# Mozilla saving some site details?



## Phishfry (May 13, 2018)

I like to go file browsing through my files alot to see what is going on.
In recent versions of SeaMonkey I am see some of my browsing sites leaving residual effects in this directory.
/$user/.mozilla/seamonkey/mslfqbwp.default/storage/default/
I use the same locked down setting as ever.
Here is a look:

```
ls /.mozilla/seamonkey/mslfqbwp.default/storage/default
http+++money.cnn.com        https+++www.pressherald.com
http+++www.orlandosentinel.com    https+++www.seattletimes.com
https+++forums.freebsd.org    https+++www.theguardian.com
https+++www.cnn.com        https+++www.washingtonpost.com
```



So what am I doing wrong? Cookies set to current session only -no 3rd party. TLS 1.0/1.1 off


----------



## Phishfry (May 13, 2018)

I really hate that my browser uses a sql-lite data base. These files appear to be residual sql-lite file scheme.
All SeaMonkey preferences attempts to flush them fail. I have cache at zero. Cleared entries in 'Data Manager'.No Passwords.

```
root@E6420:~/.mozilla/seamonkey/mslfqbwp.default/storage/default/https+++forums.freebsd.org # ls -ll
total 12
-rw-r--r--  1 root  wheel   54 May  8 02:28 .metadata
-rw-r--r--  1 root  wheel   67 May 12 21:59 .metadata-v2
drwxr-xr-x  2 root  wheel  512 May 12 21:59 idb
```
I know running browser as root. Bad bad bad. Still what is up with these entries? in users /storage/default and not cleaned out.


----------



## obsigna (May 13, 2018)

Most probably you are seeing the so called Web Storage in action:
https://en.wikipedia.org/wiki/Web_storage
https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API

In Firefox (perhaps SeaMonkey as well) you can disable this by setting dom.storage.enabled to false in about:config.


----------



## Phishfry (May 13, 2018)

Easy as a double click. Thanks. It is uncomfortable to see your browsing history as files.


----------



## Deleted member 30996 (May 13, 2018)

I've got Seamonkey on an OpenBSD box and I do have the same "storage" directory you indicate on this machine but only the https+++forums.freebsd.org directory. I'm on it now and have logged into the forums on it before. The only document in the folder I do have that isn't blank is in the idb sub-folder in a .sqlite extension specifying "SQLite format 3".

I tried every other site you listed as having a directory for with it and got a warning under the tabs that it had blocked tracking elements on each one:



The forums are the only site I allowed scripting for and I don't show a new folder for any of the sites I show as having visited. I have the same settings as you show in your Clear Private Data shot but also tweak about:config:


```
privacy.trackingprotection.enabled = true
```

I hadn't set the variable mentioned by obsigna.


----------



## drhowarddrfine (May 13, 2018)

There are a lot of things we use to speed up the web experience. It's now a competition used to get your site in front of the others in search results. Parts of pages are now stored on your machine so an additional fetch isn't needed when you click on a link. Gotta save your info so you don't have to login next time. Gotta save your last visited  page so you can find it next time. Including whatever info you entered so you don't have to re-enter it next time. And don't forget to take care of what happens should you lose your internet connection in the middle of something. And then there's all the new and old APIs that work on some OSes and not others and all browsers but NEVER a Microsoft browser.

Of course, if you log in with your Facebook or Google account, that's another big can of worms they'll load you up with.

It's a moving target you can't keep up with.

One needs to be reminded or told, for average users, the browser is now your operating system.


----------



## ronaldlees (May 13, 2018)

These days everybody deletes the cookies and cache, so they've introduced the concept of "super cookies," which reside in the local storage.  The _clear history_ dialog doesn't have a named "clear storage" option in Firefox (interestingly,  Vivaldi does have that option, and probably Chromium does too.  Haven't checked how well they do it tho).  So, as drhowarddrfine mentioned, browser history mechanisms are a moving target  :-(

Edit:  Probably the clear history dialog option called "offline Website data" works on Firefox to delete storage (but haven't checked it).


----------



## drhowarddrfine (May 13, 2018)

I'm not talking browser history at all. Data storage with databases, web storage apis, etc. Don't need cookies at all.


----------



## Deleted member 30996 (May 13, 2018)

Evidently I had www/seamonkey installed on the FreeBSD box I use most, uninstalled it when it had a vulnerability and never reinstalled it. There is the same storgage folder there was on my OpenBSD box and it only has the same folder.

What I really find disappointing, I'll go with that for now, is that www/firefox-esr not only has the same storage folder, files and an additional file about my extensions. It has the same /home/jitte/.mozilla/firefox/a_string.default/datareporting/aborted-session-pings folder and file www/waterfox did that I flipped my wig over a couple months ago. Though I do have my browser set not to send pings:


```
"savedPings":0,"activeTicks":7,"pingsOverdue":0
```

That and a plethora of other information, including but not limited to, all my extensions and their description, default search engine and some system stats like my OS, CPU, RAM, GPU and the driver it uses:


```
"system":{"memoryMB":3984,"virtualMaxMB":null,"cpu":{"count":2,"cores":null,"vendor":null,"family":null,"model":null,"stepping":null,"l2cacheKB":null,"l3cacheKB":null,"speedMHz":null,"extensions":["hasMMX","hasSSE","hasSSE2","hasSSE3","hasSSSE3"]},"os":{"name":"FreeBSD","version":"11.1-RELEASE-p10","locale":"en-US"},"hdd":{"profile":{"model":null,"revision":null},"binary":{"model":null,"revision":null},"system":{"model":null,"revision":null}},"gfx":{"D2DEnabled":null,"DWriteEnabled":null,"ContentBackend":"Skia","adapters":[{"description":"NVIDIA Corporation -- Quadro NVS 140M/PCIe/SSE2","vendorID":"NVIDIA Corporation","deviceID":"Quadro NVS 140M/PCIe/SSE2","subsysID":null,"RAM":null,"driver":null,"driverVersion":"3.3.0 NVIDIA 340.106","driverDate":null,"GPUActive":true}],"monitors":[],"features":{"compositor":"basic"}}},"settings"
```

www/palemoon seems to be behaving itself much better. It has the storage/default directory but it is empty.


PayPal offered to let me sign in by the device I was using at the time (and listed it) in the future instead of my password as a "speedy option to enhance my shopping experience", or something of the sort.


----------



## ronaldlees (May 15, 2018)

Trihexagonal said:


> PayPal offered to let me sign in by the device I was using at the time (and listed it) in the future instead of my password as a "speedy option to enhance my shopping experience", or something of the sort.



There was no password (saved or otherwise)? Do they trust the browser fingerprint that much?  Likely they must be doing something else in addition - like CPU serial and/or NIC MAC and/or super cookie with UUID storage.  It'd be interesting to know how they ID the system.  Is local storage really that secure?  Doubtful.


----------



## Deleted member 30996 (May 15, 2018)

It first came up when I was checking out from renewing my hosting package a couple weeks ago. It's called One Touch Checkout:

https://www.paypal.com/us/webapps/mpp/one-touch-checkout/faq

It provided penitent information regarding the platform I was using, the OS, browser and posed the potential prospect of purposing this puter to purging previous practices pertaining to pesky passwords pestering me persistently when purchasing products purely for pleasurable purposes. Which obscure as it may be can still be spoofed with no problem.


I tried making a donation with the same box just a minute ago and it wasn't going to go through with the transaction unless I logged into my PalPay account with my password, so it's all good.


----------



## ronaldlees (May 15, 2018)

18 bit alliteration - purely poetic!


----------



## Deleted member 30996 (May 16, 2018)

ronaldlees said:


> 18 bit alliteration - purely poetic!



Primo! It's one of my more obscure skills I don't often perform publicly and am out of practice, but previously profusely proficient in pontification of phases pertaining to the Prince of the alphabet and preeminent in my presentation.


----------



## fernandel (May 18, 2018)

Trihexagonal said:


> I've got Seamonkey on an OpenBSD box and I do have the same "storage" directory you indicate on this machine but only the https+++forums.freebsd.org directory. I'm on it now and have logged into the forums on it before. The only document in the folder I do have that isn't blank is in the idb sub-folder in a .sqlite extension specifying "SQLite format 3".
> 
> I tried every other site you listed as having a directory for with it and got a warning under the tabs that it had blocked tracking elements on each one:
> 
> ...


I have set the variable mentioned by obsigna but it doesn't work on mine www/wirefox


----------



## Phishfry (May 18, 2018)

Didn't work for me either.
This problem is actually complex. There are files in the mozilla profile that might be linked.
They all have .sqlite file extensions.

Even though I have downloads history cleared at shutdown, downloads.sqlite grows in size.
I have been deleting several of the .sqlite files manually.

I guess I to have to write a script to truly delete these digital breadcrumbs.
My definition of "Always Clear My Private Data" and Mozilla Foundation Inc. is somewhat different


----------



## PacketMan (May 18, 2018)

Phishfry said:


> I have been deleting several of the .sqlite files manually.



But we are 'unix' guys, just cron job it and then go have a beverage.


----------



## fernandel (May 18, 2018)

Phishfry said:


> Didn't work for me either.
> This problem is actually complex. There are files in the mozilla profile that might be linked.
> They all have .sqlite file extensions.
> 
> ...


https://vikingvpn.com/cybersecurity...ning-mozilla-firefox-for-privacy-and-security
I disable some more thinks from above site and it looks that works now.


----------



## Deleted member 30996 (May 18, 2018)

These are the tweaks I apply to about:config. Depending on which Mozilla based browser you're using some may already be set:


```
browser.cache.offline.enable = false
browser.safebrowsing.phishing.enabled = false
browser.safebrowsing.malware.enabled = false
browser.send_pings = false
browser.sessionstore.max_tabs_undo = 0
dom.battery.enabled = false
dom.storage.enabled = false
geo.enabled = false
geo.wifi.uri = http://127.0.0.1
media.peerconnection.enabled = false
privacy.trackingprotection.enabled = true
webgl.disabled = true
```

The safebrowsing variable prevent sending the page you're visiting back to the Hive. I use them all the time and it doesn't break anything.


----------



## drhowarddrfine (May 18, 2018)

Hm. I don't understand why turning off security features is a good thing. The safebrowsing stuff. Offline cache means you can work offline when you lose a connection but ... ok, I guess. Same with sessionstore. More sites are using "serviceworkers" and more will be coming so it could be detrimental to turn that off. geo is handy for maps and location but ... ok. Haven't a clue why one would disable webgl.


----------



## Deleted member 30996 (May 18, 2018)

There is another I also use. You need to type punycode in the Search area and set:


```
network.IDN_show_Punycode = true
```



drhowarddrfine said:


> Hm. I don't understand why turning off security features is a good thing. The safebrowsing stuff. Offline cache means you can work offline when you lose a connection but ... ok, I guess. Same with sessionstore. More sites are using "serviceworkers" and more will be coming so it could be detrimental to turn that off. geo is handy for maps and location but ... ok. Haven't a clue why one would disable webgl.




Turning off safebrowsing prevents the URL of the page you're visiting being sent back to Google or Mozilla, and is a way to track you. There has been a time when Google reportedly popped up a red warning page when you landed on a site I belong to for reportedly using script-based ads to download malware. I never saw the warning page or the ads due to blocking scripting, though some Windows users weren't as wary. Some site owners are not too particular about who they sell ad space to.

With browsercache enabled Firefox will reportedly store a cache of these pages on your disk where someone else can read, analyze, or save these files. I'm not familiar with "serviceworkers".

Geo is just a privacy thing, same as setting the uri to home. Not that your your IP can't pinpoint you.

Disabling WebGL is an option available through NoScript, I disable it there and in about:config. A google search shows several reasons to do so. It's an older post but links to other sources:

https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern


----------



## drhowarddrfine (May 18, 2018)

Trihexagonal said:


> Turning off safebrowsing prevents the URL of the page you're visiting being sent back to Google or Mozilla, and is a way to track you.


Well, I'd rather Google or Mozilla know where I've been than downloading malware. I'm not sure if it isn't the other way around, that the list of malware sites isn't stored on your computer and that database is checked. I don't feel like looking it up.

There are a number of different caches in browsers these days and pages are cached in one while service workers, a javascript thing that can run in the background, can save data in another cache for local access if you're offline or just quicker response when accessing pages.

webGL isn't the security concern of the past. I just quickly looked this up and you can go to the end of the conclusion. 

I'd go into more detail but I'm really slammed these days.


----------



## Deleted member 30996 (May 18, 2018)

drhowarddrfine said:


> Well, I'd rather Google or Mozilla know where I've been than downloading malware. I'm not sure if it isn't the other way around, that the list of malware sites isn't stored on your computer and that database is checked. I don't feel like looking it up.



This is a list I got back in Firefox 39 and gave this explanation for using the safebrowsing variables:


```
Google’s Safe Browsing for Firefox is enabled by default. This means that every URL you visit is being sent to Google, 
where they will evaluate if it is safe or not. Also, with every update of your blacklist and with every encounter of a reported 
phishing site you will send your existing Google cookie. You will no longer get a warning when visiting a site that Google does 
not consider safe if you disable this option.

browser.safebrowsing.enabled and and right click to Toggle, which will set it to false.

Similarly, Mozilla’s Safe Browsing feature maintains a list of known malware, to compare against every URL you visit. 
You will no longer get a warning when visiting a site with known malware if you disable this.

browser.safebrowsing.malware.enabled and and right click to Toggle, which will set it to false.
```

I am dubious about the part "you will send your existing Google cookie". I don't log into google to get a cookie, so I don't know how they figure that. I do have a webmasters account but don't use gmail or stay logged in when I do a search or surf.


I'd like my browser to just browse, run the extensions I deem necessary, render a page correctly and not snoop on where I go, what I do there or keep a list of my extensions. Running the extensions I deem necessary is almost as important as the rendering of a page. If it won't at least run NoScript I won't use it. www/seamonkey will at least run that and HTTPS Everywhere. 

I may use www/lynx exclusively before it's over, or decide to forgo internet altogether.


----------



## fernandel (May 19, 2018)

Trihexagonal said:


> This is a list I got back in Firefox 39 and gave this explanation for using the safebrowsing variables:
> 
> 
> ```
> ...


What is your opinion about uMatrix/uBlock Origin vs NoScript, please? I was long time NoScript usern and about two months I swithed and for me works very good.
Thank you.


----------



## Deleted member 30996 (May 19, 2018)

fernandel said:


> What is your opinion about uMatrix/uBlock Origin vs NoScript, please?.



I use uBlock Origin and like it a lot. You can get a hosts file with it and it uses the filters I used with AdBlock. It does give me a warning screen sometimes but it's usually something along the lines of tracking or privacy. The web-based email site mail.ru comes to mind, this is from clicking a link at the top of the page:


```
uBlock Origin has prevented the following page from loading:

https://r.mail.ru/n275254619?sz=45&rnd=100117390
 
Because of the following filter

||r.mail.ru^
Found in: EasyPrivacy
```

I doubt any of it is too nefarious compared to yahoo or gmail.


As for uMatrix, I tried it out once but probably didn't give it a fair shake, I know other people prefer it. I've used NoScript so long it's a breeze for me and I don't feel safe browsing without it. Once you see enough scripts you can tell which ones it should take for a site to run, if it needs scripting at all.

Let's try watching a video on wwe.com. You have to enable the script for wwe.com for starters to get basic functionality out  of the site. Now I'll pick a random video to watch.



See how many other scripts there are in addition to it? What a mess. What to pick? I know what it doesn't take, and that narrows it down: I know it's going to take jwpcdn.com by the cdn appendage, and by process of elimination iperceptions.com. But no joy. Now what?



Another script appears for the player, jwplayer.com, but akamaihd.net wants in on the deal, too. Now I get a video without any of the other scripts, allowing only 5 of 34 scripts and 1 object shown as existing in the statusbar.

This is the most simple example I can come up with and maybe uMatrix can do the same thing.

I don't use it but since you do perhaps we could do a real-life comparison how they stack up. This is from a recent click-bait article we discussed in another thread:

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html



I'm using uBlock Origin and NoScript in conjunction and show NoScript blocked 94 scripts and 1 object on that page.


----------



## rufwoof (May 19, 2018)

Trihexagonal said:


> I'm using uBlock Origin and NoScript in conjunction ...


Two of my core three. I also use a usergent spoofer as my core third choice of extension. If a web site can deem your OS and browser versions a simple reference might reveal potential exploits. Throw a selective exploit at the wrong OS and/or browser and more than likely it will fail.

For direct links between me and a trusted hosts, I tend to remove the cache and profile for that session (no extensions etc.).


----------



## Deleted member 30996 (May 20, 2018)

rufwoof said:


> I also use a usergent spoofer as my core third choice of extension. If a web site can deem your OS and browser versions a simple reference might reveal potential exploits. Throw a selective exploit at the wrong OS and/or browser and more than likely it will fail.



That's what I always figure, too.

I have 2 browsers I use regularly. One where I don't spoof my user agent for coming here and that other place where it shows what OS you're using and another where I spoof a Mac or Windows for general browsing. I do have a switcher on both.


----------



## drhowarddrfine (May 20, 2018)

I think you guys need to find a hobby.


----------



## Deleted member 30996 (May 20, 2018)

drhowarddrfine said:


> I think you guys need to find a hobby.



I'll take that as a compliment as I know how you hold FreeBSD hobbyist in disdain.


----------



## Phishfry (May 20, 2018)

Why you kicking sand in the doctors face. He just wants the beach to himself.


----------



## Phishfry (May 20, 2018)

Actually a esteemed member here was recommending USB ethernet devices to avoid MAC fingerprinting.
I thought to myself WOW, I thought I was paranoid. Does he replace them on a schedule.

Just never thought of avoiding the motherboard Ethernet for MAC security implications.
Its one of those conveniences I live with I guess. Life is a tradeoff.


----------



## Deleted member 30996 (May 20, 2018)

Boy, things are really looking up for me.  

An endorsement by the Honorable drhowarddrfine and at the apex of achieving aspirations of accreditation as the deamon I've always appropriately warranted.


----------



## drhowarddrfine (May 20, 2018)

Trihexagonal said:


> I know how you hold FreeBSD hobbyist in disdain.


Not at all. Quite the opposite. My issues are only with kids, lids and space cadets as I said 12 years ago.


----------



## rufwoof (May 20, 2018)

Trihexagonal said:


> I may use www/lynx exclusively before it's over, or decide to forgo internet altogether.


When my ISP upgraded I had a netgear router left over, so I set up a old Celeron tower PC box connected directly to the ISP's hub/router (192.168.1.x network), and the netgear off another of the main routers LAN ports (connected to the netgears WAN port) - off which all other PC's/kit connect (10.0.0.x network i.e. netgear LAN ports). That Celeron has OBSD installed, so by default has a httpd and X ...etc. and adding netsurf to that means I can ssh from my desktop system (in the 'secure' area behind the netgear router) to that Celeron's netsurf

```
ssh -X -C user@192.168.1.9 netsurf-gtk
```
X forwarding is set in the /etc/ssh/sshd_config of the Celeron box, and the main ISP's router/hub is set to prohibit ssh (so can't be accessed externally), but forwarded in the netgear router (so I can ssh between the local LAN segments).

I did try firefox at one time, but that was slow to render, dillo and/or netsurf are much more usable. I also have the ISP router setup to forward https, so that box can be used as a web server.

Conceptually I could have no internet/browser programs on my main (10.0.0.x network) desktop and just use that Celeron PC based browser, perhaps even where the celeron was a DVD read only device as well, but I haven't gone to such extremes.

My plan is to use a smaller scale device at some point i.e. swap out the Celeron for perhaps a Pi or similar device. If that installation is light/small enough I could even set it up to be rebuilt daily (back to 'factory fresh') - such that it wouldn't really matter what might occur (hacked).

There are still risks, for instance the ssh connection security and all traffic flowing from the second to first/main router, but that's no different to any normal traffic flowing over the internet. Also the main routers admin could be compromised if the Celeron was hacked, but I have that router set to be relatively secure as to how the admin might be accessed.

sshfs is a nice addition to that setup, as I can create a local (10.0.0.x PC) mountpoint (/mnt/celeron) and sshfs mount the Celeron box, so accessing files on that box is as easy as any other local folder (I use rox-filer as my preferred file manager).

```
sshfs root@192.168.1.9:/ /mnt/celeron
```
Must admit however that I also think that 'the internet' is becoming too overloaded with different technologies/risks. Usenet/news/mail groups text only type alternatives may very well have a rival ... and leave http type protocols for the likes of handheld/smartphones.


----------



## rufwoof (May 23, 2018)

Reverse ssh is also nice. My 192.168.x.x box for instance can't see my 10.0.x.x box and whilst ssh isn't forwarded so can't be accessed externally, I can ssh from 10.0.x.x to the 192.168.x.x

Which means I can set the 10.0.x.x to reverse ssh into the 192.168.x.x, such as ssh -R 19999:localhost:22 192.168.x.x ... and then ssh through that tunnel back from the 192.168.x.x box i.e. ssh -p 19999 user@localhost

and/or copy files using scp once that reverse ssh tunnel has been set up (first command above) i.e.

scp -P 19999 user@localhost:/home/user/somefile.txt /tmp/somefile.txt ... to copy from the 10.0.x.x box to the 192.168.x.x box ... or
scp -P 19999 /tmp/somefile.txt user@localhost:/home/user/somefile.txt to copy a file the other way around.

If the 192.168.x.x were hacked then it needs to know the port, userid and password. Conceptually the 192.168.x.x box could be set up to hide PID's (not sure of the BSD syntax though for that though, as I've only ever done that under Linux using the unshare command).

If the 192.168.x.x PC is sacrificial, perhaps a liveCD type boot with no HDD or other rw storage, then that could be rebooted regularly back to pristine again whilst being used for general browsing. And where the 10.0.x.x box is for file storage/access on a on-demand (scp) type basis. Could even be headless providing the initial ssh tunnel setup were set to autostart on reboots. Having a local 'cloud' type secure file storage is potentially better than sending/storing files in the cloud (over the external net).


----------



## Deleted member 30996 (May 23, 2018)

rufwoof said:


> Reverse ssh is also nice.



I have a very simple Ethernet network, no wi-fi, consisting of the cable modem my ISP provided going to my Netgear router, which has 4 Ethernet ports. I have a nice Netgear managed switch I can use with it to get 7 machina online at once, but that is pushing it for the space available. I disable SSH, and IPV6, during the build since I have no need for remote access in addition to a number of other services in rc.conf:


```
sshd_enable="NO"
cupsd_enable="NO"
winbindd_enable="NO"
samba_enable="NO"
telnet_enable="NO"
webcamd_enable="NO"
lpd_enable="NO"
rlogin_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
inetd_enable="NO"
```

I also run `sockstat -l4` and `netstat -an` to see what ports are open and deal with them in /etc/pf.conf.


----------



## rufwoof (May 24, 2018)

Trihexagonal said:


> I disable SSH, and IPV6, during the build since I have no need for remote access in addition to a number of other services


Enabling ssh internally, but blocking it at the router so no external ssh access is reasonable and useful IMO, at least when all users on that LAN are trustworthy (family).


----------

