Announcement

Collapse
No announcement yet.

New system patches security holes left open by web browsers' private-browsing functio

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    New system patches security holes left open by web browsers' private-browsing functio

    Some of us use our browser in "Privacy Mode", perhaps under the assumption that it increases our online security...

    Maybe, maybe not.

    https://techxplore.com/news/2018-02-...-browsers.html

    From the article, [emphasis mine]:

    "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky—Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."
    I agree with the last sentence in the quote. Pessimistically, I don't expect this to stop.
    Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

    #2
    Not Paranoid Yet?
    What if Veil was financed by the NSA as a spy tool?


    To read memory contents after the browser has closed would require access to that memory. If local, you have a hardware security problem. If remotely, you have existing security holes. The browser problem becomes the least of your worries.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #3
      OMG! Don't announce that on a public forum like this. If you see men in black suits, in black vans, leave by the back door.

      Humor aside, yeah, there can be other holes in a system. This appears to be one that is specific to the browser. I rather see it patched than ignored because of low risk of exploitation. We all know how that works out...
      Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

      Comment


        #4
        Originally posted by TWPonKubuntu View Post
        Some of us use our browser in "Privacy Mode", perhaps under the assumption that it increases our online security...
        ...
        Yes, that's pretty common. Many think privacy and security are directly related.
        Kubuntu 20.04

        Comment


          #5
          Originally posted by chimak111 View Post
          Yes, that's pretty common. Many think privacy and security are directly related.
          I believe that most people EQUATE privacy with security, and justly so because security is necessary and sufficient to guarantee privacy, and lack ok security means no privacy.


          Sent from my iPhone using Tapatalk
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            The latest Firefox, Ver. 59, came down from the repository last night. I've not yet allowed it to run while my 'net connections are active. I'm going through the configuration settings and preferences to toggle features which I don't want... That includes blocking the ability to use my camera and microphone...

            There has been some concern expressed about the data collection and upload "feature" which was activated with this update. Upon further digging, I found this statement:

            Source: https://www.omgubuntu.co.uk/2018/03/...anges-download

            ...
            If you’re a regular user of the Firefox Private Browsing mode you’ll be relieved to hear that (potentially private) data sent as part of “referrer values” is now stripped out by default.
            ...
            I would still advise that anyone who uses Firefox should still check their configuration to ensure that this "feature" remains disabled.

            Yes, I have read the comments by other users, some of which state that they don't mind if their data is passed to Mozilla. I DO MIND and cannot see this as a good thing FOR THE USER. Sure, it might help Mozilla in their design and development process, but I draw the line when my privacy is compromised.

            My reasoning is that this is the proverbial "camel getting his nose under the tent". I see a very real possibility that future "data downloads" may start to include other information which truly might break my privacy. The time to stop this is now, before it can become "acceptable behavior" and no longer noticed by the majority of users.

            I note also that this data transfer appears (perhaps, maybe) to only be blocked if you use the Private Browsing Mode. If you don't have Private Browsing set and active, you may (Perhaps) still be allowing your data be scraped by the servers.

            Read more here:

            https://venturebeat.com/2018/03/13/f...ndroid-assist/

            ...
            Arguably the biggest change Mozilla has made with Firefox 59 in regards to privacy is stripping path information in HTTP referrers. Only in private browsing mode, Firefox will now help prevent third-party data leakage by removing path information from referrers sent to third parties.

            When you click a link to navigate to a new site, the new site you visit receives the address of the site you came from via the “referrer value.” Usually this merely tells the new site the exact page you were looking at when you clicked the link. But embedded content on that new site can also get this information, which can be collected and sold to the highest bidder. Sometimes referrers include information you entered on the previous site, which can be quite problematic, depending on what you were doing before you clicked. Firefox’s browsing mode strips the referred information to simply the domain name of the previous site.

            Speaking of privacy, Firefox 59 adds a new setting in aboutreferences to stop websites from asking to send notifications or access your device’s camera, microphone, or location. You can allow trusted websites to use these features even if you turn them off for the rest of the web. [emphasis mine]
            ...
            More details with specific instructions on disabling "Push Notifications" in Firefox 59:

            http://techdows.com/2018/01/firefox-...fications.html

            -------

            It has also been suggested that the use of a VPN (Virtual Private Network) as a connection route to the 'net will prevent collection of data which points back to you. This is only as trusted as the VPN server owners can be trusted... Because of the commercial value of such data, I DO NOT trust that every single VPN owner/operator cannot to be swayed by the lure of money... And again, remember that any vault can be compromised, either by the vault owner/operators or by malicious software installed without their knowledge.

            I hope Mozilla(r) does not follow the same road as Google(r) and Chrome(r)/Chromium, but I'm not optimistic about this.

            For all of the above reasons, I no longer use Firefox as my main browser (I use Pale Moon). I do keep an up-to-date version on my system, along with other browsers, in case something gets broken (I know, that never happens... ).

            Once again, read my signature...
            Last edited by TWPonKubuntu; Mar 20, 2018, 09:36 AM. Reason: added material
            Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

            Comment


              #7
              Pale-Moon has been my choice for several months.
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment

              Working...
              X