General :
K-Meleon Web Browser Forum
General discussion about K-Meleon
sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 06, 2018 08:43PM
I'm using K-M76-RC2 and this file lists a huge amount of sites I've visited.
Browser clean up becomes a little compromised while this list remains intact.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 07, 2018 01:36AM
It works for sure.
I've done it for ages and nothing was written to that file.
By doing so you disable a potential security layer at the expense of privacy. It's a personal choice.
In KM-Goanna you can set
network.stricttransportsecurity.enabled
to
false to achieve the same result.
Edited 1 time(s). Last edit at 01/07/2018 01:38AM by Yogi.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 07, 2018 08:30PM
Sorry for replying so late. After reading your post twice I'm afraid that you misunderstood something and since no one replied since...
That's not a (new) different location for fingerprinting, just
another way to misuse (this time) the
HTTP Strict Transport Security implementation for tracking/identifying.
As for fingerprinting, it's almost impossible to completely circumvent - even if you switch browsers. It's only a matter of expense and effort for the operator of the server you connect to. Generally, operators are trying to avoid unprofitable expenses...
Edited 1 time(s). Last edit at 01/07/2018 08:44PM by Yogi.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 07, 2018 08:45PM
Quote
Yogi
Sorry for replying so late. After reading your post twice I'm afraid that you misunderstood something and since no one replied since...
That's not a (new) different location for fingerprinting, just
another way to misuse (this time) the
HTTP Strict Transport Security implementation for tracking.
Read it a third time...?
@JG:
there sure a lots of ways and prefs to tinker with, for blocking lots of different stuff (supercookies is just a general term for all sorts of private-stuff-tracking)
DOM-storage is often abused, but sometimes necessary for the purpose it was actually invented :cool: Guess some google-services (docs?) need them, but not sure. That's why my macros priv3buttons and permdefs contains a toggle.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 07, 2018 09:17PM
Best way to avoid supercookies (not fingerprinting) would be a private mode browsing implemented in K-Meleon.
Wonder if workarounds with a second profile folder and tinkering with policies at OS level is the best solution for the average user.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 07, 2018 10:57PM
Quote
Yogi
Best way to avoid supercookies (not fingerprinting) would be a private mode browsing implemented in K-Meleon.
Wonder if workarounds with a second profile folder and tinkering with policies at OS level is the best solution for the average user.
+1
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 08, 2018 09:23PM
Thanks for info, I'll either erase the file and set the new one to read only, or
set it for custom delete in ccleaner.
I found sitesecurityservicestate.txt when I was using Agent Ransack's text search for urls within the entire K-M folder to see how well K-M cleaned up web traces.
Chrome (theworldbrowser) is bad for storing traces in many different files and now I see that zoom prefs are stored in the main prefs file on a per site basis.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 10:23AM
Just a little confused on what steps to do. Maybe this is 'overkill' but I did this step first.
Clear the contents of the 'SiteSecurityServiceState.txt' file located in the K-Meleon folder and then I set it to 'Read-only'.
Also, as Yogi posted:
"In KM-Goanna you can set - network.stricttransportsecurity.enabled
to false to achieve the same result."
I did both ... is this OK or 'overkill' ???
Also J.G. posted right below Yogi's post:
About to block supercookies IMHO,
dom.sms.requestStatusReport false
dom.server-events.enabled false
Also to completely bypass this kind of issues:
dom.storage.enabled false
dom.storage.default_quota 0
... should those steps also be done, I checked my settings and they are currently 'true' and the 'dom.storage.default_quota' has the number '5120' and not '0'.
... also I found this information:
user_pref("network.stricttransportsecurity.enabled", false);
user_pref("network.stricttransportsecurity.preloadlist", false);
... should these be set as indicated?
thanks,
Edited 1 time(s). Last edit at 01/10/2018 10:47AM by callahan.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 12:56PM
callahan
WOW, that is a lot of prefs. Thanks for putting all together in one place.
If I can, I will test and report. Best outcome is some macro for users which may help make correct settings depending on what exactly the user wishes to accomplish.
Hanlon’s razor is an eponymous adage named after Robert J. Hanlon that states: “Never attribute to malice that which is adequately explained by stupidity.â€
JamesD
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 02:29PM
JamesD ... OK, thanks for checking all this out. Maybe a 'guide' or a future fix of some sorts would be in order.
There may be other people like me just not sure what to do or 'how much' to do.
Maybe just marking the file as 'Read-only' would be enough ... maybe several steps or 'fixes' should be done ... just not sure on my part.
callahan
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 02:35PM
Also wondering: does anyone know if KM keeps this file active in RAM during a session, like prefs.js? If yes, a protected disc-file wouldn't help much people with extremely long browser sessions, but instead the pref-toggle much better. This is also much more flexible, could be toggled on only when needed for a short time.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 05:53PM
Quote
callahan
Also, as Yogi posted:
"In KM-Goanna you can set - network.stricttransportsecurity.enabled
to false to achieve the same result."
I did both ... is this OK or 'overkill' ???
Basically the same result. Main reason for posting that pref was to show which feature you kill by write-protecting that text file.
Quote
callahan
... also I found this information:
user_pref("network.stricttransportsecurity.enabled", false);
user_pref("network.stricttransportsecurity.preloadlist", false);
... should these be set as indicated?
thanks,
The respective features, the two prefs you mentioned above stand for, will be crippled if set to false but you will still have some entries in
SiteSecurityServiceState.txt.
For a test you can visit the below sites:
support.mozilla.org
support.cdn.mozilla.net
If you want to keep
SiteSecurityServiceState.txt at 0 Bytes you will have to write-protect it.
No farther changes in
about:config needed.
Re: sitesecurityservicestate.txt - what is this file's purpose ?
Date: January 10, 2018 06:12PM
Quote
siria
Also wondering: does anyone know if KM keeps this file active in RAM during a session, like prefs.js? If yes, a protected disc-file wouldn't help much people with extremely long browser sessions...
If remote servers can read the RAM then you have a much bigger problem than the issue we are talking about (cookies, passwords, e.t.c.).