With all those webvideo sites around nowadays it is kinda hard to sound convincing when stating "I don't use flash" :)
For the missing deterioration: That's one of the reasons I still follow this list cheers, Toralv ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Imri Goldberg Sent: Tuesday, September 15, 2009 4:11 PM To: [email protected] Subject: Re: [funsec] Firefox' privacy mode not so private I have to say, I'm surprised that this discussion hasn't deteriorated to: Reply 1: I don't use flash Reply 2: I don't use gui browsing, it's text based browsing for me Reply 3: etc... a-la http://xkcd.com/378/ . On Tue, Sep 15, 2009 at 3:18 PM, <[email protected]<mailto:[email protected]>> wrote: You can configure Flash directly by visiting http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html (Website Privacy Settings / Website Storage Settings) And while you're there, there are lots of other settings you may want to adjust... cheers, Toralv ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Imri Goldberg Sent: Tuesday, September 15, 2009 1:40 AM To: funsec Subject: [funsec] Firefox' privacy mode not so private Heya It seems this was some kind of a 'known secret', but firefox' privacy mode isn't private. Apparently, websites[1] can use flash to store 'Local-Shared-Objects' (LSOs, see http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically cookies. Firefox' regular capabilities of 'clear all private data' and 'privacy mode', which supposedly don't leave any record of your browsing history, don't erase these files. Simplest solution: erase the files. Other solutions: install BetterPrivacy (disclaimer: I didn't use it enough to vouch for it), uninstall flash (and delete the files), install a flash-blocker, etc. I've also written a short blog post on the subject, you can also leave your comments there: http://www.algorithm.co.il/blogs/index.php/security/privacy-mode-not-so-private/ Cheers, Imri [1] websites include at least google and youtube, various cdns (which may be used by multiple websites), etc. -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/<http://www.algorithm.co.il/blogs/> -------------------------------------- -- insert signature here ---- ________________________________ Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444 -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/<http://www.algorithm.co.il/blogs/> -------------------------------------- -- insert signature here ---- ________________________________ Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
