Are you concerned with net privacy?

Life, the universe, and everything.
Forum rules
- No personal attacks against players or staff members - please be civil!
- No posting of mature images/links, keep content SFW. If it's NSFW, don't post it on these forums.
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Are you concerned with net privacy?

Postby oteb » Sun Apr 26, 2009 2:26 pm

www.startpanic.com

Click "lets start" and see how vulnerable you are.
(site is safe, checked with latest Kaspersky)
You group-say 'who is da red shape?'
A red shape group-says 'I'm a shape'
Ragorn
Sojourner
Posts: 4732
Joined: Mon Jan 29, 2001 6:01 am

Re: Are you concerned with net privacy?

Postby Ragorn » Mon Apr 27, 2009 12:37 pm

Eh, looks like it pilfered my browser history. If someone really wants to know the best midget porn sites, and they're willing to sift through my history to get them, be my guest.
- Ragorn
Shar: Leave the moaning to the people who have real issues to moan about like rangers or newbies.
Corth: Go ask out a chick that doesn't wiggle her poon in people's faces for a living.
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Re: Are you concerned with net privacy?

Postby oteb » Mon Apr 27, 2009 2:57 pm

Well I can imagine a lot of situations where it can be a bigger problem than your affinity to midget porn. It would be enough if your company ran same script and had an option to check if you were not browsing competition's recruitment page even from your home computer. I really would prefer to feel safe without pressing "clear porn buffer" button each time I visit a site.
You group-say 'who is da red shape?'

A red shape group-says 'I'm a shape'
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Re: Are you concerned with net privacy?

Postby Sarvis » Mon Apr 27, 2009 3:44 pm

oteb wrote:Well I can imagine a lot of situations where it can be a bigger problem than your affinity to midget porn. It would be enough if your company ran same script and had an option to check if you were not browsing competition's recruitment page even from your home computer. I really would prefer to feel safe without pressing "clear porn buffer" button each time I visit a site.



Chrome has a mode which lets you browse without any history being saved, if you're that worried about it.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Re: Are you concerned with net privacy?

Postby oteb » Mon Apr 27, 2009 4:13 pm

I would rather have a history and cache without being worried I have it.
You group-say 'who is da red shape?'

A red shape group-says 'I'm a shape'
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Re: Are you concerned with net privacy?

Postby Sarvis » Mon Apr 27, 2009 4:26 pm

oteb wrote:I would rather have a history and cache without being worried I have it.


So what you really want is to keep track of all possible dangerous information, in a place where you can easily access it and which doesn't have much security, AND you want it to not be accessible.

Yeah, that'll happen.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Re: Are you concerned with net privacy?

Postby oteb » Mon Apr 27, 2009 6:17 pm

I am getting sarvised... halp
I want my cash to not be accessible by a script on web page. How hard is it.
You group-say 'who is da red shape?'

A red shape group-says 'I'm a shape'
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Re: Are you concerned with net privacy?

Postby Sarvis » Mon Apr 27, 2009 6:26 pm

oteb wrote:I am getting sarvised... halp
I want my cash to not be accessible by a script on web page. How hard is it.


Right. Sarvised. :roll: I don't mind being turned into a meme, but get it right. I haven't turned this into a stripper thread, a whining thread OR gotten off topic.

If anything, you're trying to take this off topic when talking about money... before it was the fear that your employer would be targeting you with a script to find out if you looked at a competitor's website. For that worry we've given you at least two ways you could be safe, which you rejected out of hand.

The worst part is that your fears are largely groundless, as no one knows it's you when they're grabbing the history, your employer probably isn't writing scripts to spy on it's employee's home computers, and even if they were looking at a rivals web site is not grounds for dismissal.

Oh, and your money is not stored in your browser history, the best a hacker could find out is what bank you used. The history file doesn't store passwords or access information, and if your bank is so insecure that it stores the access info in cookies then the browser history "exploit" doesn't really matter.

Now, as to "fixing" this vulnerability I've seen two ways on how to go about it. Javascript, in which case you can turn off javascript (which is the third idea you can reject, of courser) and playing with CSS. The problem with the CSS method is that it relies on perfectly valid CSS code... so there is nothing the web browsers can do about it except break an important web technology. So yeah, NOT HAPPENING.

You want to be safe? Be smart, and take the proper effort to protect yourself. Clear your history, visit questionable sites in Chrome's "Incognito" mode or don't visit your rival's website and then go straight to your employer's.

It really is that simple.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
Ragorn
Sojourner
Posts: 4732
Joined: Mon Jan 29, 2001 6:01 am

Re: Are you concerned with net privacy?

Postby Ragorn » Mon Apr 27, 2009 6:44 pm

I'm willing to bet he meant "cache" and not "cash."
- Ragorn
Shar: Leave the moaning to the people who have real issues to moan about like rangers or newbies.
Corth: Go ask out a chick that doesn't wiggle her poon in people's faces for a living.
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Re: Are you concerned with net privacy?

Postby oteb » Mon Apr 27, 2009 6:52 pm

Sarvis wrote:
oteb wrote:I am getting sarvised... halp
I want my cash to not be accessible by a script on web page. How hard is it.


Right. Sarvised. :roll: I don't mind being turned into a meme, but get it right. I haven't turned this into a stripper thread, a whining thread OR gotten off topic.


What I meant is your tendency to always find a right view angle to see someone else opinion as senseless, stupid, wrong or leading to nonsense conclusions.

As for the rest of what you posted.
Yes I know tens of ways to make it impossible. All those way either limit the functionality of software or require some semi specialistic knowledge or are just clumsy. I just don't see any reason for it to be left as is. I can't imagine a single situation or service were having my browsing history known to a 3rd party would be benefical for me. As result I feel that signing petition to fix that safety hole is reasonable.

Ya. I meant cache. Tnx ragorn
You group-say 'who is da red shape?'

A red shape group-says 'I'm a shape'
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Re: Are you concerned with net privacy?

Postby Sarvis » Mon Apr 27, 2009 7:00 pm

oteb wrote:
Sarvis wrote:
oteb wrote:I am getting sarvised... halp
I want my cash to not be accessible by a script on web page. How hard is it.


Right. Sarvised. :roll: I don't mind being turned into a meme, but get it right. I haven't turned this into a stripper thread, a whining thread OR gotten off topic.


What I meant is your tendency to always find a right view angle to see someone else opinion as senseless, stupid, wrong or leading to nonsense conclusions.

As for the rest of what you posted.
Yes I know tens of ways to make it impossible. All those way either limit the functionality of software or require some semi specialistic knowledge or are just clumsy. I just don't see any reason for it to be left as is. I can't imagine a single situation or service were having my browsing history known to a 3rd party would be benefical for me. As result I feel that signing petition to fix that safety hole is reasonable.

Ya. I meant cache. Tnx ragorn


Ok, and like I said there are two ways of doing it that I could find. One is javascript (which supposedly requires a digital signature to do this anyway) and the other is a CSS hack that isn't going anywhere because it would require breaking CSS. (Not that Microsoft wouldn't break CSS... but I doubt they'd do it for a relatively minor "security vulnerability.")

You say you don't see any reason for it to be left as is, but do you even understand what's going on that makes this possible? If not, then you're probably not seeing the whole story.

EDIT: Oh, and I don't think they are looking at your cache OR cash. They're simply looking at the browser history, which is different from your cache.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
oteb
Sojourner
Posts: 432
Joined: Mon May 27, 2002 5:01 am
Location: poland

Re: Are you concerned with net privacy?

Postby oteb » Mon Apr 27, 2009 7:39 pm

I have no idea whatsoever what makes it possible. But can you give me a reason why its there? (only thing that comes to my mind is targeted advertising but I don't really see it as beneficial to me)
You group-say 'who is da red shape?'

A red shape group-says 'I'm a shape'
Botef
Sojourner
Posts: 1056
Joined: Fri May 10, 2002 5:01 am
Location: Eastern Washington
Contact:

Re: Are you concerned with net privacy?

Postby Botef » Mon Apr 27, 2009 8:07 pm

How to Post like Sarvis: A Simple Tutorial


Step 1: Post a generalized statement someone is likely to disagree with.

Step 2: Wait for someone to expand upon their thoughts about above statement.

Step 3: Reply with a specious comment.
Sunamit group-says 'imrex west, tibek backstab touk i think his name is on entry'
// Post Count +1
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Re: Are you concerned with net privacy?

Postby Sarvis » Mon Apr 27, 2009 8:30 pm

oteb wrote:I have no idea whatsoever what makes it possible. But can you give me a reason why its there? (only thing that comes to my mind is targeted advertising but I don't really see it as beneficial to me)



The CSS Hack version is there simply because of how CSS works. It's not meant to read the history, it's meant to do something else and someone found a way to make this happen. Basically they use the fact that web browsers display links differently if you've visited them before. The CSS file can specify how a link should appear if it has been visited, and he sets a background image that's fake. That somehow (I'm not entirely clear how) sends the info about that link to another script on the server which records the info.

But yeah, the whole basis of this is links showing in a different color if they are visited already.

The javascript version... well I have no idea honestly, but I don't think startpanic.com is using that version because I turned javascript off and it could still read my history. The javascript version ALSO uses the same trick with CSS, but more directly.

Botef:

1: I started off with a very specific statement no one should (or did) disagree with
2: You're an ass
3: GoTo 2
4: What's your point, anyway?

Thanks for playing.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire

Return to “T2 General Discussion Archive”

Who is online

Users browsing this forum: No registered users and 19 guests