Supercookies and sneaky 'DOM Storage' longterm tracking

Page 2 of 2 [ 25 posts ]  Go to page Previous  1, 2

TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

28 Mar 2010, 5:01 am

t0 wrote:
So is it safe to say (after all this research) that "Supercookies" are not HTTP cookies at all but psuedo-cookies that Macromedia has put into Flash? Therefore the culprit is Macromedia/Adobe and not the browser (or OS) vendor?


That is how I understand it. The name "Supercookies" seems to have been universally adopted for them.

However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):

1. DOM Storage was introduced as part of a standards change in HTML to allow websites to store data on a users computer as an alternative to normal cookies.

2. This was supposed to be a "good thing" allowing sites to store a lot more information on the users computer than was allowed with normal cookies. So in effect it is a form of "sand-boxed" local data storage. I can see how this may be of benefit if you are using web services and data can be stored on your computer behind the scenes without users getting involved or having to manually save or load data files when interacting with those services.

3. This data is somehow embedded within the browsers own settings file or files associated with the browser. The location on the computer is restricted due to the "sand-box" arrangement. Apparently both Firefox and IE adopted this "DOM Storage" as part of keeping up with new HTML standards. Presumably other browsers also follow this trend.

4. The potential for abuse of this DOM Storage is very high, but at the moment not many websites have taken advantage of its substantial potential for tracking users or holding and sharing users personal data.

5. It isn't clear if the various cookie options in the latest version of Firefox allow the user to block / view or delete this DOM Storage data. There is a lack of information on the subject. The add-on "Better Privacy" for Firefox apparently deletes/blocks such tracking data.


_________________
I've left WP indefinitely.


Fuzzy
Veteran
Veteran

User avatar

Joined: 30 Mar 2006
Age: 51
Gender: Male
Posts: 5,223
Location: Alberta Canada

28 Mar 2010, 12:27 pm

TallyMan wrote:
t0 wrote:
So is it safe to say (after all this research) that "Supercookies" are not HTTP cookies at all but psuedo-cookies that Macromedia has put into Flash? Therefore the culprit is Macromedia/Adobe and not the browser (or OS) vendor?


That is how I understand it. The name "Supercookies" seems to have been universally adopted for them.

However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):

1. DOM Storage was introduced as part of a standards change in HTML to allow websites to store data on a users computer as an alternative to normal cookies.

2. This was supposed to be a "good thing" allowing sites to store a lot more information on the users computer than was allowed with normal cookies. So in effect it is a form of "sand-boxed" local data storage. I can see how this may be of benefit if you are using web services and data can be stored on your computer behind the scenes without users getting involved or having to manually save or load data files when interacting with those services.

3. This data is somehow embedded within the browsers own settings file or files associated with the browser. The location on the computer is restricted due to the "sand-box" arrangement. Apparently both Firefox and IE adopted this "DOM Storage" as part of keeping up with new HTML standards. Presumably other browsers also follow this trend.

4. The potential for abuse of this DOM Storage is very high, but at the moment not many websites have taken advantage of its substantial potential for tracking users or holding and sharing users personal data.

5. It isn't clear if the various cookie options in the latest version of Firefox allow the user to block / view or delete this DOM Storage data. There is a lack of information on the subject. The add-on "Better Privacy" for Firefox apparently deletes/blocks such tracking data.


Install firefox in a virtual machine. Make a copy of its files. Visit some site that records a lot of data. I had trouble with facebook retaining my data outside cookies for instance... might be a good one to try. make a comparison copy of files and then open a blank browser tab:

type about:config and sort and scan the list for "user set" variables, possibly pertaining to facebook.


_________________
davidred wrote...
I installed Ubuntu once and it completely destroyed my paying relationship with Microsoft.


0_equals_true
Veteran
Veteran

User avatar

Joined: 5 Apr 2007
Age: 41
Gender: Male
Posts: 11,038
Location: London

28 Mar 2010, 1:07 pm

TallyMan wrote:
However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):


"DOM Storage" is a misnomer as DOM stands for Document Object Model. All you are referring to is an extension of cookies. It is was way of storing larger session type information on the client side. It is basically just an extension cookies and uses the same associative array type storage. It is usually cleared by the typical cookies/privacy option in your browser.

https://developer.mozilla.org/en/DOM/St ... g_the_data



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

28 Mar 2010, 1:18 pm

0_equals_true wrote:
TallyMan wrote:
However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):


"DOM Storage" is a misnomer as DOM stands for Document Object Model. All you are referring to is an extension of cookies. It is was way of storing larger session type information on the client side. It is basically just an extension cookies and uses the same associative array type storage. It is usually cleared by the typical cookies/privacy option in your browser.

https://developer.mozilla.org/en/DOM/St ... g_the_data


Thanks for clearing that up. The add-on "Better Privacy" supposedly deletes such cookies but it sounds like it isn't even necessary if they can be cleared directly via Firefox anyway. I've got Firefox set to delete all cookies anyway when the browser is closed, so it doesn't sound like they are much of a problem.


_________________
I've left WP indefinitely.


zer0netgain
Veteran
Veteran

User avatar

Joined: 2 Mar 2009
Age: 56
Gender: Male
Posts: 6,613

28 Mar 2010, 3:22 pm

TallyMan wrote:
Thanks for clearing that up. The add-on "Better Privacy" supposedly deletes such cookies but it sounds like it isn't even necessary if they can be cleared directly via Firefox anyway. I've got Firefox set to delete all cookies anyway when the browser is closed, so it doesn't sound like they are much of a problem.


Depends. When I first installed Better Privacy, Firefox did not deal with the "supercookie" issue. Maybe now it does. Not a big add on. Lets you dump those nasty buggers every time the program closes.



ValMikeSmith
Veteran
Veteran

User avatar

Joined: 18 May 2008
Age: 54
Gender: Male
Posts: 977
Location: Stranger in a strange land

29 Mar 2010, 2:38 am

Fuzzy wrote:
TallyMan wrote:
Fuzzy wrote:
TallyMan wrote:
[You need to turn on the setting to show hidden folders and files in Windows Exploder.


Fixed. You're welcome.


Apparently the same supercookies also exist in Linux (Ubuntu) and Mac assuming you have flash installed.


They do yes.

My solution is just to have them written to /dev/shm.


How? :huh: :?: Script or Browser settings?



ValMikeSmith
Veteran
Veteran

User avatar

Joined: 18 May 2008
Age: 54
Gender: Male
Posts: 977
Location: Stranger in a strange land

29 Mar 2010, 3:54 am

zer0netgain wrote:
Get the Better Privacy plugin for Firefox. It takes care of that problem.


Better yet, get the older smaller version that doesn't recognize DOM
and SUPERCOOKIES. At some point, firefox UPDATED to ALLOW them.
Without UPDATING, malware would be impossible.

UPDATING is a good thing? Believing this is proof of brainwashing!
My oldest working computer was last updated in 1981.
It makes no sense whatsoever to update anything
without knowing exactly what changes you are making.

How can you remove the bad features by adding (not removing) code?



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

29 Mar 2010, 5:53 am

ValMikeSmith wrote:
UPDATING is a good thing? Believing this is proof of brainwashing!
My oldest working computer was last updated in 1981.
It makes no sense whatsoever to update anything
without knowing exactly what changes you are making.

How can you remove the bad features by adding (not removing) code?


Funnily enough the same thought passed through my mind yesterday. The more complex software becomes the more vulnerabilities and holes it has in it that hackers, spies, marketers etc can gain access to your computer by or steal your personal files or commit identity theft. Sometimes the "benefits" of "progress" need to be viewed a bit more objectively. Lots of software just bloats with no perceivable benefit to the end users, just so the marketers can claim to have "the latest and greatest".

I'm stuck with dial-up internet due to living in a very rural location. Software updates have reached the stage of being impossible to keep up with. The likes of Microsoft churn out updates that sometimes are 1GB in size - the service pack update to Visual Studio being a good example.

Adobe reader takes up an obscene amount of disk space considering what it actually does. It also likes to screw around with my machine when it updates - putting icons on my desktop and start bar that I have to delete and then I have to edit the MSCONFIG file to remove all the Adobe startup crap. Repeat this after every Adobe update! The only reason I haven't deleted Abode full stop is that it came pre-installed on this computer and I think it is tied in to other bits of software on there too - so I put up with it rather than risk destabilising something else.


_________________
I've left WP indefinitely.


Fuzzy
Veteran
Veteran

User avatar

Joined: 30 Mar 2006
Age: 51
Gender: Male
Posts: 5,223
Location: Alberta Canada

29 Mar 2010, 11:33 am

TallyMan wrote:
Adobe reader takes up an obscene amount of disk space considering what it actually does. It also likes to screw around with my machine when it updates - putting icons on my desktop and start bar that I have to delete and then I have to edit the MSCONFIG file to remove all the Adobe startup crap. Repeat this after every Adobe update! The only reason I haven't deleted Abode full stop is that it came pre-installed on this computer and I think it is tied in to other bits of software on there too - so I put up with it rather than risk destabilising something else.


That was one of the reliefs I felt when I switched to linux. I hated PDFs, and every time i wanted to open one, it would start looking for an update. Of course it would have to stop and ask me first... but invariably the next time, or the next update... more adobe BS.

itunes and quicktime were just about as bad.


_________________
davidred wrote...
I installed Ubuntu once and it completely destroyed my paying relationship with Microsoft.