-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Sep 14, 2009 at 4:40 PM, Imri Goldberg <[email protected]> wrote:
> Heya > It seems this was some kind of a 'known secret', but firefox' privacy > mode isn't private. Apparently, websites[1] can use flash to store > 'Local-Shared-Objects' (LSOs, see > http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically > cookies. Firefox' regular capabilities of 'clear all private data' and > 'privacy mode', which supposedly don't leave any record of your browsing > history, don't erase these files. > > Simplest solution: erase the files. > Other solutions: install BetterPrivacy (disclaimer: I didn't use it > enough to vouch for it), uninstall flash (and delete the files), install > a > flash-blocker, etc. > > I've also written a short blog post on the subject, you can also leave > your comments there: > http://www.algorithm.co.il/blogs/index.php/security/privacy-mode-not-so-p > rivate/ > > Cheers, > Imri > > [1] websites include at least google and youtube, various cdns (which may > be used by multiple websites), etc. > > -- > Imri Goldberg That's why I use the FireFox Add-On 'Objection' -- it removes LSOs: http://objection.mozdev.org/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKrt4Oq1pz9mNUZTMRAgJgAKCW7D/e642d1Q6qy4PsLk5aYE9A8QCbBU5c U7A3b1tQlBQ6UdWRWRmIj5A= =WcJe -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
