Cookieless cookies

Discussion in 'privacy general' started by Pinga, Nov 19, 2013.

Thread Status:
Not open for further replies.
  1. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    http://lucb1e.com/rp/cookielesscookies/
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Good find :thumb:

    I've had FF cache disabled for some time, so ;)

    I also have SA installed too, which i can confirm works as described above :thumb:
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
  4. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    I'm trying out SecretAgent and I have a question. Is there a setting that makes it possible to use this while retaining your tabs from the last sesson? In my case it's resetting every time.
     
  5. MikeRogers

    MikeRogers Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    25
    This is both very interesting and troubling.

    I tried the above web site using the Incognito mode of Chromium 30.0.1599.114 in Ubuntu 12.04. Result: Incognito mode did not clear out the Etag.

    Further research shows I am not the first to notice this problem:

    https://code.google.com/p/chromium/issues/detail?id=275071
     
  6. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    BTW, disregard what I said about that not working and restoring tabs. It turned out that it spawns a pop-under "thank you for installing" window that I didn't notice at first. So when I closed the browser it took the main tabs with it and left that one window.

    But frankly, I'm not sure I'm going to use it, at least on default settings. It's pretty annoying when a site loads the mobile version instead, or won't load at all because it either a) thinks you're using an incompatible browser or b) suspects bot-like activity due to all the different user agents.
     
  7. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    I'm not certain there is much that can be done about tracking. It's very obvious to me that these organizations will keep finding ways to do it, and there is only so much a user can do before his or her web experience becomes too much of a hassle or even pointless. To work on the web of today, some privacy is going to have to be set aside and some risks unavoidable in my opinion.
     
  8. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    259
    Location:
    USA
    I used Secret Agent for all of two days before I gave up on it for those very reasons. It didn't uninstall especially cleanly, leaving a lot of junk in my Firefox prefs file, so I had to restore the latter from a backup :doubt: Still, if it could be made a little less buggy, I think the concept would have some merit.
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Re - Secret Agent

    Select what you want etc in the Preferences. For eg, you can delete All the browser etc entries you dont want included.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Also discussed at http://forums.mozillazine.org/viewtopic.php?f=7&t=2740307.

    Clearing Firefox's history (including cache), exiting Firefox, starting Firefox didn't clear the text value previously stored :(. I suspect this site is using server-side browser fingerprinting techniques also. If it isn't, then clearing Firefox's history is missing something.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    They are using 2 ETags, each set twice that I can see.
    In Proxomitrons log windows, I see these entries with my original filters.
    GET 667 : ETag removed: 4f01355bf4c7e248ce
    GET 668 : ETag removed: "6185-4e427532a9640"
    These entries appear when I click "store" on the demo. They appear again when I reload the page.

    This could be interesting to sort out. My original Proxomitron filters defeat the demonstration simply by clicking "clear all" on PrefBar, then fully reloading the page.
    Clicking "clear all" performs the following:
    prefbarClearLocationBar();
    prefbarClearHistory();
    prefbarClearAllCache();
    prefbarClearCookies();
    prefbarClearFormData();
    prefbarClearDownloads();
    //prefbarClearPasswords();
    prefbarClearSessions();
    prefbarClearOfflineApps();
    The Sidki set I've been using are not stopping it, regardless of whether I clear everything or close the browser. Both have the ETag filter. I'm pretty sure that the filter is identical in each filterset. My best guess ATM is that another filter in the Sidki set is interfering with the ETag filter.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @noone_particular: thanks for the tests. If that site doesn't really use browser fingerprinting, then I wonder why clearing Firefox's history (cache included) did not clear the ETag(s)?
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm really not sure what's going on ATM. I compared the ETag filters from the 2 sets. There was a minor difference that I eliminated but it had no effect. When I run the test using the Sidki set, the log window doesn't show the first ETag, only the 2nd. I'm suspecting the Sidki set is allowing the first Etag with another filter. It's also possible that the cache filters in the Sidki set are allowing some caching. The Sidki set is very complicated compared to my original set. There's at least 9 separate filters that relate to caching. I'm not sure how they interact. It does seem that FireFox, along with PaleMoon and SeaMonkey are caching somewhere that's not cleared and/or doesn't respect cache settings but I'm just not sure. If it was just one of them or a specific version, I'd assume it's a bug in the code. The fact that it's affecting all of them over multiple versions makes me question that. Anyone here tried this with TorBrowser?
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I verified that the site is also using browser fingerprinting. I started a virtual machine, then went to that site and set some text. I then shut off the virtual machine and reverted its state. Then I started the virtual machine and visited the site again; I got the same text back again.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Did you verify that all connections to that site from your PC were completely closed? It's possible that the site could be reusing the original TIME_WAIT connections.

    We seem to be getting conflicting data here. I saved a copy of the last log window results. Without posting the full Proxomitron configuration files, I'm not sure if they're useful, but here they are. Maybe you'll see something I'm missing. This test was done with SeaMonkey and my old filterset. The site didn't return the text I typed.
    Code:
    New Message Log Window....
    
    +++GET 29+++
    POST /rp/cookielesscookies/ HTTP/1.1
    Host: lucb1e.com
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 21
    Connection: close
    Posting 21 bytes...
    
    +++RESP 29+++
    HTTP/1.1 302 Found
    Date: Sat, 25 Jan 2014 17:18:48 GMT
    Server: Apache
    Location: ./
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Content-Length: 20
    Content-Type: text/html
    Connection: close
    +++CLOSE 29+++
    
    +++GET 30+++
    GET /rp/cookielesscookies/ HTTP/1.1
    Host: lucb1e.com
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: close
    
    +++RESP 30+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:18:49 GMT
    Server: Apache
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Content-Length: 3639
    Content-Type: text/html
    Connection: close
    Match 30: Kill pop-up windows
    Match 30: Suppress all JavaScript errors
    <end> 30: Restore pop-ups after a page loads
    +++CLOSE 30+++
    BlockList 31: in MIME-List, line 10
    
    +++GET 32+++
    GET /rp/cookielesscookies/tracker.jpg HTTP/1.1
    Host: lucb1e.com
    Accept: image/png,image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: close
    
    +++GET 33+++
    GET /rp/cookielesscookies/etags.jpg HTTP/1.1
    Host: lucb1e.com
    Accept: image/png,image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: close
    GET 32 : ETag removed: b8e6e05949ca4bf119
    
    +++RESP 32+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:18:51 GMT
    Server: Apache
    Cache-Control: private, must-revalidate, proxy-revalidate
    Content-Length: 2532
    Content-Type: image/jpeg
    Connection: close
    GET 33 : ETag removed: "6185-4e427532a9640"
    +++CLOSE 32+++
    
    +++RESP 33+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:18:51 GMT
    Server: Apache
    Last-Modified: Sat, 17 Aug 2013 16:37:37 GMT
    Accept-Ranges: bytes
    Content-Length: 24965
    Content-Type: image/jpeg
    Connection: close
    +++CLOSE 33+++
    
    Cleared all via PrefBar, forced reload (CTRL+F5)
    
    *** Log Reset ***
    
    +++GET 34+++
    GET /rp/cookielesscookies/ HTTP/1.1
    Host: lucb1e.com
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Pragma: no-cache
    Cache-Control: no-cache
    Connection: close
    Browser reload detected...
    
    +++RESP 34+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:20:02 GMT
    Server: Apache
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Content-Length: 3634
    Content-Type: text/html
    Connection: close
    Match 34: Kill pop-up windows
    Match 34: Suppress all JavaScript errors
    <end> 34: Restore pop-ups after a page loads
    +++CLOSE 34+++
    Browser reload detected...
    BlockList 35: in MIME-List, line 10
    
    +++GET 36+++
    GET /rp/cookielesscookies/tracker.jpg HTTP/1.1
    Host: lucb1e.com
    Accept: image/png,image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Pragma: no-cache
    Cache-Control: no-cache
    Connection: close
    
    +++GET 37+++
    GET /rp/cookielesscookies/etags.jpg HTTP/1.1
    Host: lucb1e.com
    Accept: image/png,image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Pragma: no-cache
    Cache-Control: no-cache
    Connection: close
    GET 36 : ETag removed: b8e6e05949ca4bf119
    
    +++RESP 36+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:20:03 GMT
    Server: Apache
    Cache-Control: private, must-revalidate, proxy-revalidate
    Content-Length: 2532
    Content-Type: image/jpeg
    Connection: close
    +++CLOSE 36+++
    GET 37 : ETag removed: "6185-4e427532a9640"
    
    +++RESP 37+++
    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 17:20:03 GMT
    Server: Apache
    Last-Modified: Sat, 17 Aug 2013 16:37:37 GMT
    Accept-Ranges: bytes
    Content-Length: 24965
    Content-Type: image/jpeg
    Connection: close
    +++CLOSE 37+++
    
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    That's a good point. I repeated my test, but this time I also rebooted the host computer before restarting the virtual machine the second time to (hopefully) get rid of connections to that site. I got the same results. I don't think there's any conflict between your test and my test though; the site apparently is using both etags and fingerprinting.
     
  17. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I installed the Click and Clear extension for Chrome because for some odd reason Chrome only allows you to delete local data (cookies, DB, storage, etc) but NOT the cache..?

    Anyway the extension is odd. I have it enabled to clear cache when Chrome closes, but it doesn't. If I open the page again it still has the counter. BUT if I then refresh that page, the previous data from the last session is gone, and it starts the counter from 1 again. Wtf? Does it clear all cache in Chrome after its re-launched and a page is opened, rather than on exit?

    FYI, I uninstalled the Click&Clear "app" (separate from the Chrome extension) as it seemed to do absolutely nothing when I tried it. I even tried enabling the "let apps run when chrome closes" feature with no difference.

    Anyway it seems to do the job, just... weirdly.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The same happens in Firefox, so I think there's nothing wrong with Chrome cache clearing either.
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    So you exit Firefox
    Open it
    Load the page
    See it kept the count
    Refresh the page
    Count resets

    Is that what happens to you?

    That's what happens to me with the Chrome extension. Without the extension the count is kept indefinitely.
     
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Yes that happens in Firefox.
     
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Very weird behaviour, but it's better than being permanent.
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Can someone with Firefox go to address about:cache and report what is listed next to "Etag:" for key -http://lucb1e.com/rp/cookielesscookies/tracker.jpg. I get d4dcf6902bb66ab105.

    ---------

    An ETag test site that works properly is http://aspartame.poc.ochronus.com/.
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe the server for http://lucb1e.com/rp/cookielesscookies/ keeps a list of IP addresses, text stored (if any) for each IP address, and number of visits for each IP address. It seems that everyone gets the exact same tracker image. Every time you visit the site, it checks whether you have its tracker ETag image already in your browser cache. If so, the visit count for your IP address is incremented by 1. If not, the number of visits for your IP address is reset to 1 (or maybe 2).

    Use http://aspartame.poc.ochronus.com/ instead.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Had to enable the cache. Was disabled on Palemoon.
    With Proxomitron bypassed I show this:

    Client:


    HTTP


    request-method:


    GET


    response-head:


    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 21:00:53 GMT
    Server: Apache
    Cache-Control: private, must-revalidate, proxy-revalidate
    Etag: a237bbd1105995569c
    Content-Length: 2532
    Content-Type: image/jpeg

    With filters enabled:
    Client:


    HTTP


    request-method:


    GET


    response-head:


    HTTP/1.1 200 OK
    Date: Sat, 25 Jan 2014 21:04:19 GMT
    Server: Apache
    Cache-Control: private, must-revalidate, proxy-revalidate
    Content-Length: 2532
    Content-Type: image/jpeg
     
Loading...
Thread Status:
Not open for further replies.