The Un-Official Proxomitron Forum

The Un-Official Proxomitron Forum > Forum Related > General Security > Speaking of YouTube.......
Full Version: Speaking of YouTube.......
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

Oddysey

Nov. 16, 2008, 05:57 AM
Gang;

Speaking of YouTube, it's time to recognize that they have single-handedly upped the ante in the Privacy game. Tell me if these pages don't set off all kinds of alarms for you:

http://www.mistered.us/tips/flash/settings.shtml
http://vlaurie.com/computers2/Articles/pie.htm
http://epic.org/privacy/cookies/flash.html

If you're not concerned, then you also probably have a couple hundred cookies on your machine. Admit it!

I'm reminded of that old saying: "All your bases are belong to us!"



Oddysey

43unite

Nov. 16, 2008, 12:22 PM
These are not a problem if you configure the Flash Player Settings Manager correctly. In addition, CCleaner (Windows) can be set to remove these items.

My Linux distro is configured to send this garbage to /dev/null so it is impossible for that data to be stored on my system.
- - - - -
http://www.mistered.us/tips/flash/settings.shtml
You can disable Local Shared Objects on a per-site basis or for all sites using the Macromedia Flash Player Settings Manager. You can also delete data that may currently be stored locally.

The Global Storage Settings Panel allows you to allow or deny Flash content you visit in the future from storing information in local shared objects.

The Website Storage Settings Panel lets you customize this decision per website. You can use this panel to create a "block list" for specific websites. You can also use this panel to delete all existing data, without affecting the performance of Flash content in your browser.

...changing your Global Flash Settings to NOT store Local Shared Objects (which will also in effect disable PIE)...
- - - - -
http://vlaurie.com/computers2/Articles/pie.htm
Tracking files (PIE) already downloaded to your computer via ads in Flash format can be removed with the settings manager at the Macromedia site. Repeat downloads from sites already visited can also be blocked. However, future downloads of tracking files from sites not previously visited can only be blocked in a global sense.
- - - - -
http://epic.org/privacy/cookies/flash.html
Flash cookies are stored in a special directory depending on the operating system on the client machine. They are arranged in directories according to the site that placed them on the computer (look for a file with a .SOL extension):

<b>·</b> Windows C:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player
<b>·</b> Macintosh OSX /Users/[username]/Library/Preferences/Macromedia/Flash Player
<b>·</b> GNU-Linux ~/.macromedia

Like normal cookies, Flash cookies are represented as small files on users' computers. To prevent Flash cookies from being placed, users can adjust preferences on a per site basis in the Macromedia Website Privacy Settings Panel. Using this tool, Flash cookies can be completely disabled or allowed on a per domain basis.

To get to the settings panel, right click on any Flash movie, click settings and then advanced. Macromedia has published a walk through guide to help users disable Flash cookies.

Users can get rid of the current Flash cookies and their tracking information simply going to the correct folder and deleting them. The Flash cookies are organized in folders according to the site that placed them, so users can choose which objects to keep.

ProxRocks

Nov. 16, 2008, 03:52 PM
here it is (it looks more complex than it is, bear with me, i'm all but convinced that this is a MUST-HAVE and will break the 'install' down step-by-step)...

1) first you will need this filter, place it directly BELOW sidki's "Header Top Add: Initial JS Code 7.11.29 (ccw! !mos) [...] (d.r)"
Code:
Name = "Header Top Add: User JS Code - z12 Toggle Objects [add]"
Active = TRUE
URL = "$TYPE(htm)"
Limit = 16
Match = "(^(^<ProxHdrTop>))$STOP()"
Replace = "\t<script type="text/javascript" src="http://local.ptron/My_HTML/z12_HTML/z12.js">\r\n\t</script>\r\n"

2) observe the folder structure, 'cause you'll need the below-attached three two files (.zip'd here as one attachment) saved within that folder...

3) next are these two filters (i actually only use the SECOND of the two [note that the first uses the "camera.jpg" from the .zip, so if you put it into a different folder, alter the first of two filters accordingly])...

i have these placed directly ABOVE sidki's "<object>...: Toggle Flash 7.11.09 (ccw! !nn) [jd sd] (d.2 l.2)"...
Code:
Name = "Object to Img {z12} [add]"
Active = FALSE
URL = "($TYPE(htm)|$TYPE(js)|$TYPE(vbs))"
Bounds = "(<object*/ object >|<embed[^<]++>(^ [a-z0-9])( </embed >)+)(^ </object >)(^ </textarea>)"
Limit = 4096
Match = "\#"
        "&(*(\" \'|\' \"|\\"|= " \+|" <|> ")$SET(1=\\")|*\s(codebase|type|src)=(")\1)|$SET(1=")"
Replace = "<span>"
          "<textarea style=\1display:none\1>\@</textarea>"
          "<img"
          " style=\1cursor:pointer\1"
          " onclick=\1proxo.imgToFlash(this)\1"
          " src=\1http://local.ptron/My_HTML/z12_HTML/camera.jpg\1"
          " onmouseover=\1proxo.titleFlash(this)\1"
          " />"
          "</span>"

Name = "Toggle: Object {4.d.3.2} 20081118 {z12} [add]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js)|$TYPE(vbs))(^$TST(keyword=*.flash.*))"
Limit = 5120
Match = "("
        "("
        "$NEST(<object(\s|"),"+</object >)|"
        "<object(^[a-z])(*/ object >&&(^*<object)*)|"
        "<embed(^[a-z])*>(^ [=a-z0-9])( </embed >)+"
        ")\0(^ </object >)(^ </textarea>)"
        "&&"
        "(^*(type=$AV(image/*)))"
        "*)"
        "$SET(flash=$GET(flash)$DTM(t))"
        "(($TST(script=*))$SET(1=\\")$SET(2=\\)|$SET(1=")$SET(2=))"
Replace = "<span class=\1flash$GET(flash)\1 style=\1display:inline\1>"
          "<a title=\1Play Media\1 onclick=\1PrxObjToggle(this)\2;return false\2;\1 onmouseover=\1PrxTitleObj(this)\1>"
          "<img alt=\1Toggle Media\1 src=\1http://local.ptron/Grypen_HTML/imgs/player_play.png\1 style=\1border-style:none\1 /><\2/a>"
          "<br />"
          "<\2/span>"
          "<span class=\1flash$GET(flash)\1 style=\1display:none\1>"
          "<textarea style=\1display:none\1>\0<\2/textarea>"
          "<\2/span>"

4) now, for us sidki-based configs, note that it references a Grypen .png and observe its folder structure... this is attached as a .zip as well... there are TWO .png's, even though the filter actually only references one of the two [BOTH are referenced by z12.js (so again, if you place in a different folder, be sure to "point to it" by the filter AND z12.js {which seems to be written to "self-discover" that folder, as i don't recall making changes to the .js})]...

confirmed! z12.js "self-discovers" to the folder that player_play.png is pointed to...
you do not need to edit z12.js if you use a different folder structure... (unless you change the NAME of the .png's)


ps: the "flash_rune.gif" is used by an older version of z12.js, you can delete that file, my bad...


edit: edited for z12's equal sign mentioned below (and dated the filter to the posting date)...

edit2: updated byte limit (and date)...

z12

Nov. 16, 2008, 10:15 PM
LoL, I was going to post an update to that filter, but I couldn't remember what/where I posted.
To make things worse, my personal version is a little different (not grypen|sidki js compatible).
At any rate, I don't remember it being all wrapped up and tidy in one zip file.
Thanks ProxRocks. Nice. Smile!

Anyway, I made a minor tweak on the line with the embed match.
I just added an equal sign:
Code:
[=a-z0-9]

z12

ProxRocks

Nov. 16, 2008, 10:55 PM
(Nov. 16, 2008 10:15 PM)z12 Wrote: [ -> ]At any rate, I don't remember it being all wrapped up and tidy in one zip file.

it wasn't originally, lol...

thanks for the equal sign update (post above has been updated)...
any other functionality differences between this and your non-grypen|sidki version?

z12

Nov. 16, 2008, 11:16 PM
ProxRocks Wrote:any other functionality differences between this and your non-grypen|sidki version?
Nah, no difference.

BTW, speaking of cookies, cnn has a treat for you, and it's ready right now.
As a bonus, you don't even need flash.

Code:
Error: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: "http://i.cdn.turner.com/cnn/.element/js/2.0/StorageManager.js Line: 165"]
Source File: http://i.cdn.turner.com/cnn/.element/js/2.0/StorageManager.js
Line: 165

Here, cnn is trying to setup 3MB of persistent data storage goodness for firefox.
Only 64k for IE Sad

To be fair, IE doesn't support window.globalStorage ...yet.
But not to be out done, I read somewhere that window.globalStorage is planned for IE8.

IIRC, firefox will allow this only if you allow a cookie from the site.
In Firefox, I have the following in my user.js to disable window.globalStorage:
user_pref("dom.storage.enabled", false);

I think IE currently calls it's version of this "Userdata Persistence".
AFAIK, it can be disabled via IE's Security Settings.

z12

43unite

Nov. 17, 2008, 04:59 AM
(Nov. 16, 2008 03:52 PM)ProxRocks Wrote: [ -> ]here it is (it looks more complex than it is, bear with me, i'm all but convinced that this is a MUST-HAVE and will break the 'install' down step-by-step)...
Thanks for posting the filters and your installation explanation. The install is quite easy based on your description. Been running it on Linux so far with no issues (haven't tried XP yet, but I'm confident that it'll be fine).

I've attached a couple of 16x16 icons from my Linux KDE desktop that can also be used in the Grypen_HTML "imgs" folder.

Siamesecat

Nov. 17, 2008, 06:40 AM
As far as LSOs (Flash cookies) are concerned, there is an extension for Firefox that one can use to keep track of them and delete them if desired. It is called Objection. Since I changed the settings for LSOs from the Adobe web page, there is no data being stored on my computer by sites that use Flash. I checked on this using Objection.

Oddysey

Nov. 17, 2008, 07:11 AM
Hah!

I googled for LSO's, and found this page:

http://www.ghacks.net/2008/07/30/delete-flash-cookies/

Only when I let it load, with Proxo in full force, the site killed itself! I mean, literally, the browser closed up shop!! Talk about protection against unwarranted intrusions. Sad

The source code revealed an ugly tracker by the name of Vibrant Media Intellitext, and I wrote a short filter to squash that puppy - all is well in learning-about-Flash-cookies land! Smile!

Sheesh! Banging Head


Oddysey

Oddysey

Nov. 17, 2008, 07:39 AM
Having gone out and personally perused the small army of .sol files on my 'puter, I can safely say that none of them are in plain text. As ProxRocks will attest, almost any decent text editor can easily double-up as a hex editor when called upon to do so. I can see at least one good reason for various results when using the so-called Google High(t) Quality filter, currently under discussion in another thread. Mine sets the quality (at 10, if my hex-decimal converting ability isn't too rusty), the filter doesn't affect it.

Hmmmm.....

In the meantime, what are the rest of you finding when you deny a Flash LSO, before it ever gets stored on your machine? Do the files play anyway?

And lest we forget, nearly all non-BigBox (YouTube and Yahoo) Flash files come directly from Adobe (nee Macromedia)'s website, they set themselves up originally to be the only server farm capable of streaming with any quality (meaning, little or no time lag), and the rest of the content-producing world went along with that. "Hey, we don't have to host this piece of invasive junk, so our bandwidth bills won't skyrocket out of control. Cool!) What this means is that unless you never surf for Flash files beyond YouTube (and that takes some judicious filtering, I'm here to tell you!), then you're still getting recorded in a little black box, one that currently belongs to Adobe, but I'm betting that it's ripe for either selling to marketers, or being hacked to death and blasting the last bastion of privacy we thought we had.

Points to ponder, no? [think]



Oddysey

ProxRocks

Nov. 17, 2008, 12:11 PM
(Nov. 17, 2008 07:39 AM)Oddysey Wrote: [ -> ]when using the so-called Google High(t) Quality filter, currently under discussion in another thread.

yeah, as an administrator, how 'bout removing that typo-T for us in said other thread, lol...

(Nov. 17, 2008 07:39 AM)Oddysey Wrote: [ -> ]And lest we forget, nearly all non-BigBox (YouTube and Yahoo) Flash files come directly from Adobe (nee Macromedia)'s website, they set themselves up originally to be the only server farm capable of streaming with any quality (meaning, little or no time lag), and the rest of the content-producing world went along with that.

er, i'm not so sure about that...
i went to "several" Flash sites and i'm not seeing ANY Adobe/Macromedia "connections" in my "What the Proxo is thinking" page...

http://www.bestflashanimationsite.com/vote/
http://www.webdesignerwall.com/trends/30...ash-sites/


now, if you're talking that little "get flash player" .gif that often is splattered onto Flash sites, well, my Proxo blocks that STUPID little banner-button that acts as a BEACON to Adobe.com that says, "Hey, somebody just accessed xyz.com and they pulled in our stupid button while they were there"...

but "beaconing" to Adobe/Macromedia just by playing an .swf, i'm not so sure 'bout that, pal Big Teeth

43unite

Nov. 17, 2008, 01:16 PM
The original Firefox extension "Objection" developer quit a long time ago.
http://yardley.ca/projects/project-objection/
I no longer work on the Firefox extension Objection.

The current version is still under development.
http://objection.mozdev.org/
Objection 0.4.0 is under development.
These versions are not for public use. They are here for people who wish to test the latest features.

z12 's suggestion is simple and effective:
In Firefox include the following in user.js to disable window.globalStorage:
user_pref("dom.storage.enabled", false);

IE currently calls it's version of this "Userdata Persistence". This can and should be disabled.

In addition, set your Flash preferences correctly by visiting the settings site:
http://www.macromedia.com/support/docume...nager.html

In Linux you can easily point this garbage to /dev/null forever, and be absolutely done with it.

Not all Flash options can be set by visiting the Adobe site. Unbelievably, Flash permits access to your system microphone and camera (if you have any).

"Applications that are running in Adobe Flash Player may want to have access to the camera and/or microphone available on your computer. Privacy settings let you specify whether you want applications from a particular website to have such access. Note that it is the person or company that has created the application you are using that is requesting such access, not Adobe (unless Adobe has created the application that wants access to your camera or microphone).

If you select Allow, the application can capture what your camera sees and your microphone hears, until you close the application.

The application may want to broadcast the video and audio to other people who are viewing or hearing the application you are running —"

To access these and other setting do the following: while viewing a Flash video right click on the image and select 'settings'.

Blocking all this spyware does not negatively impact Flash performance.

ProxRocks

Nov. 17, 2008, 01:20 PM
is there no way to do this "settings manager" thingie LOCALLY?

i'll block any and all Flash before going to "Big Brothers" site to change a few settings!

43unite

Nov. 17, 2008, 01:24 PM
(Nov. 17, 2008 01:20 PM)ProxRocks Wrote: [ -> ]is there no way to do this "settings manager" thingie LOCALLY?
Only for camera and microphone options.

Global setting must be done on site. Adobe actually accesses and displays your system settings. It is the only way to change them.

ProxRocks

Nov. 17, 2008, 01:35 PM
that SUCKS!!!

i guess it's off to a "virtual machine" i go and see if i can find a way to MANUALLY alter these 'settings' as opposed to visiting "Big Brother" on SEVERAL different computers...
Pages: 1 2 3
The Un-Official Proxomitron Forum > Forum Related > General Security > Speaking of YouTube.......
Reference URL's