Super Cookies

Discussion in 'Windows XP Security' started by priscus, Jul 8, 2019.

  1. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    "A super cookie is a type of browser cookie that is designed to be permanently stored on a user's computer. Super cookies are generally more difficult for users to detect and remove from their devices because they cannot be deleted in the same fashion as regular cookies." - source: Techopedia

    Unfortunately, I live in a place where a monopoly Broadband supplier reigns, at least if you are going to have a wired connection that is. Slow/expensive/unreliable/lousy service/no competitive offers etc etc.

    Now, to add insult to injury, I discover that my ISP places its own super cookie in my browser! This was revealed to me quite recently when I ran a scan with a program called Security Task Manager. The ISP's super cookie in effect passes my search/browsing activity to almost a THOUSAND clients, who I guess are mostly commercial purchasers of such data!

    Security Task Manager will remove the super cookie, but it is to no avail, as my ISP quickly replaces it. I gather the only solution is VPN, or employing data encryption over HTTPS, which I am currently looking into.

    Just wondering if anyone else troubled with super cookies?
     
    priscus, Jul 8, 2019
    #1
    cleverscreenname likes this.
  2. priscus

    Computer semi-expert

    Joined:
    Jan 13, 2019
    Messages:
    266
    Likes Received:
    85
    Location:
    State of Confusion
    Never heard of it. Both of those solutions sound like good ideas; after all, they are great things to do anyway.

    I'm going to have to find out more about this...
     
    Computer semi-expert, Jul 8, 2019
    #2
  3. priscus

    Computer semi-expert

    Joined:
    Jan 13, 2019
    Messages:
    266
    Likes Received:
    85
    Location:
    State of Confusion
    https://nordvpn.com/blog/super-cookies-going-global/

    I found the above article helpful. It says, however, that super cookies aren't like regular cookies in that they actually are injected into the HTTP request, and not used on your computer (other than having information added to them).
     
    Computer semi-expert, Jul 8, 2019
    #3
  4. priscus

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    505
    Likes Received:
    164

    https://www.makeuseof.com/tag/what-are-supercookies-and-why-are-they-dangerous/
    https://nordvpn.com/blog/super-cookies-going-global/
    https://www.comparitech.com/identity-theft-protection/supercookie/
    https://www.pcworld.com/article/238895/how_to_protect_yourself_from_supercookies.html
    https://steemit.com/privacy/@cryptonik/how-to-remove-nasty-super-cookies-from-your-browser
    https://www.techjunkie.com/how-to-deal-with-supercookies/
    https://samy.pl/evercookie/
    https://www.researchgate.net/publication/318118465_User_tracking_mechanisms_and_counter-measures

    File this under an ounce of prevention is worth a pound of cure:
    https://distrowatch.com/table.php?distribution=tens
    By running Linux in LiveCD mode, any cookies acquired during your session will disappear when you log out.
     
    trimis, Jul 12, 2019
    #4
    priscus likes this.
  5. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    So, anyone able to (from experience) recommend which VPN?

    Seems some can be a costly option and some of the free VPN services have themselves been identified security risks!

    Reviews that I have found seem to conclude options are good for particular purposes, and less good for others, as opposed to a good general purpose capability.

    I do have Avast Secureline VPN as one of the services in my Avast antivirus, but to use it I must pay a licence fee, which is just as much as paying for NordVPN! And, I question whether I should trust it: Avast's own Super Cookie is ONE OF THE THREATS which Security Task Manager does identify!
     
    priscus, Jul 12, 2019
    #5
    Elizabeth23 likes this.
  6. priscus

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    505
    Likes Received:
    164
    It entirely depends on what specifically you want the VPN to do. If it is just to hide your IP address from sites you visit, and hide the sites you visit from your ISP, then pretty much any VPN will do. If you want to defeat geoblocking (http://theconversation.com/explainer-what-is-geoblocking-13057), only a handful of VPNs do that. If you expect to increase privacy from government spooks and corporate kooks, you need a VPN located in a country not part of the '14 Eyes' Big Bro bloc (https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/). Another consideration is only some VPNs now work with XP. Those I know of are:
    Anonine VPN
    AirVPN
    Express VPN
    Froot VPN
    IBVPN
    IVPN
    SaferVPN
    VPN Area
    Windscribe VPN

    On picking a VPN, I'd suggest you study the basics, then research which one above offers what you need:
    https://www.vpnmentor.com/blog/choose-best-vpn/
    https://lifehacker.com/how-to-choose-a-vpn-1831320407
    https://www.expressvpn.com/support/troubleshooting/server-locations/
     
    trimis, Jul 13, 2019
    #6
  7. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    Thanks, trimis.

    What a lot of information there! (with the chains of links therein, been reading for a couple of hours) And, I shall be returning to study them in more depth.

    I very, very, rarely use XP to go online, as most of my XP machines are running in tandem with another physical machine, operated from a KVM switch. (Mostly Dual boot: W10 and a Linux) This means that I can have the alternative machine running concurrently, and use it rather than XP to grab anything needed from the web. Should I need to, can copy or move it into a file on the XP machine.

    Even though I use XP a lot, VPN does not need to be compatible with XP.

    I am in UK. Some of the options expensive here, some having few or distant servers.

    I will research further before deciding. NordVPN and Surfshark are attracting my attention, so keen to know if anyone has any bad experiences of either.
     
    priscus, Jul 13, 2019
    #7
  8. priscus

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    505
    Likes Received:
    164
    Unfortunately when I was researching VPNs I discarded everything that did not service Win XP, or was not installable on my wired router. I found these just now:

    https://www.comparitech.com/blog/vpn-privacy/best-vpn-for-windows-10/
    https://www.tomsguide.com/us/best-vpn-windows,review-6232.html
    https://www.vpnranks.com/best-vpn/windows/
    https://www.comparitech.com/blog/vpn-privacy/best-vpn-for-linux/
    https://www.techradar.com/vpn/the-best-vpn-for-linux
    https://proprivacy.com/vpn-comparison/best-linux-vpn
    https://securitygladiators.com/best-vpns-for-linux/

    In case you are wondering why I provide links that often say the same things, it's for consensus. If two or more sites recommend the same, it should carry a bit more weight than if only one site does. Yes, the links contained within the links are sometimes more important than the original link....and you really cannot know too much. What I provided is basically a crash-course in VPNs. Much more to be found via focused Google searches, but I did not want to inundate, and have you throw in the towel halfway through. I'm sure you can use Google to fill in any holes, now that you know what questions to ask. I would only add these:

    https://thatoneprivacysite.net/
    https://www.privacytools.io/
    https://vpntesting.info/
    https://www.ivpn.net/privacy-guides

    NordVPN and Surfshark has a lot of good reviews that you can certainly find on your own, so here is the harder to find criticism:

    https://www.trustpilot.com/review/nordvpn.com
    https://securethoughts.com/nordvpn-review/
    https://restoreprivacy.com/nordvpn/
    https://www.thevpnlab.com/compare/nordvpn-vs-surfshark/
    https://thebestvpn.com/reviews/surfshark/
    https://www.techradar.com/reviews/surfshark
     
    trimis, Jul 14, 2019
    #8
    priscus likes this.
  9. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    Thanks once again for all the info, trimis.

    In midst of viewing some movies at the moment, so will get into reading those links tomorrow.
     
    priscus, Jul 14, 2019
    #9
    trimis likes this.
  10. priscus

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    505
    Likes Received:
    164
    Glad you found it interesting. Hopefully this will at least steer you in the right direction, and maybe provide some guidance to anyone else that later (wisely) decides to follow in your footsteps. With Big Bro now on steroids, and Net Neutrality (https://www.eff.org/issues/net-neutrality) being euthanized, VPNs have become de rigueur. By the time my tech guy comes back for his bimonthly housecall, I hope to have a decision on which VPN for him install on the router.
     
    trimis, Jul 15, 2019
    #10
  11. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    One bit of feedback that I am frequently encountering whilst researching this is numerous complaints from users who having paid fee up front, and locked into a service for a few years, only to find that a service which had initially been satisfactory, deteriorates as increasing numbers of the sites which they visit are blocking the particular VPN's servers!
     
    priscus, Jul 20, 2019
    #11
  12. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,840
    Likes Received:
    753
    Location:
    Florida
    Just what does a vpn do exactly? I do not have one nor would I pay for one, it seems it is just to hide you on the internet?? So far, knock on wood :), I can do my surfing , watch videos, email with yahoo, come to the forums, what else would a vpn add to that??
     
    Elizabeth23, Jul 20, 2019
    #12
    priscus likes this.
  13. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    Yes, I can do all of those things, however, I cannot do them without my ISP spying on my activity and selling my personal data (concerning my online activity) to almost a thousand purchasers.

    Recently found that my email password for the service with my ISP had been leaked, and was listed on the dark web. I rarely use their email service, and cannot think how my activity could have leaked it. I do not think they can possibly establish the bona fides of so many buyers of the data that they harvest, and I am guessing that they sold my email password along with all the other personal data which they acquire and sell without my consent.

    VPN would stop this, as the data transmitted between me and the VPN's server is encrypted, so although ISP can see it, they cannot extract my personal data.
     
    priscus, Jul 20, 2019
    #13
  14. priscus

    Computer semi-expert

    Joined:
    Jan 13, 2019
    Messages:
    266
    Likes Received:
    85
    Location:
    State of Confusion
    A VPN reroutes your Internet traffic through various servers around the world in order to protect your identity.

    Pros:
    • Increased security
    Cons:
    • Cannot be used with a proxy server (that I know of)
    • Slows down webpage load time somewhat due to going through all the servers
    If your Internet connection is fast and you don't need a proxy server, I would recommend a VPN.
     
    Computer semi-expert, Jul 20, 2019
    #14
  15. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,840
    Likes Received:
    753
    Location:
    Florida
    do not have a fast internet connection to my knowledge, takes a good 30 seconds or more for firefox to open, possibly due to my uBlock origin, :) , nor do I even know what a proxy server is, in firefox options and mypal, there is a section to choose system proxy or no proxy, I have tried both ways with no difference in internet action. I do not use the email service of my isp provider, I use yahoo.

    not sure if any one is spying on me, but if they are it must be pretty dull for them, :)
     
    Elizabeth23, Jul 21, 2019
    #15
  16. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    396
    Likes Received:
    151
    My details (which I have since changed passwords etc) were offered for sale on lists by someone going under name of Sanixer: a prolific seller of stolen data!

    Yahoo is known to be one of the sites to have been hacked to furnish data in Sanixer's lists.

    https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/

    When you are talking of data on Millions of people, then it is lucrative. It perhaps would be boring if a person has to read it, but machines do not suffer from boredom. The end result of all this data mining, is that what you spend your money on, and how you vote and otherwise exercise influence, will be in fulfilment of someone else's agenda rather than your own.
     
    priscus, Jul 21, 2019
    #16
  17. priscus

    Computer semi-expert

    Joined:
    Jan 13, 2019
    Messages:
    266
    Likes Received:
    85
    Location:
    State of Confusion
    Elizabeth23: your Internet connection speed has nothing to do with the amount of time it takes Firefox to open. It is more like how long you have to wait for your Google search to load.
    A proxy server is software that acts as somewhat of a layer between you and the Internet. Read https://www.varonis.com/blog/what-is-a-proxy-server/ for more information.
     
    Computer semi-expert, Jul 21, 2019
    #17
  18. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,840
    Likes Received:
    753
    Location:
    Florida
    thanks to both of you for the further info, I will read up on it, :)
     
    Elizabeth23, Jul 21, 2019
    #18
  19. priscus

    FragileHaze

    Joined:
    Jul 21, 2019
    Messages:
    4
    Likes Received:
    0
    I'm not surprised that these kinds of shenanigans happened since the GDPR was enforced. Always companies getting one step ahead of regulations and the like, and by the time they're banned it's too late and they've worked out another way of mining data.

    Won't be surprised that once the 'NSFW content block' is fully in place to ensure mass surveillance on all individuals messaging anyone within the UK under the guise of protecting children and teenagers - individuals who are becoming incredibly un-moderated by modern day parents which is what's led to the chaos that is modern social media's monopolistic nature - they'll announce VPNs are banned in this country too or something... (E2E in IM is already banned here but no company is forced to say about the ban)

    Then again the UK is one of the worst countries in Europe traditionally and today for censorship lol.
     
    FragileHaze, Jul 21, 2019
    #19
  20. priscus

    cornemuse

    Joined:
    Mar 30, 2016
    Messages:
    628
    Likes Received:
    369
    I think I've mentioned this before:

    I have one of my "lot of ten" hdds with Mint Mate as os & with 'Tor' installed. Tor is a bit slower than "plain vanilla" Firefox, it bounces your connection through many servers.
    Its free too!

    Only one time I had trouble with Mint & Tor, I had to force power off, but with NO ill effects after.

    I think vast % of hackers target Windows os's. (thank you bILL gATES!) The multi linux builds are pretty robust.

    Too easy to do with this!:

    https://www.amazon.com/kingwin-kf-255-bk/s?k=kingwin+kf-255-bk

    and these

    https://www.ebay.com/sch/i.html?LH_CAds&_fpos&_fspt=1&_mPrRngCbx=1&_sacat&_sadis&_sop=12&_udhi&_udlo&_fosrp=1&SATA%20Form%20Factor=2%2E5%20in&Brand=Western%20Digital&_nkw=hdd lot&_dcat=56083&Storage%20Capacity=80GB&rt=nc&_trksid=p2045573.m1684

    I think I actually got the 1st: two 'lot of five'. They were mostly WD's, 1 or 2 Fujitsus $5 + change each. none have failed, so far.
     
    cornemuse, Jul 21, 2019
    #20
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.