it now and then)
If a site is annoying about asking for storage go to the Settings manager from a new browser tab or window and use the “Website Storage Settings” tab in the Settings manager to tell the site to never ask again.
You can also use the “Website Storage Settings” to allow sites that you want/need to save data and limit how much they can store.
If ever there was a good reason for using NoScript, (which prevents flash and other things from running without permission) this is one. (of many)
– I strongly recommend the use of NoScript as an increasing number of sites have started using flash “web beacons” to track people (they hide a transparent 1×1 flash object on the webpage just so they can set an LSO (flash cookie) –
Good day, And happy and safe surfing.
Tags: bot-net, botnet, cookies, hijack, kraken, malware, phorm, privacy, storm, threats, tracking
And Then, there is info filtering out. albeit a little after the fact about Phorm, which if it work as described here would be a major threat to the average users privacy and even to those that used cookie blockers as it hijacks white listed cookies.
Guess it is time for someone to start working on a Phorm stripper add-on for Firefox that would identify the hijacked cookies and strip the Phorm tag off of them.
It is late so I have not had a chance to look into to this as deeply as I’d like to. I’ll write more on it in the coming days.
Proud Free Software Foundation Assoicate Member
Identi.ca - Follow me
- freemor: It's official #mcabber is just too good not to be my default #XMPP client (the FIFO option just made my day) May 24, 2013
- freemor: RT @cwebber Don't let Google lock you out! Use this as an opportunity to find a different xmpp provider and switch to that. May 24, 2013
- freemor: RT @m3tti http://bit.ly/198mlzU Google Abandons Open Standards for Instant Messaging !eff !fsf !gnu May 24, 2013
- freemor: RT @metztli ⚡@linuxfoundation International Space Station switches from #Windows to !GNU/ !Linux…for improved reliability http://bit.ly/ ... May 11, 2013
- freemor: @ddevine Congrats! A personal mail server is a wonderful thing May 10, 2013
Flash Cookie Removal ScriptsUnfortunately Drop.io is not what they once were and so the scripts are no longer hosted there. I'll find alternate hosting soon.
To be clear. I the author of this blog, in no way, recommend, endorse, or otherwise promote the products and services that may be advertised at the bottom of this blog posting.
I include this disclaimer because these advertisements are inserted by Wordpress.com and are beyond my control. I felt this disclaimer necessary as these advertisements will most likely become contextually targeted as time goes on. I do not wish readers of my blog to confused into thinking that the products or services advertised are suggested or recommended by me, no matter how closely they may be related to the subject of the blog entry.
Tagsblock Blogging canada chat Cloud cookies creative commons download DRM e-toys etoys flash FLOSS free freedom gNewSense google Hardy Hardy Heron howto ISP jaiku Life Linux Music nebuad OLPC open source phorm podcast privacy reduce review revver security site of the week squeak squeakland stop tracking tutorial twitter Ubuntu video XO
Freemor on E-Toys Tutorial 12 – Get… Mike Stramba on E-Toys Tutorial 12 – Get… Mark Szentes-Wanner on About Freemor Frances Druins on Flash ‘Cookies’, a… Freemor on Talkr.im Howto
F.O.S.S I use: