Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

This is activity tracking, which does have legitimate and desirable uses, similar to the history function in a browser. However, unlike a browser there is no convenient way to turn it off, and no built-in way to clear the history. That is the niche that programs like kscrubber fill.

It's always possible such built-in phone-home or backdoors exist. From a security standpoint, I think the larger concern is apps and plugins like Flash that frequently and regularly have security "bugs" that allow execution of arbitrary code on your machine, and other de facto viruses in the form of common commercial software, proprietary video drivers, etc. There is no easy way to know what these closed-source components may be doing, or what security holes they may be opening. This is simply one of the unpleasant realities of using them. In addition, even FOSS apps have been caught planting viruses (just recently a gnome screensaver did).

There is no such thing as 100% security in computers. Good security practice requires you to consider what information is available if security is compromised, and limiting the amount and quality of that information. If such a vulnerability does exist, what information is present on your machine to be stolen, used for creating a long-term, detailed profile of your activities (online and offline), etc.? In this case, keeping a cleaner system limits the information available. Flash cookies for example will give an intruder an almost complete list of websites visited from your computer for years (this includes others besides you in your home or workplace who may use your computer), and some of the data stored on your machine by those websites. Unlike browser cookies, there is no limit to the amount of data a website can store in a Flash LSO (or if there is, it is very large).

I realize all of this can sound paranoid, and it probably is if you're just running a typical desktop system, doing some shopping on the web, etc. But there are circumstances where PCs are used where more security or privacy is desirable or required. Then there is simply the habit of maintaining such security on principle. I don't think many people like the idea of others nosing through their PC, especially when those others have malicious aims or theft in mind. Regardless, kscrubber doesn't address the 'why' of it, it just aims to clean the system as much as possible, giving you a limited ability to opt-out of all the tracking and other data retention that KDE and other apps force on their users. Even this isn't going to be 100% - it's just general cleaning that aims to be as thorough as possible.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

So true, which is why I usually limit my downloads to vetted repositories and websites. But, on a couple of occasions I recall reading about an app residing on a a server supporting that application (the name escapes me but someone will remember) being hijacked and loaded with maware, but the switch was discovered within a few hours, cleaned up, and the infected parties notified.

Also very true. While Linux is harder to infect, and probably not worth the effort as long as people continue to run XP, VISTA and Win7, there are avenues of infection which can trip up the careless. The usual routes, infected emails containing viruses or Trojans, or clicking on web pages, usually don't result in an infection unless some heavy SOCIAL ENGINEERING takes place. What the Linux user has to watch for is clicking on imitation websites (phishing sites) which ask for login names and passwords to private financial or other accounts. In Windows only the "apparent" extension is shown, but when a Linux user hovers a mouse over a link the ENTIRE link appears in the status line, revealing hoax URLs for what they are. In Windows a link may appear as
"http://www.somebank.com" and the Windows user happily clicks on it to enter his name and password to get his account "verified", as if a bank would need to do that. What the Linux users sees is:
"http://somehackersite.net/abcd/?"http://somebank.com"
and they know some evil is afoot.

No paranoia at all. Just how paranoid one has to be depends entirely on how much they risk loosing. My own laptops are behind a Linux firewall in my wireless router, which is behind my ISP's firewall. I always use my gmail accounts to hand out my email addresses, except in special circumstances, and let Google's spam filters work. Thunderbird's spam and junk catches the rest. For serious online banking I have KK 9.10 on a LiveUSB, firewalled, no email, on which FireFox is set to only access my bank. All other websites go into 127.0.0.1. No passwords or hints are saved, and the bank is instructed to not register my IP address or the browser. All other online financial activity is done with a single insured credit card. And, I have a service which monitors my name, identifying and personal information on all three credit reporting agencies for any activity relating to me.

If you ever see me using Windows to do online banking then you know that I have gone certifiably insane, because only a totally clueless or insane person would even consider such activity, even with the very best Windows firewalls and AV products installed.

However, to "nose though" my laptop one would have to gain physical access to it, know the HD password, and know how to do a "single" boot. In nearly 12 years of using Linux under all sorts of circumstances I have never had a single intruder nor infective agent compromise my Linux systems, although several have tried. Back about five years ago, when AV software houses were trying to drum up Linux AV business, they had spread the rumor that Linux was susceptible to jpeg viruses. That is, just downloading and viewing a jpeg picture with an embedded virus would cause your Linux installation to become infected. In ONE year the number of supposedly infective agents against Linux leaped from less than a dozen to over 400! ALL of those new "Linux" viruses were merely Windows jpeg viruses with the word "Linux" added to their names, and claiming to contain both windows and Linux binary executable code segments. When the hoped for increase in Linux infections never occurred the ad campaign fizzled out. But, during that time, my Linux boxes where being hit by thousands of probes per day trying to upload a jpeg file.

What I thought I would find, I-G, were my account names and passwords and hints from my non-financial sites (SecondLife, this forum), but I didn't see any of that stuff. So, as long as my registration materials don't appear I am not concerned. I'll just retain the "easy of use" functionality, knowing what you've informed me and others of, and keeping it in mind in the future. Personally, I think you've done some outstanding work. I think you next step should be to contact Aaron Seigo, the KDE project leader, and share your ideas and suggestions for adding user adjustable settings in the KDE system settings program for improving security by implementing your techniques.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

We'll make a note of that.

Most of the KDE activity tracking is more related to what files you've opened and copied, URLs, searches in your text editors, playlists in your media players, image thumbnails, crash logs, clipboard history, etc. Account names and passwords are more a browser-specific issue. If that is your main concern then clearing the browser form history AND vacuuming the databases (Firefox) should be sufficient.

As you say, activity tracking may be of no interest to you. If you're a political activist in China (to choose an extreme example) with a hot file on your computer that you'd like to delete all references of, or else go to prison for life and have your organs sold, you may view it differently.

In my recent experience, Ubuntu as well as KDE seem to avoid addressing these issues, even where they are outright bugs, in the same way Microsoft is notorious for doing, which frankly makes me seriously question their motivations. Such concerns fall of deaf ears. So I think the best approach at this point is to take matters into one's own hands and do some scrubbing, and if that is not sufficient, change to a different DM and software set. Interestingly, Openbox and LXDE do virtually NO activity tracking, yet miraculously seem to work just fine without it.

But prove me wrong if you can by taking up the issue with them. I'm done writing letters to my senator expecting results. The effort-to-outcome ratio is far too high - virtually infinite.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Can't argue with that. Living in America I take freedom of thought and expression as a given, but as many on this forum know, I AM A LINUX ACTIVIST! 8) It just doesn't carry the same danger as being an activist in totalitarian states. If I weren't living in America I'd be as paranoid as possible and try not raise any suspicions.

I doubt if I can. You and I both know that we have the best Congress money can buy because the majority are bought and paid for. We just can't afford to make big enough "campaign contributions".

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

as my friends in the head business have oft pointed out to me at cocktail parties ... off the record ...
just because you are feeling paranoid doesn't mean that someone is not following you

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

I take my privacy (and protecting it) very seriously, but I don't really see how a list of recently visited directories would be such a privacy problem that it'd need an option to disable it. Especially since the information is not really broadcast over the internet.

Theoretically, yes. But it is virtually impossible to "hide" such code in open source software.
Yet there are legitimate concerns when installing binary (pre-compiled) packages from untrusted sources.

Of course caution is not a bad thing (even being over-cautious is much better than being blue-eyed).

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Looking at Firefox .sqlite issue.

Cookie backup not deleted.
I tested this only in BleachBit ... [Edit: deleted an unintended comment].
After running BleachBit to vacuum the sqlite data base, the cookies were gone BUT the cookie backup file, cookies.sqlite~, was still there and had all the private info in it.


For kscrubber,

$srm $userhome/.mozilla/firefox/*/cookies.* 2> /dev/null

# Remove residual data from firefox sqlite databases
if [ -d $userhome/.mozilla ]; then
find $userhome/.mozilla -type f -name '*.sqlite' -execdir sqlite3 '{}' 'VACUUM;' 2> /dev/null \;


$srm $userhome/.mozilla/firefox/*/cookies.* 2> /dev/null

=> That should get the cookies.sqlite~

But what about:
find $userhome/.mozilla -type f -name '*.sqlite' -execdir sqlite3 '{}' 'VACUUM;'

(I suppose if cookie.* is gone, and then so is cookie.sqlite~, then you'd be ok and not see any cookie.sqlite~ AFTER scrubbing. I need to re-do my kscrubber for my 9.10 test installation -- long story )



Comment ... No one said it is a rational world. But having been a programmer a long time ago, I'm having difficulty imagining what the FX guys/gals had in mind for their privacy settings and facilities. When you clear your private data using their settings, that's only superficial so you don't SEE your private data in their GUI screens. But, as you've pointed out, I-G, your data is everywhere in the sqlite db readable using Kate -- every single click you made, even your user names and email address (I did not see PWs which are encrypted, I suppose). To say that FX dropped the ball here is a gross understatement. I also noticed that my FX 3.5.6 in 9.10 does NOT seem to have a "Clear Private Data Now" option; you can only clear it upon closing FX ... ?


One other thing about BleachBit, you can not get Places deleted without also deleting your Bookmarks! (All your bookmarks, not just the bookmark backups.) Basically, you just have to do all this fine-tuned cleanup manually, bottom-line. Again, what the heck are programmers thinking?


Finally, a thought about paranoia. If you are not already feeling so, you might be if you gave yourself a chance and started investigating what goes on under the GUIs!
You CAN train yourself to be paranoid!

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

kscrubber's removal of "cookies.*" will take care of the backup file. You're correct the backup is not vacuumed, but since it is removed this shouldn't matter.

As for BleachBit not deleting the cookies backup, that is sloppy - you might submit a bug report on that. Not much point in deleting the cookies file if you're not going to delete the backup copy.

Agreed, although from what I've gathered on this it appears that the immediate cause is in Ubuntu's build of Firefox - namely the fact that they built Firefox without "SQLITE_SECURE_DELETE". I suspect Firefox built by Mozilla does not have this problem, and this problem does not appear to exist on my Arch install. So more than anything, Ubuntu dropped the ball. As can be noted in this bug report, they were notified of the problem and even corrected it in the PPA. It now says there that the fix has been commited in Karmic updates, but I don't know if that refers to the PPA only. I haven't tested it recently, but last I knew, this problem still exists in the Firefox in Karmic, even after the bug report said fixed. Either way, it's worth vacuuming the databases once in awhile as it can also speed up Firefox considerably.

All of that said, why wouldn't Firefox require SQLITE_SECURE_DELETE? Seems like it should be mandatory, or at least the default. Perhaps they are putting performance ahead of security.

It should have Tools|Clear Recent History, which is essentially the same as the old Clear Private Data. However, that option will be disabled if you have Private Browsing enabled.

Another design flaw of Firefox - it stores your bookmarks in the same database file (Places) as it does the history of recently visited websites. Thus without using sqlite to edit entries in the file, there is no way an external scrubber can clear the history without the bookmarks as well. This is why kscrubber advises you to clear your browser history BEFORE cleaning. Do everything you can to clear things within Firefox, then run kscrubber to complete the process (mostly just vacuum databases and delete Flash cookies - the two things Firefox won't allow you to do).

I ask myself that question every day.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Yes & OK on all accounts.
Btw, to clarify, I DID see that kscrubber would NOT have the problem "Cookie backup not deleted," but I failed to edit my 3rd sentence in above post about it.
Again, thanks for all your feedback/responses.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

As I said, everyone's needs are different. Folder names, like file names, can reveal what documents you've been viewing offline. (If you download abc.tar and extract it to ./abc/ for example). As an activity tracking cleaner, it would be an oversight for kscrubber to ignore this data, even if it's not the most critical for some users. For example, BleachBit's cleaning of Recent Documents, but ignoring kdeglobals and plasma-desktop-appletsrc is not consistent behavior. IMO it's dangerous because it only gives people a false sense of security - having them believe it cleaned data of recently viewed documents when such data still exists.

gnome-look is reputable and "trusted", yet their binaries were infected. Mozilla has also had infected binaries on their site. As most of us don't compile from source, and even the source code may not be examined in sufficient detail, this kind of hidden security threat is not only possible but becoming more common. In addition, many contaminations can be cloaked as accidents or oversights, but they open a security hole which can then be exploited. If caught the party responsible can just claim it was an error. IMO many of the apps built for user surveillance, such as Adobe products, use this regularly. It is another pattern to look for, not just blatant viruses.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Did the bug report, quickly (as I think they will "get it" real fast):
Cookie backup (cookies.sqlite~) not deleted in Firefox
1. BleachBit
2. Bugs
3. Bug #500825
https://bugs.launchpad.net/bleachbit/+bug/500825
(aka mikeXYZ)

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

Good - will be interesting to see the response time to see how these modules are maintained. I think the fact that BleachBit deletes the user's OpenOffice configuration is also a bug, which you may want to report if you use that.

FWIW, based on my review, kscrubber does a more thorough and careful cleaning than BleachBit for the programs it cleans. BleachBit does have modules for programs which kscrubber doesn't handle, such as RealPlayer. By "thorough" I mean kscrubber removes data BleachBit misses, including data stored inside config files, and by "careful" I mean kscrubber won't modify your configurations or cause system breakage like I noted BleachBit doing in some cases. I think some of BleachBit's modules are created with more care than others.

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

"FWIW, based on my review, kscrubber does a more thorough and careful cleaning than BleachBit for the programs it cleans."

I agree, exactly so.


The OpenOffice deal is "subtle" (insidious?) in the sense that the average user would not notice the few offending Preview lines in that VERY long list of OO deletions presented to the user.
This FX fiasco is unsettling, too. The cookie-thing, but also, as you do and said, they should direct the user to first use FX's privacy cleanup before running BleachBit (because of the Places - > Bookmark issue we discussed above).

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

I can't see how gnome-look (or kde-look, or any site that allows just anybody to upload stuff without any review process) could be considered a trusted source. I'd never download any *binary* packages from such sites.

In some cases such information may indeed reveal something (yet I can't really imagine a case in which it would reveal any *important* private information). And as the information is stored locally, if someone can access the data you usually have bigger privacy and security concerns to deal with. (in other words, I can't see anyone compromising a machine to get a list of recently visited directories).

I do agree with this. For consistency, any software designed to clear user activity data, should have an option to clear everything (even data that may not be that sensitive)

Re: A new privacy and log scrubber for KDE4, Firefox, & Flash

kscrubber seems to run fine on both Kubuntu 9.10 (with KDE 4.3.2) and on Kubuntu 8.04.3 (with KDE 3.5.10). Seemed to clean everything and everything works afterwards (so far). The option --onepass is fast.

Just one thing:

Kubuntu 8.04.3 (with KDE 3.5.10)
sudo myscripts/kscrubber --onepass --clean
kscrubber: Option --onepass - using one-pass wiping
WARNING: The following programs are currently running. kscrubber cannot
reliably clean the files of running programs. For best results,
quit these programs before proceeding:
konqueror

Do you want to proceed? (y/N)


Problem is that Konqueror was not open; nothing was open besides Konsole (where I was running the kscrubber command). kscrubber DID, though, seem to clean out Konqueror files.


So, basically, all is well!