About privacy and security, people always talk about things like cookies, flash... and they should not forget about the hosts file, but there is now something much more dangerous and it's DOM storage. DOM storage has become a much bigger threat to our privacy than the dreaded cookies were. Unfortunately this technology is certainly set to leave cookies in the dust. I strongly advise you in Firefox to change the default value of this configuration to false
, if you make no other about:config edits in Firefox, please make this one:Turn off DOM Storage (please?)
about:config Name: dom.storage.enabled
Default value: true
Modified value: false
The following is quoted from http://www.w3.org/DOM/
though they have moved it for whatever reason, this link now points to their main page on DOM:
HTML5 web storage, a better local storage than cookies. What is HTML5 Web Storage?
With HTML5, web pages can store data locally within the user's browser.
Earlier, this was done with cookies. However, Web Storage is more secure and faster. The data is not included with every server request, but used ONLY when asked for. It is also possible to store large amounts of data, without affecting the website's performance.
The data is stored in key/value pairs, and a web page can only access data stored by itself.
Also, you could make these: Referrer Control
about:config Name: network.http.sendRefererHeader
Default Value: 1
Modified Value: 0
By setting network.http.sendRefererHeader
in about:config to 0
, whenever you visit a link from one site, the destination site doesn't know the original site you were referred from.
This in effect makes the Firefox add-on RefControl (& others) redundant. There is a caveat
If you find that you can't get into a site that you want to use it can be due to this setting. Under such circumstances you would be better off using the likes of RefControl
as you can use whatever options you choose for your normal surfing & then choose a specific option that works with specific troublesome sites.
I am very rarely blocked from a site (for whatever reason) & under such circumstances I don't want to use the site anyway! Turn off default Send Secure Referrer
about:config Name: network.http.sendSecureXSiteReferrer
Default Value: true
Modified Value: false
I found technical info' on sendSecureXSiteReffer
I've been running with this setting for at least 6 months, it gives no trouble on my sytems & I'm running https Everywhere too.
Oh and about Lightbeam for Firefox:
When I first installed this software (roughly 8 months ago as of this writing) I ran the add-on for days & never had one computer show up on my screen. Even when I turned all my security add-ons off. The reason being I don't have any cookies on my machine unless I chose them.
After having been lulled into a false sense of security by that experience, I've found that my security had been compromised & that it is not so much cookies as DOM storage which is the newish but extremely widely used culprit. The screenshot to the left excludes the cookies that were shown in the previous screenshot shown above & shows only the DOM storage type connections. This is pretty scary. (More to come.)
(in the screenshot and with no cookies in the computer, we can see many connected sites... thanks to DOM storage)
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)