Five Letters Re: The FBI’s Cookie Caper and the VPN Imperative

JWR:
Can you let your readers know what the names, identifying characteristics, and other information is that we can use to check and see if we have the FBI installed cookies on our machines? Thanks, – J.V.

Web Forensics Expert Mr. X. Replies: First let me explain how to look for cookies.  The easiest way IMHO (there is more than one way to skin a cat, my favorite method involves using high-pressure air…) because it is easy and anybody can do it with little or no chance of [accidentally] nuking their own machine:

In Internet Explorer, go into the File –> Import and Export setting.  You are given a choice of three actions – import from another browse, import from a file, or export to a file.  Choose export to a file and hit "next."  You are given three options to export — favorites, feeds, and cookies.  Export cookies by selecting the box and clicking next.  Save the file in a location that you can then find.

When you open the file all of the cookies you’ve used will show up.  And since its a text file it is searchable.  You can do a search on "FBI" … I did this and found:

fbi.gov    TRUE    /    FALSE    1394696342    __utma    158289773.903355577.1331260742.1331260742.1331260742.1

fbi.gov    TRUE    /    FALSE    1331626142    __utmb    158289773.3.10.1331260742

fbi.gov    TRUE    /    FALSE    1347392342    __utmz    158289773.1331260742.1.1.utmcsr=dogpile.com|utmccn=(referral)|utmcmd=referral|utmcct=/search/web

So what this tells you is that there is a tracking cookie from the FBI on your machine.  In this case this tracking cookie comes from dogpile.com (see the last line) which is a search engine that I use frequently.  The problem is that you never know what they will call their cookies.  The aforementioned example has nothing to do with your web site at all.  And I’ve picked up in the past few hours since its Monday here (I scrub down each weekend) just doing searches for topics at work.

There is a similar method in Firefox but given the number of add-ons for Firefox and the different platforms it is on putting directions for each possible combination in would just confuse most people. 

To eliminate the cookies and history you do that via the Tools –> Internet Options option and check off the "Delete Browsing History On Exit" box and/or hit the "Delete" button in the same space (should be on the opening tab of the Internet Options). 

Yes, the only reason I noticed this was because they have not done anything to try to hide what they are doing.  So the obvious stuff is well pretty darn obvious.

There are tools out there like Spybot Search and Destroy that will automatically eliminate the bulk of "bad" tracking cookies that are hidden as well.  There are a number of things you can do to scrub your machine and get very paranoid about your browsing but they are not things that most people should do simply because if you don’t know what you are doing you have a good chance of [inadvertently] nuking your machine. 

James:
I read your blog post about the FBI’s cookie caper and it brought to mind an overview article about The Onion Router (Tor) that I came across a while back

Here is a quote from the Tor web site:

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.

Regards, – D.D.

James Wesley:
Thanks for the post on the FBI cookie caper.  It is distressing, but enlightening about the times we live in.

I’m writing about your change of heart on posting the foresee-alive.js script.  The FBI posts this code on their fbi.gov site. It is available here.

I thought that link might be helpful to some.  I guess maybe those people that are savvy enough to read the script and interpret the code are probably already savvy enough to find it on their own, but I thought just in case I would send this on to you.

Also, I agree with your decision that it’s probably wise to not post the code directly, but I believe that since they did not post any copyright information it is therefore public domain like any other government publication.  Otherwise, they would have to indicate it as a protected work from an outside party.  But that’s my non-professional opinion, and "you’re the doctor" as they say.

Thanks for keeping the flame of freedom burning! – B.C.

Dear Mr Rawles;
I read your announcement about "The FBI’s Cookie Caper and the VPN Imperative". Thanks very much for your candor. However, I believe some of your information is mistaken or missing. Here are the most important points I saw:

Disabling cookies will not remove others’ ability to track you. At best, disabling cookies only makes it a little harder. There are plenty of other ways to track you, including data collection and silent install of malware on your computer to record your keystrokes. Here is an example.

Using a paid VPN does not ensure your security. Here is a good explanation as to why this is true.
A better solution is to use The Onion Router (Tor) and/or Tails and their associated applications. There is also Orbot, an Android app to allow Tor Anonymity browsing on an Android phone. I have and use these. Granted, they are not always the simplest in terms of user friendliness, but once set up they should rarely need changes due to their structure. The Tor Browser, however, is about as simple as it gets on the web.

Not all of the listed browsers are safe to use. Some are outdated (Netscape), and others are inherently flawed from a security standpoint (such as Internet Explorer). More importantly, only two that I know of offer Anonymous Browsing – Firefox and Chrome. Please add the Tor Browser to this list, which is by far the best method for anonymous browsing available to the average user.

SurvivalBlog.com [has a working encrypted https address, but] is not yet HTTPS Everywhere enabled. This means that even if the visitor is using the Tor network, traffic between a Tor server and SurvivalBlog.com is still unencrypted, and vulnerable to spying and/or attack. Please join the HTTPS Everywhere project.

Much of this may sound like an advertisement for the Tor Project, but the reason for that is that the Tor Project is the best method I have found to secure your privacy online, if used properly. (Never identify yourself on the Tor Network.)

Thanks for your consideration in these matters. Sincerely, – I Am John Galt   

Dear Mr. Rawles,
I just took your advice on setting up a VPN.  I have been using an anonymizing proxy for some time and living with the speed decrease, but it’s just so easy to turn it off for something and then forget to turn it back on.  At any rate, I went looking for a VPN provider that is (A) domestic and (B) accepts bitcoin.  It’s just one less way to be trackable since the payments won’t show up on any bank or credit card statement.

At any rate, I found one: based in Chicago, I am now using CamoList VPN and have had a very nice conversation with the proprietor about bitcoin.  Service is $5 a month.  Bandwidth is up to 5 mbps, but that actually doesn’t matter to me since I live in the boonies and have to make do with 1 mbps on my end.  Just thought I’d pass this along for anyone else who might be interested. – Buckaroo

I encourage you to visit the original post and author's website by clicking here:
SurvivalBlog.com on 20 March 2012