Heya It seems this was some kind of a 'known secret', but firefox' privacy mode isn't private. Apparently, websites[1] can use flash to store 'Local-Shared-Objects' (LSOs, see http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically cookies. Firefox' regular capabilities of 'clear all private data' and 'privacy mode', which supposedly don't leave any record of your browsing history, don't erase these files.
Simplest solution: erase the files. Other solutions: install BetterPrivacy (disclaimer: I didn't use it enough to vouch for it), uninstall flash (and delete the files), install a flash-blocker, etc. I've also written a short blog post on the subject, you can also leave your comments there: http://www.algorithm.co.il/blogs/index.php/security/privacy-mode-not-so-private/ Cheers, Imri [1] websites include at least google and youtube, various cdns (which may be used by multiple websites), etc. -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/ -------------------------------------- -- insert signature here ----
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
