How a Lone Grad Student Scooped the FTC On Privacy Issue 120
Pigskin-Referee sends this excerpt from an article at ProPublica:
"Jonathan Mayer had a hunch. A gifted computer scientist, Mayer suspected that online advertisers might be getting around browser settings that are designed to block tracking devices known as cookies. If his instinct was right, advertisers were following people as they moved from one website to another even though their browsers were configured to prevent this sort of digital shadowing. Working long hours at his office, Mayer ran a series of clever tests in which he purchased ads that acted as sniffers for the sort of unauthorized cookies he was looking for. He hit the jackpot, unearthing one of the biggest privacy scandals of the past year: Google was secretly planting cookies on a vast number of iPhone browsers. Mayer thinks millions of iPhones were targeted by Google."
Re:What are "secret cookies"? (Score:5, Informative)
when the locked-down computer/device prevents you from seeing them?
Not sure if that's what's going on here - but being plain-text does not necessarily mean readable. I don't know how to see/read cookies on my ebook reader, for example.
A good argument for knowing something about how your device works. I don't have an e-Reader, so don't know whether it's even possible to clear cookies (maybe they're needed to maintain access to purchased ebooks). Anyway, this whole rigmarole strongly reinforces Eben Moglen's recent suggestion [slashdot.org]. The spying behavior of locked-down devices is making his case very clearly.
On a PC (not yet locked-down by UEFI), it's not sufficient just to clear cookies and LSOs. We have Opera set to delete its entire cache as well when you exit, and the kids know to clear their browsing history regularly (curious how quickly they learned that one). Firefox is also set to clear its cache and browsing history automatically on exit. On Chromium and Chrome, it's necessary to manually clear the entire cache and browsing history.
FWIW, this site [browserspy.dk] will tell you what can be discerned from your browser just visiting a page. It's likely to increase your paranoia level a bit, especially when this site [eff.org] tells you just how unique your browser is. Ours all appear to be unique, probably largely due to the installed fonts and plugins.
Has anyone else noticed the appalling sensationalism in headlines these days? Slashdot is in danger of becoming just another gutter-press gossip site.
Run Ghostery to see trackers (Score:4, Informative)
Directly relevant to this topic, if you use Firefox, try installing the Mozilla add-on Ghostery [mozilla.org] and monitor the little ghost icon which display a number greater than zero whenever the current web page contains one or more trackers.
If you've never seen it before, it's quite eye-opening how virtually every site contains trackers these days, some sites using large numbers of them. Ghostery blocks every tracker unless told not to, but even if you don't want them blocked, it can be interesting to monitor them and watch how they interact with NoScript.
Good add-on. I wonder whether Chrome and Chromium provide anything equivalent.
Re:google's chrome (Score:5, Informative)
http://www.mattcutts.com/blog/google-chrome-communication/ [mattcutts.com]
http://www.google.com/chrome/intl/en/privacy.html [google.com]
Really? The Google paranoia is pretty heavy around here and is completely unnecessary. If you're not going to bother to become informed, you should avoid telling the world how uninformed you are.
Chrome transfers every action to google (Score:5, Informative)
How do you think google is able to have the bowser on your phone, computer and tablet sync the open taps and pre-fetch all the entries in each instances history? Chrome definitely records every webpage you look at and sends it to google.
Re:What are "secret cookies"? (Score:5, Informative)
Re:What are "secret cookies"? (Score:5, Informative)
There are some things that need to be added to this.
1) Browser history clearing should not be necessary. If a browser leaks history information that is a vulnerability that needs to be addressed. But I've found the ability to search the history very valuable and it isn't something you'd want to deprive yourself of.
Actually, it's still best to clear out your history regularly. The old methods for a web site to trawl through it using Javascript and CSS exploits (tested in the browserspy.dk site I linked to) don't work with relatively modern browsers, but this method [techworld.com] does.
4) It doesn't matter if you can view the cookies you have. Most of the time they're filled with seemingly gibberish. If you can't read them, they're still secret. But remove them and the site stops working.
I remove my cookies regularly (all of them), and they are always deleted when the browser exits. Sites don't "stop working"; at most, you have to log in again the next time you visit. However, this should be the default (as it is for banking sites and for making purchases at reputable sites), and not the "keep me logged in so I can forget my userID and password" option that is preferred by those who don't know or don't care about how easily they can be tracked.
Some of your other points are partly valid (the parts alluded to in my post), but there is much that you got wrong, also. For example, I don't use any of my browsers maximized on any of our Linux PCs at home or on the Windows PC at work, and have never encountered a website which required my browser to be maximized. Are you perhaps using a screen with an insufficient resolution, and making an unsupportable generalization therefrom?