[sf-lug] cookies in Ubuntu

Ehud Kaldor ehud.kaldor at gmail.com
Tue Jul 5 23:06:16 PDT 2011 

to add some to Rick's recommendations for plugins in the slides (if
privacy is indeed the topic at hand), two more that i found recently,
for firefox:

    ghostery - tells you what tracking authorities are tracking you for
    each site you go to, and allows you to block them.

    certwatch - tells you who issued the certificate of any new ssl site
    you go to, and tells you if it changed, subsequently. good against
    certificate hijacking.


--Ehud


On 07/05/2011 10:42 PM, Rick Moen wrote:
> Quoting Mikki McGee (mikkimc at earthlink.net):
>
>> Are cookies or other identifiers added, in Ubuntu?  If so, where and
>> how does one locate them to identify and or delete them?
> 'Cookies' (aka 'magic cookies') is a rather general concept in computing
> (including Linux computing), and it's likely you are intending to ask
> about one specific type of cookie but not others.
>
> You probably mean HTTP cookies, aka Web cookies, aka browser cookies.
> See:   https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_cookie
> There are also:
>
> o  X Window System cookies (which have nothing particularly to do with 
>    Web browsers)
> o  'Flash cookies', which Adobe calls Local Shared Objects (LSOs)
>
> To address as stated your question about location:  HTTP cookies are
> stored on any given system wherever the Web browser client program puts
> them.  Firefox on Linux stores them in
> ~/.mozilla/firefox/[userhash]/cookies.sqlite, which as the name suggests
> is a SQLite database file.
>
> 'To identify or delete them', you say?  Hmm, well, knowing the directory
> location of the SQlite database doesn't help you do that, because what
> you probably want to do is examine, delete, and otherwise manage HTTP
> cookies from _inside_ of your Web browser, instead of at the file level.
>
> In Firefox, go to Edit menu, Preferences, Privacy, 'remove individual
> cookies'.  This will bring up a Cookies window showing a scrolling
> display of all currently stored HTTP cookies and domain and what the
> content, path, type of associated connection, and expiration data is for
> each.  Don't be surprised if the 'Content' field is most often gibberish
> to you.  Anyhow, rummaging through, editing, and pruning the stored HTTP
> cookies has the net effect of editing the aforementioned SQLite file.
>
> As you will see in my lecture slides and notes from my Feb. 2001 talk
> about browser security in front of SVLUG (SVLUG News column on
> http://www.svlug.org/), one of my strong recommendations is Beef Taco, a
> parcel of deliberately long-lived HTTP cookies you can load to preempt
> the ones you probably most want to avoid.
>
> You will also note on Slide 9 the large list of other places a browser
> provides that can be used by Web sites to store 'cookie'-type
> information in local browser state, and on slide 10 the core of my
> argument that Javascript is the key technology that must be corralled
> by the user to curb abuse.  (Sorry, but the slides do not purport to 
> contain my entire lecture; they were merely props / bullet points for
> it.  However, they + the lecture notes aim to come at least close.)
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20110705/cead6482/attachment.html>

More information about the sf-lug mailing list