[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Supercookies

On Thu, 2009-08-20 at 09:54 -0400, Praedor Atrebates wrote:
> On Thursday 20 August 2009 09:36:40 am Ted Smith wrote:
> > On Thu, 2009-08-20 at 08:55 +0200, Matej Kovacic wrote:
> > > Hi,
> > > 
> > > I am not sure if this was on this list, but it is an interesting
> > > information:
> > > 
> > > http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
> > > it seems cookies could be "respawned"...
> > > 
> > > And there is a plugin to remove this LSO's:
> > > https://addons.mozilla.org/en-US/firefox/addon/6623
> > > 
> > > You need to set Flash directory (autodetection does not always work):
> > > - Windows: %APPDATA%\Macromedia\Flash Player\
> > > - Macintosh: ~/Library/Preferences/Macromedia/Flash Player/
> > > - Linux/Unix: ~/.macromedia/Flash_Player/
> > > 
> > > Maybe something like that should be integraded into TorButton...
> > > However, the question is what about Silverlight and other non-flash
> > > plugins...
> > > 
> > > There is also a Windows tool called CCleaner (http://www.ccleaner.com/)...
> > > 
> > > bye, Matej
> > 
> > The best solution here is not to use non-free software as a general
> > rule, and stay the f*** away from non-free software peddled by companies
> > that have their software phone home to "". IIRC, Gnash,
> > the GNU swf decoder/player/interpreter/whatever, does not have these
> > flash cookies, and if it did, you could easily disable or find a way to
> > purge them. 
> There is a nice writeup on these cookies and simple (non-firefox/global) protection from such cookies at:
> http://www.linuxplanet.com/linuxplanet/tutorials/6709/1/
> No need to go extreme and lose most functionality by going 10000% free/open software.  You simply lose a lot of nice, desireable web functionality if you do.  At the end of the above article is a quick write about Gnash, the open/free flashplayer (though lacking a lot of functionality/compatibility) and how it handles flash cookies.
You don't "lose most functionality" by using free software. You gain
freedom, and in this case, security. There's no reason to make things
incredibly hard for yourself by giving your adversary access to a
process on your machine, and there's no reason to run Flash when mostly,
the sites that use it are the ones most likely to be hostile to your


> Gnash supports LSOs too, but unlike Adobe, we print messages in a
> debug log (if it's enabled) about what is being stored. But more
> importantly, we do have a utility program called "soldumper" that one
> can use to dump all the encoded data in a .sol file to the terminal.
> This way you can see exactly what is being stored about you.
Gnash supports most flash I run into on the web, and I haven't had much
trouble with it, especially with later releases. More importantly, the
developers care about privacy, and if they stop caring, someone else can
pick up where they left off. That's a stark contrast with Adobe, who has
actively acted against user privacy on multiple occasions.
By the way, saying "free/open" is pretty redundant, isn't it? The Free
Software Definition and the Open Source Definition line up almost
exactly -- is there really a need to specify that Gnash, a program
licensed under the GPLv3, is both free software and open source?

Attachment: signature.asc
Description: This is a digitally signed message part