Cookie conundrum
in [UK Mac]
|
From: Peter Ceresole on 3 Feb 2010 13:02 Phil Taylor <nothere(a)all.invalid> wrote: > If you were the author of the browser, you could include an option to > randomise not only the browser ID, but the information returned > whenever the list of plugins, fonts etc. is requested. That would make > the browser completely untrackable. I wonder if it's worth suggesting > that to Alexander Clauss (author of iCab)? I'd have thought that a most effective move might be to get the idea in as a feature request for Firefox. -- Peter
From: Rowland McDonnell on 3 Feb 2010 13:03 James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: > Rowland McDonnell wrote: > > > James Taylor wrote: [snip] > > But I'd assume that I were trackable if I were using the Web in China or > > the UK or anywhere else that the government pries excessively into > > personal privacy - unless I was using correctly set-up special privacy > > software, such as TOR. > > > > <http://www.torproject.org/> > > Oh no, you'd be crazy to use Tor in such countries. They will know all > the IP addresses of Tor nodes /All/ of them? Really? > and have automatic detection systems > flagging up whenever anyone uses them. Doing so would be broadcasting > loudly that you were up to no good. But surely they'd be following you and tracking you *ANYWAY*? I don't see any problems in letting 'em know that you're not as stupid as they'd hoped. Taking steps to hide what you're doing in those circumstances is plain common sense - you know they're on to you, so you wrap up all your e-comms as much as possible. And the great thing about TOR is that it denies 'em lots more data than *merely* using PGP and similar. > People often misunderstand the purpose and limitations of Tor. All it > does is mask the user's true IP address so the operator of a server > cannot see where the user came from. Aye. > It does this in such a way that > even an omniscient observer (a government, NSA, etc) able to watch all > Tor activity would not be able to reliably distinguish that user from > any of the other users of the Tor network. However, it cannot hide the > fact that a user is using Tor. Indeed. > Also, while Tor uses encryption within > the Tor system, traffic must eventually arrive at the final node where > it is fully decrypted and sent out in the clear to the destination. The > user must therefore trust the final node not to be sniffing or altering > the traffic as it passes. But the user can assume such activity and take extra precautions, such as using encryption, so that assumption's invalid. > Given that Tor is necessarily slow and introduces considerable delay and > jitter, the kind of traffic being carried over the Tor network is mainly > that which people have a reason to hide, and thus exactly the kind of > traffic that governments and law enforcement agencies have good reason > to be monitoring in expectation of rich pickings. I want to know when police forces started to get assumed to be `law enforcement agencies'. The UK police service is supposed to be nothing of the sort. > Even if the stated > operator of a final Tor node is trustworthy (and not just a front for > another NSA operated node) you nevertheless can bet that governments > have invested a good portion of their budget installing remote sniffing > and traffic injection devices upstream from all Tor nodes in existence. > They'd be very stupid not to. Eh? Explain. >Not only does this allow them to capture > sensitive data that may identify users, but it also allows them to > monkey around with the traffic as it passes through in order to cause > the user at the other end to reveal himself. Hmm... Maybe - surely the TOR network is sufficiently random that that's rather hard to do? > There are very few ways you can use Tor without being susceptible to > being monitored, identified, and even exploited by a silent spyware > injection. How's the spyware injection going to work? btw, there's NO way to use the internet without being susceptible to being monitored, identified, and even exploited by a silent spyware injection (if such is possible using TOR, then it's easier without). Given that, it seems to me that it's sensible to use multiple layers of obfuscation to protect yourself. In situations when the authorities are *heavy* such as China and the UK, maximum obfuscation is called for. > Those who use Tor are putting themselves at far greater risk > than those who don't unless they have the skill to use it carefully > enough, Aye. > eg. by using an ssh tunnel through to an endpoint server that > isn't being monitored, That's not skill that's required, that's information - information which is actually quite hard to come by. >but this assumes the NSA can't crack ssh (a very > shaky assumption) and that they wouldn't just put a monitor on the > endpoint, and it also means the user's IP is traceable to the endpoint > thus undermining one aspect of what Tor was being used for in the first > place. It's a no win situation. > > > Don't worry TOO much about the Burmese authorities - *they* don't have > > the sophistication available to the UK or Chinese governments, > > I think that's naive. I think that's insulting of you. >All oppressive states have a strong motive to > spend a big portion of their resources on the appropriate monitoring > equipment. <sigh> They also have a strong motive to spend a big portion of their budget on all sorts of other things. The colonels in charge are not sophisticated well-informed well-educated people. They are ill-educated and ignorant. They know how to bully and terrorise. They are not technologically sophisticated. They don't know what's possible and what's not. And they do know that almost all of their people don't have internet access. So while these not actually stupid tyrannical thugs will have internet controls in place, there's no way what the Burmese are up to could come close in sophistication to what our lot are up to - or the Chinese for that matter. >There are clever people in every nation, but the Burmese will > have what they need whether they develop it themselves or buy it in. Tyrannical oppressive dictatorships in small poor rural nations aren't the same as tyrannical oppressive dictatorships in advanced industrialized nations. Do bear that in mind. > > But I'd assume that I'd have to use TOR for any sort of privacy; > > Anonymity in the crowd is your best protection, not skulking around in > the shadows of Tor which as being so closely scrutinised. And yet anonymity in the crowd is exactly what none of us have - unless we can somehow hide all our identifying features, which is quite tricky. [snip] > > So if one is going to use TOR, one must use a separate user account with > > everything set up differently so that at least they can't connect your > > TOR browsing with `Who you are in real life'. > > Good idea, but it's not sufficient given the tricks that can be used to > reveal your real IP. Add to that the technique of browser fingerprinting > and you are easily identifiable. No safeguard is sufficient on its own. Not one of them. That's the point. The only hope is multiple layers of defence - TOR's one such layer. Rowland. -- Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org Sorry - the spam got to me http://www.mag-uk.org http://www.bmf.co.uk UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Rowland McDonnell on 3 Feb 2010 13:03 Geoff Berrow <blthecat(a)ckdog.co.uk> wrote: > usenet(a)alienrat.co.uk (Woody) wrote: > > >> That's a good point. What does that value actually mean? Is a large > >> number good or bad? Does it mean I am similar to the 500,000 or different. > >> > >> 'Uniqueness' is such a horrible word. > > > >It means that in all the browsers they have tested so far you can be > >individualy identified. > > If you want anonymity, go to an Internet cafe. Anonymity is exactly what you will be denied if you do that. If you want anonymity: learn Hindi and Urdu, change your name, move to India. Lose yourself in the teeming masses. You stond little other chance of hiding yourself. (more people in China, but it's harder for folk like us - well, me - to blend in) > Why is the Internet any different from real life? IRL, one is not identified everywhere. > We are identified > everywhere we go on cctv cameras everywhere. That's only a recent innovation. > Sainsbury's have cameras > that display my reg number when I drive onto their car park. Which is a Bad Thing. > Remembering something about a customer can be a good thing. Tracking people to the extent that we are tracked, and using that information better to exploit and control that person - which is what commercial firms and governments are up to - that is always a Bad Thing. > The > landlady in the pub remembers me and what I drink (diet coke, before > you ask...). The garage attendant know which is my car. I could wear > a mask and stop this from happening but the only person that would > hurt would be me. The situations are not remotely comparable. Rowland. -- Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org Sorry - the spam got to me http://www.mag-uk.org http://www.bmf.co.uk UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Rowland McDonnell on 3 Feb 2010 13:14 Peter Ceresole <peter(a)cara.demon.co.uk> wrote: > Phil Taylor <nothere(a)all.invalid> wrote: > > > If you were the author of the browser, you could include an option to > > randomise not only the browser ID, but the information returned > > whenever the list of plugins, fonts etc. is requested. That would make > > the browser completely untrackable. I wonder if it's worth suggesting > > that to Alexander Clauss (author of iCab)? > > I'd have thought that a most effective move might be to get the idea in > as a feature request for Firefox. Sounds like a job for a Firefox plugin. Rowland. -- Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org Sorry - the spam got to me http://www.mag-uk.org http://www.bmf.co.uk UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Pd on 3 Feb 2010 14:20
GD <real.email(a)signature.below> wrote: > On Wed, 3 Feb 2010 10:54:37 +0000, Phil Taylor wrote > (in article <030220101054376670%nothere(a)all.invalid>): > > > On the subject of Flash cookies, does anybody know where they are > > stored and how they can be inspected or deleted? > > They're stored in the Macromedia folder in your user prefs folder. I have a whole bunch of folders in my preferences called variations of "w)ë†wêòøˇœ`è¿≈," They all have nothing in them. Any ideas where they may have come from? Hopefully they're not from donkeypron.com and sexylingerieformen.com, which are the only two embarrassing websites I visit. -- Pd |