Tor
No wonder it's running slow, it's the only thing close to surfing the web in private!
The already strained relationship between Google and the NSA has got a little bit worse, after claims in the latest Snowden leak that intelligence agencies are using the Chocolate Factory's cookies to track targets. Documents seen by the Washington Post show that the NSA and the British snoops at GCHQ have found a way to …
" Paranoia pays off again."
Only if you've very paranoid. I suspect a typical browser even in private mode with "do not track" flags will be vulnerable to the more persistent forms of cookie. Do a search on evercookies, and you'll see one example of what you're up against. Ghostery and the like can help, but ultimately it is a straightforward arms race.
Amonymous Coward said,"DuckDuckGo.com for cookie free search and no tracking. Why the somnambulistic American public puts up with a tenth of this BS, I will never know."
Haven't you noticed the grid lock in the American congress? It isn't all because of the budget - many of us, especially conservatives, never did like what they put in the Homeland security legislation - This despite what our twisted media seems to believe!
I have one HIPS(Emisoft) that has already flipped the bird at the Germans for not allowing spies on board, but it doesn't block cookies. So maybe now SaferNetworking in Germany will wake up and start issuing cookie blocks for NSA's crap! I'm sure Chancellor Markel will be more than happy to back them up, as miffed as she's been with the US lately! CCleaner should be able to remove them, even if they are Zombie cookies, and they don't use white lists that I've ever heard of - and we in the security community would have known if Piriform was doing that. They've been very transparent about this business, and have a reputation for that to uphold.
As you can see in the world news - Our businesses woke up too late and are backpedaling furiously to negate anything NSA or any other nincompoop bureaucracy is up to! Even Microsoft seems to be scrambling to join the fray, if you believe those turds, anyway.
If Google has been subverted, you can bet your ass that everything else of weight has been, too. Some willingly, some less so, but compliant nevertheless, if they want to do business in or passing through the USA. Just a safe assumption, even if not provable.
And, now, is this vindication against all those who --blindly, negligently, ignorantly, deceitfully -- who for YEARS kept telling us, the world, that cookies are harmless, that they cannot be manipulated, that they do not carry payload, and only collect, not command?
And, people supposedly smarter than myself would consider me paranoid. I love getting vindication, even years after the fact, but lament the fact that lots of wrongdoing can be done, or has been done.
I am the eye in the sky, looking at you, I can read your mind
I am the maker of rules, dealing with fools, I can cheat you blind
And I don't need to see any more, to know that
I can read your mind (Looking at you)
I can read your mind (Looking at you)...
Still one of my favourite songs today, and eerily prophetic.
Try
Tools / Options / Privacy / Use custom settings for history / Keep until: I close Firefox
Then
Tools / Options / Privacy / User custom settings for history / Accept cookies from sites / Exceptions / Google.com [block]
Life is SO much better...when you don't have any [persistent] system cookies at ALL.
The problem with doing this is that you have to re-log in to sites like Facebook, and if I remember correctly, other sites that the browser (FF) used to remember the un and pw, no longer does.
I tried this before, and it became such a pain that I stopped doing it. If the NSA wants to track me, they're going to do so whether I try to stop them or not. I think we all have to recognize that. This isn't the same world that we used to have before the internet.
is equivalent to having no security at all.
For Firefox
Tools / Options / Security / Saved passwords / Show passwords
shows your private lovelies, all out in the open for any person with access to your computer to see. I doubt that you have the Master password set, correct?
Yes, I have Firefox save some passwords...on my office machine. Why? Because my boss insists on occasionally sitting at my desk (and trying to make it his own by rearranging it) and then using my computer to log on to our various online business profiles...to only realize he doesn't know / can't remember the passwords. So rather than hear him complain [about his own technical incompetence] I saved some UN and PW's. Making the decision to do so was very hard for me but it was either that or hear him complain [about his own stupidity], and I grow tired of it sometimes.
As for my personal machines? Nope, no, never ever. Did I mention NEVER? Not even on my cell phones do I have a SINGLE UN or PW saved, and indeed on my cell phone I make it a point to periodically erase all cookies. Especially if I did a Google search because I forgot to switch the search engine preference to DuckDuckGo after I restarted the browser.
If I can't remember my access codes to my online profiles...then I don't truly use and therefore have no dire need for that access, now do I?
Invent an algorithm for your passwords.
If you forget your password recalculate My_Algorithm( "Facebook", other_things_that_I_CAN_remember)
It doesn't have to be complicated. You're already ahead of 99% of the crowd. I don't imagine for a moment it'll defeat spooks (who have inside access to Facebook et al anyway). It will defeat the sort of criminal who assumes that all your passwords are likely to be the same, or steals your computer so he can use your stored passwords.
And use a different algorithm for passwords that unlock real money!
If I understand correctly, restricting these cookies for a session is a pain in certain parts of anatomy, but not because of logins - to FB or anything else. Logins - remembering the UN/PW combo - can be handled by the browser or the system,no need for persistent cookies there.
The problem is with various settings ("preferences"). You want to configure your search? Prefer a certain language? Want Safe Search enabled/disabled? 20 results per page? That is where the PREF cookie comes in. Without it you need to configure your preferences each time you start the browser. And it is the cookie, not your account, since you are not necessarily signed on before you search (and if you cold set preferences only for signed on sessions you would not need the cookie but the result would arguably be even worse, privacy-wise).
If you don't mind the defaults - or doing repetitive customizations each time - limit google.com cookies to session and enjoy the warm and fuzzy feeling of having thwarted another effort of those nasty alphabet-soup agencies. Otherwise, carry on, but don't think that, e.g., TOR can help with his problem - your IP will be obfuscated but your cookie will still be yours.
Ghostery
AdblockPlus
Better Privacy
Self Destructing Cookies
HTTPS Everywhere
Never save passwords
Reject third party cookies
Always clear cookies on exit
Not enough though, install Lightbeam add-on from Mozilla, and use your browser for a while.
You will be alarmed at the amount of tracking that occurs.
Life is SO much better...when you don't have any [persistent] system cookies at ALL
Right. I always set cookies to expire at the end of session and run my browser without scripts. Also, I usually have a number of Firefox 'cleaning' plugins* set active.
In addition to these 'cleaning' plugins I also get CCleaner to wipe the FireFox cache, cookie data etc. multiple times a day. There are several other cleaners too that clean stuff that CCleaner either misses or ignores.
I periodically check for toolbars lurking in the registry (and in browser configs etc.)—Google, Ask.com etc.—and if not deleted by the cleaning tools I manually delete them. Also, if I suspect the registry has had a 'hard day' I reload the previous day's registry or another even earlier one from the automatically-stored 30-day registry backup repository using ERUNT (also useful if one trials a lot of software as I do).
Also, I'll regularly spring-clean my FireFox user-profile. This means deleting the complete profile and replacing it from an earlier clean backup.
From what I read here in this group of El Reg posts, I'm very surprised that most El Reg readers don't essentially do similar—just as a matter of form. Very odd!!
I don't do all this because of NSA paranoia—rather it's to both keep ad 'conglomerators' such as Doubleclick at bay and make Firefox run faster—it's surprising how much faster browsers work with all that 'JavaStuff' disabled.
Most web sites work fine this way. Whenever I strike a site that I have to access which insists on cookies and or JavaScript I simply fire up a separate browser installation with cookies enabled etc. and cut-and-paste the offending URL into it. The browser is cleaned when finished.
_______
* Ghostery (set for 'ALL' on); NoScript, FlashBlock, BetterPrivacy (for especially hard cookies--known as local shared objects (LSOs)—Google etc.; AdBlock Plus, JavaScript Deobfuscator. And several other Java blocking/controlling and monitoring tools (XPIs).
It seems to me that whilst GCHQ, the NSA, etc. have nothing to worry about from us the citizenry, that can't be said about big business/multinationals.
Stand between big business and a dollar and there'll automatically be big trouble. And Snowden's revelations have spooked it into realising that being spyed upon ultimately means less moolah.
Now, as we know the only truly real citizen in a modern democracy is big business.
'Nuff said.
Try
Tools / Options / Privacy / Use custom settings for history / Keep until: I close Firefox
Then
Tools / Options / Privacy / User custom settings for history / Accept cookies from sites / Exceptions / Google.com [block]
Life is SO much better...when you don't have any [persistent] system cookies at ALL
I can do all of that and more with CookieSafe and without even opening Firefox's options dialogue.
Firefox allows more than one profile, so it's possible to have a clean and a dirty one, using different shortcuts to start them.
http://kb.mozillazine.org/Opening_a_new_instance_of_Firefox_with_another_profile
Alternatively, using PortableApps for example, it's not too difficult to load separate copies of Firefox for different purposes, each of which has its own cookie store. Styles can be used to distinguish them when they are on screen and it's easy to delete them entire and replace periodically. This is not as good as using a sandbox, but would keep a large proportion of rubbish at bay.
There is precedent: The philosopher and drug dealer Howard Marks was asked, after the publication of his autobiography,how a man who smoked so much dope was able to remember the dates and general chronology of his life. He said that since the US authorities had been watching him for years, he simply made a Freedom of Information request, and received back the skeleton of his life story.
I've long wanted to ask them (NSA) for transcripts of the secret Cheney task force on energy policy that he had early in his (whoops, Bush Boy's) presidency.
And then there were all those deleted emails from the White House back in the Ashcroft days.
Or fly-on-the wall during every congress-critter's chats at the bars around DC with savory or not companions.
I know these are all out there and being analyzed for potential use. Lord, Edgar Hoover (FBI thru 1972) knew how to collect and analyze tons of message intercepts and blackmail citizens and politicians. This was before absolutely every voice/email/etc message was collected by extra-gov facilities. Just imagine what they have on EVERYONE.
But, it ISSS. You misSSSsed a few hundred staff meetings -- otherwisssse you would not hhhhold in contempt our great SSSStansuuu SSssiglorsssuu. You would have ssseen the weekly WAR reports indicating that the Earth rat population is down by 62% in NYCcccc and Gainessssville, Florida sincccce the human insssurgentsss demolissshhed two of our rodent reproducttttion faccccilitiessss.
We will reprogram you and then Anna will decccide your fate.... human ssssympathisssser...
(SSSSorry... I could not ressssissst. Human humor attemptssss overrun me in thissss bodily form....)
I see google pages and multiple other web stats companies when ElReg pages load ? I know the site needs to make money, but always assumed that google was in there somewhere. Cold booting from linux live DVDs is beginning to look better all the time, if I had to hide something.
Your problem is not if you have something to hide, it is if THEY have something to hide.
THEY includes your government, the US government and anyone they share data with.
Google, Facebook and the others are probably less of a direct threat although they are intrusive and a nuisance.
Lots of citizens in Germany from the mid thirties had nothing to hide but paid a high price.
Lots of citizens in East Germany until the fall of the wall had nothing to hide but things did not go well for them.
It is not all about Germany either the same sort of government behaviour has existed elsewhere, Chile is just one example.
Google Analyticssss is a Ssssic... It wassss meant to be Google
Anna Lick Ticksss, a special project of the V Ssssecurity Apparatussss to find the remaining human ssssympthizers amongt the V sssshipssss. Ssssnowden wassss almosssst captured, and wassss partially sssskinned alive, but with help, essscaped. The Vatican would have no more V activity exposssingg their operations, and sssso Ssssnowden was ab-sssconded to Russssia.
Word hassss it that he sssstole and managed to hide the ssssignature of a Blue Energy generator matrixxxx. What can you report on thissss sssset of developmentssss?
OKAY
Re: google Analytics ?
What worries me a bit is not so much the technology but the impact on human society, humanism and human interaction spurred on by some of the (usually destructive) psychologies of the watched by the watchers by commanding authorities.
What and where these new dynamics take humanity is adventurous and where will it go in 2 or 3 generations (hunan ones not technological ones)?
What is the answer to all this snooping, apart from turning off all my connected devices?
Is there a place on this planet where the Five Eyes do not have jurisdiction, where servers are not compromised (a-la Cisco/Juniper)?
Running a Live Linux boot CD/DVD is slow and painful.
And just as an aside, I started using bookmarks in my Google Chrome browser. I haven't used bookmarks in years, but started to as I was writing an article about all this snooping. Then suddenly, one morning, I found all of my bookmarks deleted, gone. The only bookmarks I had were to news sites like this one, The Washington Post, Guardian, etc. (i do drink a lot)
>Running a Live Linux boot CD/DVD is slow and painful.
Well, there is no reason you can't install Linux on a HDD, make an image of it in it's clean state, and then restore that image prior to each session (shouldn't take long on SSDs, and you could use a USB-booted environment to automate the process at each boot. After each session, make a few random writes to the HDD. I don't know too much about Linux, but I was under the impression that you can put its swap files where you want - onto volatile storage, for example.
This is just a top-of-head idea. I'm sure more thought-through ideas exist.
You could look into http://en.wikipedia.org/wiki/Tin_Hat_Linux as well.
Use a VM. Install Linux (Paranoid version: do not install Firefox or Seamonkey at this stage). Shut it down. Make a copy of the VM. Boot the copy. (Paranoid version: now download and install a browser). Browse. After your chosen time window, blow away the used browser VM, make another copy of the virgin one.
Now, do I trust that NSA hasn't found a way to subvert VMWare player so it can track every VM running in a particular player instance? Or that Browser instances aren't somehow trackable from day one (say courtesy of a secret NSA implant in MS OS'es) with all this Google cookie fuss as camouflage? Of course if the VM host is also Linux, there are lots of alternatives and all source code is available.
the right icon would be a hall of mirrors, possibly with Granny Weatherwax's naughty sister standing between them.
> Sometimes those "members" are anonymous
No, I don't think so. They might conceivably be pseudonymous to the general public (I haven't checked), but I'm pretty sure that Linus doesn't give commit rights to truly anonymous entities.
> Where is the guarantee that backdoor code has not been snuck into all versions of Linux??
The code is reviewed by multiple different eyeballs, including Linus' or his decidedly-not-anonymous lieutenants', before it makes it into the released codebase. The trust that you may place in them is as good a guarantee as you're going to get, unless you read the code yourself. This is the advantage of the bazaar over the cathedral.
I think he deserves acknowledgement for going against the establishment when doing so was probably the end of his career, if not life. He could be labeled Quixotic but his targets are real and evil. They might not even know they are "evil" since they are serving some government -- more likely serving some nice DC banditry contracing fees. "Hey, I'm just doing my job (and living in a McMansion paid for by the US taxpayer.)
I wouldn't even say that the NSA and suchlike are evil. They're just government agencies and they probably think they are doing good. At present one might credit the governments of the USA and the UK with some degree of good intent, or at least benign intent. But do we all know what is proverbially paved with good intentions?
The road to hell.
There's also the advice about "Power corrupts ...." and I think it's becoming clear that they are stealthily acquiring more power and becoming more corrupt. Yes, for sure we're on the road to hell. How can we get off it?
Has anything been done that could not have been done by attaching a sniffer to a router?
Given that, is there any reason whatever to think that the authorities in country X do not have sniffers attached at all appropriate points in country X ( and possibly a few others)?
A sensible level of paranoia dictates answers of "No" to each.
It is a fact that Edward Snowden, major snitch, has outed the USNSA and other Five Eyes signals intelligence agencies, but it also is a fact (almost to a certainty) that those in country X are being spied on by their own governments to the same extent as or more than they are being tracked by any of the Five Eyes governments. And it is a fact that their governments, unlike others, have police powers that the NSA and its associates do not. The US NSA could go out of business tomorrow without effectively changing the fact of surveillance for most people.
A distaste for US/GB/Canada/Australia/New Zealand communication surveillance is quite understandable, but is not an excuse for ignoring the fundamental problem.
I know, this is probably not a popular point to be making ...
But come on Lads & Lasses at El-Reg, eh?
So when they tapped into those cables that should have carried encrypted data - but didn't - "inside" google's network, as well as looking at some data ... they looked at some other data.
And that other data was cookies Google use to track "people" (and have done so, for a very long time).
Like I say, I know it's probably not going to be popular ... And I know everyone has to eat ... but honestly? Makes me sad, El-Reg
hmm, i don't think so. Snowden has made info available that exposes the reality of total surveilance. Something that many suspected was happening but one could not be quite sure it was technically possible (think of the enormous amounts of data that are being slurped and sifted everyday).
Snowden is in my opinion a hero and I hope that he survives to a ripe old age.
With all this tracking and data gathering, presumably they know what porn I like.
If something i do or say on the net/phone rings alarms that i may be about to do something they consider threatening, they could just distract me with some of that porn i like.
If that doesnt work, they could send a tall, tanned, busty latino lady to me to distract me properly for a while (or Nigella. With some of that charlie please).
Threat contained, no ones killed, everybodys happy. Pwn me now!
Whilst we - the learned El Reg readership - may know what to do, and how to block cookies/ads etc, we are but few - and simply blocking them means that the information these companies (e.g. goggle) get is still valid.
What I would like (and can't find) is a cookie scambler - something that allows me to choose whether I reply to a cookie read action with a) The true cookie content, b) A random string of crap, or c) A fixed string (e.g. F**K OFF). In a similar way to how things like privoxy can alter the referrer string, or user agents.etc
I'd be much happier knowing that I'm sending misinformation rather than none - and misinformation is more likely to get them to change there ways than a few people abstaining.
PS. If anybody knows of a plug-in that does the above please let me know
Big brother has always been watching us, just the method and technology has changed over the years.
Postal censorship and wire taps have now we have been replaced by packet sniffers and embedded trapdoors in software and open ports on HW.
Its no coincidence that Israel and the USA have very strong global IT supplier bases. China quickly catching up.