On Thu, 25 Aug 2016 02:51:56 -0000 "William Mattison" <mattison.computer@xxxxxxxxx> wrote: > (I'm replying to the entire discussion as of Wednesday evening US > Mountain time.) [snip] > * Stan - In your last message on this topic, you implied you are > abandoning Adblock Plus and said you are using "tracking blockers". > Which? Privacy Badger. In fact, I've come to rely on it almost exclusively for active tracking denial. My reasoning is that surreptitious tracking is virus like. That is, the people doing it are actively evolving their attacks, and disregarding user preferences. So any fixed response is always one generation behind the bad guys. Privacy Badger is a form of AI, that looks for behavior that indicates tracking, rather than "making a list, and checking it twice". So, when a new tracker appears, it learns and automatically blocks it. I haven't looked at the code, so I don't know how sophisticated the algorithm is - given time and effort, I think it could become *very* sophisticated; intercepting javascript calls to determine who's calling, checking content creation, etc. Evercookies are like a real virus in that they *have* to do certain things if they are to survive, so blocking those things, or looking for them and removing them, will kill an evercookie. I also use self-destructing cookies and better privacy and no google analytics plugins. Ten seconds after I close a site, all cookies exclusive to that site are deleted. I have html5 local storage turned off, so I don't allow third parties to store data on my computer that way. I also have self-destructing cookies set to clear the local cache after a few minutes of inactivity (they suggest a few seconds, I think). I don't run flash. Sometimes a little inconvenient, but most sites are moving away from it. And in a few years (2018), when all the patents on mpg have expired (I think there are only two left), html5 will be able to use mpg as the fallback, and that will displace even more flash. Flash also seems to have regular security breaches. This link has a conversation about evercookies, and blocking them. It isn't very optimistic reading. One of the responses suggests using a technique very like what Drew Samson suggested, and took it further by using TOR, and remapping the MAC address of the virtual environment. A bridge too far for me. At some point, the mitigating measures become too burdensome. I notice that the suggestion of using private browsing got a downvote, but everything I've read suggests that this does block evercookies. http://security.stackexchange.com/questions/38101/how-can-i-protect-myself-from-evercookies I used to use ghostery and noscript, and I think noscript definitely helps with blocking google and facebook, since it doesn't allow their ubiquitous content to run unless manually enabled. And I used to see ghostery blocking lots of sites - but it uses a static list of sites, sites which are trackers and good to block, but only as up to date as their information. I find privacy badger blocking the things I want blocked when I look. Noscript also keeps unwanted video from running when visiting sites. Hmmm, I've almost talked myself into enabling it again. :-) Maybe I'll try the uMatrix that Ahmad Samir suggested. I've been checking for where google is storing the data that re-creates their cookie after I delete it. I haven't found it yet, but I'll keep looking. It's the only cookie that does re-create itself, so that's an indication that what I'm doing is mostly working. Google has lots of smart people working there, so they could have taken the evercookie idea and moved it in new directions. And they could have put back doors into chrome and firefox. I doubt that they use the evercookie name or code, they'll have obfuscated it, perhaps made it part of a legitimate function call. I wonder how well creating a git, or other, repository around the .mozilla directory and doing diffs before and after browsing would work for finding hidden content? Or using the signature in the cookie, and doing a grep of the .mozilla directory, looking for that sequence. Ideas to try. The arms race continues. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
