Mozilla saving some site details?

Phishfry

Beastie's Twin

Reaction score: 2,371
Messages: 5,278

I like to go file browsing through my files alot to see what is going on.
In recent versions of SeaMonkey I am see some of my browsing sites leaving residual effects in this directory.
/$user/.mozilla/seamonkey/mslfqbwp.default/storage/default/
I use the same locked down setting as ever.
Here is a look:
Code:
 ls /.mozilla/seamonkey/mslfqbwp.default/storage/default
http+++money.cnn.com        https+++www.pressherald.com
http+++www.orlandosentinel.com    https+++www.seattletimes.com
https+++forums.freebsd.org    https+++www.theguardian.com
https+++www.cnn.com        https+++www.washingtonpost.com
screenshot29.png

So what am I doing wrong? Cookies set to current session only -no 3rd party. TLS 1.0/1.1 off
 
OP
Phishfry

Phishfry

Beastie's Twin

Reaction score: 2,371
Messages: 5,278

I really hate that my browser uses a sql-lite data base. These files appear to be residual sql-lite file scheme.
All SeaMonkey preferences attempts to flush them fail. I have cache at zero. Cleared entries in 'Data Manager'.No Passwords.
Code:
root@E6420:~/.mozilla/seamonkey/mslfqbwp.default/storage/default/https+++forums.freebsd.org # ls -ll
total 12
-rw-r--r--  1 root  wheel   54 May  8 02:28 .metadata
-rw-r--r--  1 root  wheel   67 May 12 21:59 .metadata-v2
drwxr-xr-x  2 root  wheel  512 May 12 21:59 idb
I know running browser as root. Bad bad bad. Still what is up with these entries? in users /storage/default and not cleaned out.
 
OP
Phishfry

Phishfry

Beastie's Twin

Reaction score: 2,371
Messages: 5,278

Easy as a double click. Thanks. It is uncomfortable to see your browsing history as files.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

I've got Seamonkey on an OpenBSD box and I do have the same "storage" directory you indicate on this machine but only the https+++forums.freebsd.org directory. I'm on it now and have logged into the forums on it before. The only document in the folder I do have that isn't blank is in the idb sub-folder in a .sqlite extension specifying "SQLite format 3".

I tried every other site you listed as having a directory for with it and got a warning under the tabs that it had blocked tracking elements on each one:

tracking.png

The forums are the only site I allowed scripting for and I don't show a new folder for any of the sites I show as having visited. I have the same settings as you show in your Clear Private Data shot but also tweak about:config:

Code:
privacy.trackingprotection.enabled = true

I hadn't set the variable mentioned by obsigna.
 

drhowarddrfine

Son of Beastie

Reaction score: 2,029
Messages: 4,034

There are a lot of things we use to speed up the web experience. It's now a competition used to get your site in front of the others in search results. Parts of pages are now stored on your machine so an additional fetch isn't needed when you click on a link. Gotta save your info so you don't have to login next time. Gotta save your last visited page so you can find it next time. Including whatever info you entered so you don't have to re-enter it next time. And don't forget to take care of what happens should you lose your internet connection in the middle of something. And then there's all the new and old APIs that work on some OSes and not others and all browsers but NEVER a Microsoft browser.

Of course, if you log in with your Facebook or Google account, that's another big can of worms they'll load you up with.

It's a moving target you can't keep up with.

One needs to be reminded or told, for average users, the browser is now your operating system.
 

ronaldlees

Aspiring Daemon

Reaction score: 333
Messages: 766

These days everybody deletes the cookies and cache, so they've introduced the concept of "super cookies," which reside in the local storage. The clear history dialog doesn't have a named "clear storage" option in Firefox (interestingly, Vivaldi does have that option, and probably Chromium does too. Haven't checked how well they do it tho). So, as drhowarddrfine mentioned, browser history mechanisms are a moving target :-(

Edit: Probably the clear history dialog option called "offline Website data" works on Firefox to delete storage (but haven't checked it).
 

drhowarddrfine

Son of Beastie

Reaction score: 2,029
Messages: 4,034

I'm not talking browser history at all. Data storage with databases, web storage apis, etc. Don't need cookies at all.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

Evidently I had www/seamonkey installed on the FreeBSD box I use most, uninstalled it when it had a vulnerability and never reinstalled it. There is the same storgage folder there was on my OpenBSD box and it only has the same folder.

What I really find disappointing, I'll go with that for now, is that www/firefox-esr not only has the same storage folder, files and an additional file about my extensions. It has the same /home/jitte/.mozilla/firefox/a_string.default/datareporting/aborted-session-pings folder and file www/waterfox did that I flipped my wig over a couple months ago. Though I do have my browser set not to send pings:

Code:
"savedPings":0,"activeTicks":7,"pingsOverdue":0

That and a plethora of other information, including but not limited to, all my extensions and their description, default search engine and some system stats like my OS, CPU, RAM, GPU and the driver it uses:

Code:
"system":{"memoryMB":3984,"virtualMaxMB":null,"cpu":{"count":2,"cores":null,"vendor":null,"family":null,"model":null,"stepping":null,"l2cacheKB":null,"l3cacheKB":null,"speedMHz":null,"extensions":["hasMMX","hasSSE","hasSSE2","hasSSE3","hasSSSE3"]},"os":{"name":"FreeBSD","version":"11.1-RELEASE-p10","locale":"en-US"},"hdd":{"profile":{"model":null,"revision":null},"binary":{"model":null,"revision":null},"system":{"model":null,"revision":null}},"gfx":{"D2DEnabled":null,"DWriteEnabled":null,"ContentBackend":"Skia","adapters":[{"description":"NVIDIA Corporation -- Quadro NVS 140M/PCIe/SSE2","vendorID":"NVIDIA Corporation","deviceID":"Quadro NVS 140M/PCIe/SSE2","subsysID":null,"RAM":null,"driver":null,"driverVersion":"3.3.0 NVIDIA 340.106","driverDate":null,"GPUActive":true}],"monitors":[],"features":{"compositor":"basic"}}},"settings"

www/palemoon seems to be behaving itself much better. It has the storage/default directory but it is empty.


PayPal offered to let me sign in by the device I was using at the time (and listed it) in the future instead of my password as a "speedy option to enhance my shopping experience", or something of the sort. :-/
 

ronaldlees

Aspiring Daemon

Reaction score: 333
Messages: 766

PayPal offered to let me sign in by the device I was using at the time (and listed it) in the future instead of my password as a "speedy option to enhance my shopping experience", or something of the sort. :-/

There was no password (saved or otherwise)? Do they trust the browser fingerprint that much? Likely they must be doing something else in addition - like CPU serial and/or NIC MAC and/or super cookie with UUID storage. It'd be interesting to know how they ID the system. Is local storage really that secure? Doubtful.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

It first came up when I was checking out from renewing my hosting package a couple weeks ago. It's called One Touch Checkout:

https://www.paypal.com/us/webapps/mpp/one-touch-checkout/faq

It provided penitent information regarding the platform I was using, the OS, browser and posed the potential prospect of purposing this puter to purging previous practices pertaining to pesky passwords pestering me persistently when purchasing products purely for pleasurable purposes. Which obscure as it may be can still be spoofed with no problem.


I tried making a donation with the same box just a minute ago and it wasn't going to go through with the transaction unless I logged into my PalPay account with my password, so it's all good.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

18 bit alliteration - purely poetic!

Primo! It's one of my more obscure skills I don't often perform publicly and am out of practice, but previously profusely proficient in pontification of phases pertaining to the Prince of the alphabet and preeminent in my presentation. ;)
 

fernandel

Aspiring Daemon

Reaction score: 260
Messages: 949

I've got Seamonkey on an OpenBSD box and I do have the same "storage" directory you indicate on this machine but only the https+++forums.freebsd.org directory. I'm on it now and have logged into the forums on it before. The only document in the folder I do have that isn't blank is in the idb sub-folder in a .sqlite extension specifying "SQLite format 3".

I tried every other site you listed as having a directory for with it and got a warning under the tabs that it had blocked tracking elements on each one:

View attachment 4818

The forums are the only site I allowed scripting for and I don't show a new folder for any of the sites I show as having visited. I have the same settings as you show in your Clear Private Data shot but also tweak about:config:

Code:
privacy.trackingprotection.enabled = true

I hadn't set the variable mentioned by obsigna.
I have set the variable mentioned by obsigna but it doesn't work on mine www/wirefox
 
OP
Phishfry

Phishfry

Beastie's Twin

Reaction score: 2,371
Messages: 5,278

Didn't work for me either.
This problem is actually complex. There are files in the mozilla profile that might be linked.
They all have .sqlite file extensions.

Even though I have downloads history cleared at shutdown, downloads.sqlite grows in size.
I have been deleting several of the .sqlite files manually.

I guess I to have to write a script to truly delete these digital breadcrumbs.
My definition of "Always Clear My Private Data" and Mozilla Foundation Inc. is somewhat different
 

fernandel

Aspiring Daemon

Reaction score: 260
Messages: 949

Didn't work for me either.
This problem is actually complex. There are files in the mozilla profile that might be linked.
They all have .sqlite file extensions.

Even though I have downloads history cleared at shutdown, downloads.sqlite grows in size.
I have been deleting several of the .sqlite files manually.

I guess I to have to write a script to truly delete these digital breadcrumbs.
My definition of "Always Clear My Private Data" and Mozilla Foundation Inc. is somewhat different
https://vikingvpn.com/cybersecurity...ning-mozilla-firefox-for-privacy-and-security
I disable some more thinks from above site and it looks that works now.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

These are the tweaks I apply to about:config. Depending on which Mozilla based browser you're using some may already be set:

Code:
browser.cache.offline.enable = false
browser.safebrowsing.phishing.enabled = false
browser.safebrowsing.malware.enabled = false
browser.send_pings = false
browser.sessionstore.max_tabs_undo = 0
dom.battery.enabled = false
dom.storage.enabled = false
geo.enabled = false
geo.wifi.uri = http://127.0.0.1
media.peerconnection.enabled = false
privacy.trackingprotection.enabled = true
webgl.disabled = true

The safebrowsing variable prevent sending the page you're visiting back to the Hive. I use them all the time and it doesn't break anything.
 

drhowarddrfine

Son of Beastie

Reaction score: 2,029
Messages: 4,034

Hm. I don't understand why turning off security features is a good thing. The safebrowsing stuff. Offline cache means you can work offline when you lose a connection but ... ok, I guess. Same with sessionstore. More sites are using "serviceworkers" and more will be coming so it could be detrimental to turn that off. geo is handy for maps and location but ... ok. Haven't a clue why one would disable webgl.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

There is another I also use. You need to type punycode in the Search area and set:

Code:
network.IDN_show_Punycode = true

Hm. I don't understand why turning off security features is a good thing. The safebrowsing stuff. Offline cache means you can work offline when you lose a connection but ... ok, I guess. Same with sessionstore. More sites are using "serviceworkers" and more will be coming so it could be detrimental to turn that off. geo is handy for maps and location but ... ok. Haven't a clue why one would disable webgl.


Turning off safebrowsing prevents the URL of the page you're visiting being sent back to Google or Mozilla, and is a way to track you. There has been a time when Google reportedly popped up a red warning page when you landed on a site I belong to for reportedly using script-based ads to download malware. I never saw the warning page or the ads due to blocking scripting, though some Windows users weren't as wary. Some site owners are not too particular about who they sell ad space to.

With browsercache enabled Firefox will reportedly store a cache of these pages on your disk where someone else can read, analyze, or save these files. I'm not familiar with "serviceworkers".

Geo is just a privacy thing, same as setting the uri to home. Not that your your IP can't pinpoint you.

Disabling WebGL is an option available through NoScript, I disable it there and in about:config. A google search shows several reasons to do so. It's an older post but links to other sources:

https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern
 

drhowarddrfine

Son of Beastie

Reaction score: 2,029
Messages: 4,034

Turning off safebrowsing prevents the URL of the page you're visiting being sent back to Google or Mozilla, and is a way to track you.
Well, I'd rather Google or Mozilla know where I've been than downloading malware. I'm not sure if it isn't the other way around, that the list of malware sites isn't stored on your computer and that database is checked. I don't feel like looking it up.

There are a number of different caches in browsers these days and pages are cached in one while service workers, a javascript thing that can run in the background, can save data in another cache for local access if you're offline or just quicker response when accessing pages.

webGL isn't the security concern of the past. I just quickly looked this up and you can go to the end of the conclusion.

I'd go into more detail but I'm really slammed these days.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

Well, I'd rather Google or Mozilla know where I've been than downloading malware. I'm not sure if it isn't the other way around, that the list of malware sites isn't stored on your computer and that database is checked. I don't feel like looking it up.

This is a list I got back in Firefox 39 and gave this explanation for using the safebrowsing variables:

Code:
Google’s Safe Browsing for Firefox is enabled by default. This means that every URL you visit is being sent to Google, 
where they will evaluate if it is safe or not. Also, with every update of your blacklist and with every encounter of a reported 
phishing site you will send your existing Google cookie. You will no longer get a warning when visiting a site that Google does 
not consider safe if you disable this option.

browser.safebrowsing.enabled and and right click to Toggle, which will set it to false.

Similarly, Mozilla’s Safe Browsing feature maintains a list of known malware, to compare against every URL you visit. 
You will no longer get a warning when visiting a site with known malware if you disable this.

browser.safebrowsing.malware.enabled and and right click to Toggle, which will set it to false.

I am dubious about the part "you will send your existing Google cookie". I don't log into google to get a cookie, so I don't know how they figure that. I do have a webmasters account but don't use gmail or stay logged in when I do a search or surf.


I'd like my browser to just browse, run the extensions I deem necessary, render a page correctly and not snoop on where I go, what I do there or keep a list of my extensions. Running the extensions I deem necessary is almost as important as the rendering of a page. If it won't at least run NoScript I won't use it. www/seamonkey will at least run that and HTTPS Everywhere.

I may use www/lynx exclusively before it's over, or decide to forgo internet altogether.
 

fernandel

Aspiring Daemon

Reaction score: 260
Messages: 949

This is a list I got back in Firefox 39 and gave this explanation for using the safebrowsing variables:

Code:
Google’s Safe Browsing for Firefox is enabled by default. This means that every URL you visit is being sent to Google,
where they will evaluate if it is safe or not. Also, with every update of your blacklist and with every encounter of a reported
phishing site you will send your existing Google cookie. You will no longer get a warning when visiting a site that Google does
not consider safe if you disable this option.

browser.safebrowsing.enabled and and right click to Toggle, which will set it to false.

Similarly, Mozilla’s Safe Browsing feature maintains a list of known malware, to compare against every URL you visit.
You will no longer get a warning when visiting a site with known malware if you disable this.

browser.safebrowsing.malware.enabled and and right click to Toggle, which will set it to false.

I am dubious about the part "you will send your existing Google cookie". I don't log into google to get a cookie, so I don't know how they figure that. I do have a webmasters account but don't use gmail or stay logged in when I do a search or surf.


I'd like my browser to just browse, run the extensions I deem necessary, render a page correctly and not snoop on where I go, what I do there or keep a list of my extensions. Running the extensions I deem necessary is almost as important as the rendering of a page. If it won't at least run NoScript I won't use it. www/seamonkey will at least run that and HTTPS Everywhere.

I may use www/lynx exclusively before it's over, or decide to forgo internet altogether.
What is your opinion about uMatrix/uBlock Origin vs NoScript, please? I was long time NoScript usern and about two months I swithed and for me works very good.
Thank you.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,261

What is your opinion about uMatrix/uBlock Origin vs NoScript, please?.

I use uBlock Origin and like it a lot. You can get a hosts file with it and it uses the filters I used with AdBlock. It does give me a warning screen sometimes but it's usually something along the lines of tracking or privacy. The web-based email site mail.ru comes to mind, this is from clicking a link at the top of the page:

Code:
uBlock Origin has prevented the following page from loading:

https://r.mail.ru/n275254619?sz=45&rnd=100117390
 
Because of the following filter

||r.mail.ru^
Found in: EasyPrivacy

I doubt any of it is too nefarious compared to yahoo or gmail.


As for uMatrix, I tried it out once but probably didn't give it a fair shake, I know other people prefer it. I've used NoScript so long it's a breeze for me and I don't feel safe browsing without it. Once you see enough scripts you can tell which ones it should take for a site to run, if it needs scripting at all.

Let's try watching a video on wwe.com. You have to enable the script for wwe.com for starters to get basic functionality out of the site. Now I'll pick a random video to watch.

scripts.png

See how many other scripts there are in addition to it? What a mess. What to pick? I know what it doesn't take, and that narrows it down: I know it's going to take jwpcdn.com by the cdn appendage, and by process of elimination iperceptions.com. But no joy. Now what?

scripts2.png

Another script appears for the player, jwplayer.com, but akamaihd.net wants in on the deal, too. Now I get a video without any of the other scripts, allowing only 5 of 34 scripts and 1 object shown as existing in the statusbar.

This is the most simple example I can come up with and maybe uMatrix can do the same thing.

I don't use it but since you do perhaps we could do a real-life comparison how they stack up. This is from a recent click-bait article we discussed in another thread:

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html

scripts3.png

I'm using uBlock Origin and NoScript in conjunction and show NoScript blocked 94 scripts and 1 object on that page.
 

rufwoof

Active Member

Reaction score: 78
Messages: 235

I'm using uBlock Origin and NoScript in conjunction ...
Two of my core three. I also use a usergent spoofer as my core third choice of extension. If a web site can deem your OS and browser versions a simple reference might reveal potential exploits. Throw a selective exploit at the wrong OS and/or browser and more than likely it will fail.

For direct links between me and a trusted hosts, I tend to remove the cache and profile for that session (no extensions etc.).
 
Top