[LINK] RFI: Intrusive Internet Mechanisms
Karl Auer
kauer at biplane.com.au
Wed Dec 1 14:31:48 AEDT 2010
On Wed, 2010-12-01 at 13:44 +1100, Jamie Sunderland wrote:
> Yes and I was quite surprised the other day when I went to check the
> cricket scores, that their web-page had automatically logged me into
> their groupsite on Facebook - using my Facebook ID. Presumably this is
> done via cookies.....
Turn off cookies. If you happen across a website that demands cookies,
and you want to use the website, add an exception for that specific
site.
Get into the habit of exiting the browser completely, rather than
leaving browser windows open all over the place for long periods.
When you add an exception, make sure you click "allow for session";
cookies from that site will then be discarded when you exit the browser.
If you click "allow" the cookie will be retained for as long as the
website stipulates.
If you use Flash, you should also set the permissions on the Macromedia
home directory to forbid writing. I don't know how you would do that in
Windows, but in Linux it's
sudo chown root:root /your/home/directory/.macromedia
sudo chmod go-rwx /your/home/directory/.macromedia
There is probably a similar technique to protect against Silverlight
vulnerabilities, too.
You should also tell your browser to cache nothing (0 days). Use the
"clear private data" settings so that your cache, your browsing history
and so on are all cleared on exit. This will defeat some cookie-like
mechanisms, such as data encoded in cached images.
Don't use Javascript (i.e., turn it on only while browsing sites that
need it). Many cookie-like techniques rely on the fact that Javascript
has read/write access to various forms of persistent storage. Ditto
Java.
Hassle Mozilla, Microsoft etc to build proper privacy protection into
their implementations of HTML5. Hassle them to provide finer-grained
control (e.g., site-by-site Javascript, site-by-site Java, disk-write
detection, RAM-write detection and so on).
If you are using Linux, there is a way for the truly paranoid to
proceed: Set up a user account that has write access only to its own
home directory. Browse only as that user. Blow away and recreate that
user's directory after each session (it only takes a few seconds).
If you are using Windows, set up a virtual machine with your favourite
browser installed. Make a backup of the VM. Browse only from within the
VM, and after each session, recopy the backup.
None of this is 100% effective, and some of it is very inconvenient...
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
More information about the Link
mailing list