Loss of Privacy

New to Firefox’s nightly builds is the about:permission page, which allows users to customize their privacy. Similar to the about:config, about:permissions will allow the end user to set their browser to the level of privacy that they’re comfortable with on a per site basis.

Type about:permissions into the address bar and you’re presented with a dashboard that lets you configure password retention, geolocation, cookies, pop-ups, and offline storage access on a per-site basis.

If you’ve previously set passwords for a particular site, about:permissions will allow you to view and remove them. You can also manage and delete cookies that site has stored on your system or forget a site completely, wiping any trace of it from Firefox’s memory.

the addition of a centralized dashboard which allows users to maintain control over site permissions and data is a logical next step in the evolution of Firefox. It’s a major convenience, and one which is sure to be welcomed by those who consider privacy to be a serious concern when browsing the web

While this is a nice move by Mozilla, it’s still only in the nightly builds and needs some more tweaking before it’s pushed out to users. Then, the users have to know to check about:permissions as there isn’t currently an option in the tools or options menu.

The EFF and the Tor Project, have launched a firefox extention called HTTPS Everywhere for a little safer browsing. EFF and Tor are major players in the privacy scene and have combined their efforts in creating an extension that encrypts firefox users’ browser communications on several prominent websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Note that some of those sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser’s lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort required to monitor your browsing should still be usefully increased.

The plugin currently works for:

• Google Search

• Wikipedia

• Twitter

• Facebook

• The New York Times

• The Washington Post

• Paypal

• EFF

• Tor

• Ixquick

(and many other sites)

If you are a current NoScript user, you can do the same thing that HTTPS Everywhere does, but it’s on a per site basis. The nice thing about HTTPS Everywhere is that it does it automatically, which is a plus for less technically inclined users. HTTPS Everywhere is also partially based upon NoScript so, no matter which extension you use, you can provide more privacy and security for yourself.

You can get the extension here.

See which advertising companies collect information on your favorite websites. See what they do with the information about your interests and activities.

Targeted Advertising Cookie Opt-Out (TACO) 2.0 is a firefox addon, which may come in handy if you don’t want your information tracked.

Head on over to Help Net Security to learn about 10 vital privacy and security add-ons for Firefox. You really shouldn’t browse without seriously considering these add-ons.

While surfing the web, many websites leave cookies on your computer to track various things.  They range from something simple, such as user names and passwords to the more complicated, such as LSOs that keep track of a vast amount of data concerning your surfing habits.  When you clear your cookies, you mistakenly believe that the cookies, and the tracking data, are gone.  You couldn’t be more wrong.

LSOs are insidious and there isn’t a reason to keep them on your computer.  They aide companies, not the individual.  The problem for most users is that, not only do they not know LSOs exist, they don’t even know where to find them.  These LSO cookies are flash cookies that come from Adobe flash.  If you have the flash plugin, and nearly everyone does, then you likely have a pile of LSOs on your computer somewhere.  A new UC Berkeley report details what these new type of cookies are and how they are used.

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

Even the Whitehouse.gov showed up in the report, with researchers reporting they found a Flash cookie with the name “userId.” The site does say in its privacy policy that it uses tracking technology but it does not mention Flash or tell users how to get rid of the Flash cookie.

All modern browsers now include fine-grained controls to let users decide what cookies to accept and which to get rid of, but Flash cookies are handled differently. These are fixed through a web page on Adobe’s site, where the controls are not easily understood (There is a panel for Global Privacy Settings and another for Website Privacy Settings — the difference is unclear). In fact, the controls are so odd, the page has to tell you that it is the control, not just a tutorial on how to use the control.

Where to find these flash cookies:
* Windows: LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.
* Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys
* GNU-Linux: ~/.macromedia

If you want to take control of these cookies, you can do one of the following:
If you run Windows, you can use ccleaner.
In Firefox, you can add the Better Privacy extension.
In Mac OS X, check out MacHacks for detailed descriptions.