WrongPlanet.net
WP Members: > 80,000



Aspie Affection

New Today: 5
New Yesterday: 27

Supercookies and sneaky 'DOM Storage' longterm tracking Previous  1, 2  
Post new topic   Reply to topic    Wrong Planet Autism Forum Index -> Computers, Math, Science, and Technology     
Fuzzy
Atheist/Apostate Aspie
Phoenix


Joined: Mar 31, 2006
Posts: 5532
Location: Alberta Canada

PostPosted: Sat Mar 27, 2010 9:52 pm    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

t0 wrote:
So is it safe to say (after all this research) that "Supercookies" are not HTTP cookies at all but psuedo-cookies that Macromedia has put into Flash? Therefore the culprit is Macromedia/Adobe and not the browser (or OS) vendor?


Correct. So any site that makes use of flash(such as WP) gets an entry.
_________________
davidred wrote...
I installed Ubuntu once and it completely destroyed my paying relationship with Microsoft.
Back to top
View user's profile Send private message
TallyMan
Gone
Forum Moderator


Joined: Mar 31, 2008
Posts: 41833

PostPosted: Sun Mar 28, 2010 6:01 am    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

t0 wrote:
So is it safe to say (after all this research) that "Supercookies" are not HTTP cookies at all but psuedo-cookies that Macromedia has put into Flash? Therefore the culprit is Macromedia/Adobe and not the browser (or OS) vendor?


That is how I understand it. The name "Supercookies" seems to have been universally adopted for them.

However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):

1. DOM Storage was introduced as part of a standards change in HTML to allow websites to store data on a users computer as an alternative to normal cookies.

2. This was supposed to be a "good thing" allowing sites to store a lot more information on the users computer than was allowed with normal cookies. So in effect it is a form of "sand-boxed" local data storage. I can see how this may be of benefit if you are using web services and data can be stored on your computer behind the scenes without users getting involved or having to manually save or load data files when interacting with those services.

3. This data is somehow embedded within the browsers own settings file or files associated with the browser. The location on the computer is restricted due to the "sand-box" arrangement. Apparently both Firefox and IE adopted this "DOM Storage" as part of keeping up with new HTML standards. Presumably other browsers also follow this trend.

4. The potential for abuse of this DOM Storage is very high, but at the moment not many websites have taken advantage of its substantial potential for tracking users or holding and sharing users personal data.

5. It isn't clear if the various cookie options in the latest version of Firefox allow the user to block / view or delete this DOM Storage data. There is a lack of information on the subject. The add-on "Better Privacy" for Firefox apparently deletes/blocks such tracking data.
_________________
I've left WP indefinitely.

Back to top
View user's profile Send private message
Fuzzy
Atheist/Apostate Aspie
Phoenix


Joined: Mar 31, 2006
Posts: 5532
Location: Alberta Canada

PostPosted: Sun Mar 28, 2010 1:27 pm    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

TallyMan wrote:
t0 wrote:
So is it safe to say (after all this research) that "Supercookies" are not HTTP cookies at all but psuedo-cookies that Macromedia has put into Flash? Therefore the culprit is Macromedia/Adobe and not the browser (or OS) vendor?


That is how I understand it. The name "Supercookies" seems to have been universally adopted for them.

However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):

1. DOM Storage was introduced as part of a standards change in HTML to allow websites to store data on a users computer as an alternative to normal cookies.

2. This was supposed to be a "good thing" allowing sites to store a lot more information on the users computer than was allowed with normal cookies. So in effect it is a form of "sand-boxed" local data storage. I can see how this may be of benefit if you are using web services and data can be stored on your computer behind the scenes without users getting involved or having to manually save or load data files when interacting with those services.

3. This data is somehow embedded within the browsers own settings file or files associated with the browser. The location on the computer is restricted due to the "sand-box" arrangement. Apparently both Firefox and IE adopted this "DOM Storage" as part of keeping up with new HTML standards. Presumably other browsers also follow this trend.

4. The potential for abuse of this DOM Storage is very high, but at the moment not many websites have taken advantage of its substantial potential for tracking users or holding and sharing users personal data.

5. It isn't clear if the various cookie options in the latest version of Firefox allow the user to block / view or delete this DOM Storage data. There is a lack of information on the subject. The add-on "Better Privacy" for Firefox apparently deletes/blocks such tracking data.


Install firefox in a virtual machine. Make a copy of its files. Visit some site that records a lot of data. I had trouble with facebook retaining my data outside cookies for instance... might be a good one to try. make a comparison copy of files and then open a blank browser tab:

type about:config and sort and scan the list for "user set" variables, possibly pertaining to facebook.
_________________
davidred wrote...
I installed Ubuntu once and it completely destroyed my paying relationship with Microsoft.
Back to top
View user's profile Send private message
0_equals_true
Genuine Charlatan
Phoenix


Joined: Apr 06, 2007
Age: 32
Posts: 8515
Location: London

PostPosted: Sun Mar 28, 2010 2:07 pm    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

TallyMan wrote:
However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):


"DOM Storage" is a misnomer as DOM stands for Document Object Model. All you are referring to is an extension of cookies. It is was way of storing larger session type information on the client side. It is basically just an extension cookies and uses the same associative array type storage. It is usually cleared by the typical cookies/privacy option in your browser.

https://developer.mozilla.org/en/DOM/Storage#Storage_location_and_clearing_the_data
_________________
Nobody's mom
Back to top
View user's profile Send private message
TallyMan
Gone
Forum Moderator


Joined: Mar 31, 2008
Posts: 41833

PostPosted: Sun Mar 28, 2010 2:18 pm    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

0_equals_true wrote:
TallyMan wrote:
However, nobody has yet mentioned the "DOM Storage" type of cookies yet. I could not find enough information about them to fully understand how they work. This is what I turned up (but may not be totally correct or complete):


"DOM Storage" is a misnomer as DOM stands for Document Object Model. All you are referring to is an extension of cookies. It is was way of storing larger session type information on the client side. It is basically just an extension cookies and uses the same associative array type storage. It is usually cleared by the typical cookies/privacy option in your browser.

https://developer.mozilla.org/en/DOM/Storage#Storage_location_and_clearing_the_data


Thanks for clearing that up. The add-on "Better Privacy" supposedly deletes such cookies but it sounds like it isn't even necessary if they can be cleared directly via Firefox anyway. I've got Firefox set to delete all cookies anyway when the browser is closed, so it doesn't sound like they are much of a problem.
_________________
I've left WP indefinitely.

Back to top
View user's profile Send private message
zer0netgain
Phoenix
Phoenix


Joined: Mar 03, 2009
Posts: 6317

PostPosted: Sun Mar 28, 2010 4:22 pm    Post subject: Re: Supercookies and sneaky 'DOM Storage' longterm tracking Reply with quote

TallyMan wrote:
Thanks for clearing that up. The add-on "Better Privacy" supposedly deletes such cookies but it sounds like it isn't even necessary if they can be cleared directly via Firefox anyway. I've got Firefox set to delete all cookies anyway when the browser is closed, so it doesn't sound like they are much of a problem.


Depends. When I first installed Better Privacy, Firefox did not deal with the "supercookie" issue. Maybe now it does. Not a big add on. Lets you dump those nasty buggers every time the program closes.
Back to top
View user's profile Send private message
ValMikeSmith
Terminal ill with computer virus
Phoenix


Joined: May 19, 2008
Age: 44
Posts: 1265
Location: Stranger in a strange land

PostPosted: Mon Mar 29, 2010 3:38 am    Post subject: Reply with quote

Fuzzy wrote:
TallyMan wrote:
Fuzzy wrote:
TallyMan wrote:
[You need to turn on the setting to show hidden folders and files in Windows Exploder.


Fixed. You're welcome.


Apparently the same supercookies also exist in Linux (Ubuntu) and Mac assuming you have flash installed.


They do yes.

My solution is just to have them written to /dev/shm.


How? huh Question Script or Browser settings?
Back to top
View user's profile Send private message
ValMikeSmith
Terminal ill with computer virus
Phoenix


Joined: May 19, 2008
Age: 44
Posts: 1265
Location: Stranger in a strange land

PostPosted: Mon Mar 29, 2010 4:54 am    Post subject: Reply with quote

zer0netgain wrote:
Get the Better Privacy plugin for Firefox. It takes care of that problem.


Better yet, get the older smaller version that doesn't recognize DOM
and SUPERCOOKIES. At some point, firefox UPDATED to ALLOW them.
Without UPDATING, malware would be impossible.

UPDATING is a good thing? Believing this is proof of brainwashing!
My oldest working computer was last updated in 1981.
It makes no sense whatsoever to update anything
without knowing exactly what changes you are making.

How can you remove the bad features by adding (not removing) code?
Back to top
View user's profile Send private message
TallyMan
Gone
Forum Moderator


Joined: Mar 31, 2008
Posts: 41833

PostPosted: Mon Mar 29, 2010 6:53 am    Post subject: Reply with quote

ValMikeSmith wrote:
UPDATING is a good thing? Believing this is proof of brainwashing!
My oldest working computer was last updated in 1981.
It makes no sense whatsoever to update anything
without knowing exactly what changes you are making.

How can you remove the bad features by adding (not removing) code?


Funnily enough the same thought passed through my mind yesterday. The more complex software becomes the more vulnerabilities and holes it has in it that hackers, spies, marketers etc can gain access to your computer by or steal your personal files or commit identity theft. Sometimes the "benefits" of "progress" need to be viewed a bit more objectively. Lots of software just bloats with no perceivable benefit to the end users, just so the marketers can claim to have "the latest and greatest".

I'm stuck with dial-up internet due to living in a very rural location. Software updates have reached the stage of being impossible to keep up with. The likes of Microsoft churn out updates that sometimes are 1GB in size - the service pack update to Visual Studio being a good example.

Adobe reader takes up an obscene amount of disk space considering what it actually does. It also likes to screw around with my machine when it updates - putting icons on my desktop and start bar that I have to delete and then I have to edit the MSCONFIG file to remove all the Adobe startup crap. Repeat this after every Adobe update! The only reason I haven't deleted Abode full stop is that it came pre-installed on this computer and I think it is tied in to other bits of software on there too - so I put up with it rather than risk destabilising something else.
_________________
I've left WP indefinitely.

Back to top
View user's profile Send private message
Fuzzy
Atheist/Apostate Aspie
Phoenix


Joined: Mar 31, 2006
Posts: 5532
Location: Alberta Canada

PostPosted: Mon Mar 29, 2010 12:33 pm    Post subject: Reply with quote

TallyMan wrote:

Adobe reader takes up an obscene amount of disk space considering what it actually does. It also likes to screw around with my machine when it updates - putting icons on my desktop and start bar that I have to delete and then I have to edit the MSCONFIG file to remove all the Adobe startup crap. Repeat this after every Adobe update! The only reason I haven't deleted Abode full stop is that it came pre-installed on this computer and I think it is tied in to other bits of software on there too - so I put up with it rather than risk destabilising something else.


That was one of the reliefs I felt when I switched to linux. I hated PDFs, and every time i wanted to open one, it would start looking for an update. Of course it would have to stop and ask me first... but invariably the next time, or the next update... more adobe bullshit.

itunes and quicktime were just about as bad.
_________________
davidred wrote...
I installed Ubuntu once and it completely destroyed my paying relationship with Microsoft.
Back to top
View user's profile Send private message
Post new topic   Reply to topic    Wrong Planet Autism Forum Index -> Computers, Math, Science, and Technology   
Previous  1, 2  

 
Read more Articles on Wrong Planet



Wrong Planet is a Registered Trademark.
Copyright 2004-2014, Wrong Planet, LLC and Alex Plank. Alex does public speaking for Autism.

Advertise on Wrong Planet

Alex Hotchalk / Glam 

Alex Plank  Aspie Affection 

Terms of Service - You must read this as a user of Wrong Planet | Privacy Policy

Subscribe: RSS Feed  Wrong Planet News  Wrong Planet Forums




fine art