XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sun Jun 25, 2017 7:44 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Wed Jan 18, 2017 6:03 am 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 645
Location: Halfway between New York City and Atlantic City
Especially following a situation with LinkedIn that I believe was more than coincidental a couple of years ago, I've never liked staying logged in to websites.

But are there/can there be any security risks by doing so?

_________________
I am a proud Aspie. I wonder about and see things in a very literal, logical and pragmatic manner. Thus:
"The only spin that is of any real value is that which follows the rinse cycle."

MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.5


Top
 Profile  
 
PostPosted: Wed Jan 18, 2017 8:11 am 
Offline
User avatar

Joined: Mon Sep 14, 2009 8:51 pm
Posts: 432
Location: Minnesota, USA
I am by no means an expert on this. I recall reading a number of years ago about how being logged in left an open conduit that supposedly somebody really tech savvy could utilize but that was a number of years ago and with the prevalence of being logged in these days maybe the secure site feature has minimized that. I know I stay logged into some sites for hours at a time and have seen no issues.


Top
 Profile  
 
PostPosted: Wed Jan 18, 2017 3:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9269
Location: Caught between the moon and NYC
When you read about cross site scripting vulnerabilities, that's one site accessing another site using whatever credentials are available in the browser to access the other site. Facebook is the prime target of this, so if you can stay logged out of Facebook you're safe from most miscreants.

I tend to keep connections logged in while I have the browser open, but then clear most everything when I close the browser, which makes me log back in everywhere I visit after that. Buuuuut I don't log into Facebook, LinkedIn, etc. except in very rare instances.


Top
 Profile  
 
PostPosted: Wed Jan 18, 2017 3:12 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9636
Location: North of the State of Jefferson
For sufficiently loose definitions of logged in, it presents more opportunity for security issues if the site is programmed in an insecure manner:
  • Simplify tracking as you browse other sites (this is usually intentional, a la Facebook)
  • Allow cross-site request forgery
  • Is a precondition to stealing session cookies for accessing the site
  • Probably more...

In general, if the site is one that contains anything you care about, log out when you're done using it, and if you don't want to be tracked quite as easily, clear your cookies.

- Anonymous


Top
 Profile  
 
PostPosted: Wed Jan 18, 2017 5:23 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9269
Location: Caught between the moon and NYC
I should probably mention that I tend to close my browser several times a day, and each time it closes it automatically clears cookies, cache, etc. Basically everything except saved passwords and even then I rarely save passwords.


Top
 Profile  
 
PostPosted: Thu Jan 19, 2017 12:08 am 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9636
Location: North of the State of Jefferson
Same here. I close it at least twice a day. Sites can save all the cookies and whatnot they want, but everything gets wiped out at least twice day. I take other countermeasures to somewhat complicate browser fingerprinting, but they're only effective against sites that aren't trying very hard. At this point it's probably impractical (without writing your own crippled paranoid browser, which I think qualifies on several levels as "impractical") to prevent probabilistic fingerprinting.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jan 19, 2017 7:54 pm 
Offline
User avatar

Joined: Sun Nov 27, 2011 1:55 pm
Posts: 1860
What about tripadvisor?
I stay logged in there. When I close the browser it deletes all cookies, my setting, BUT I've whitelisted TA so those cookies don't get deleted. Am I risking something? Nothing personal on TA, not even my name and I'm not Mrs H there.

_________________
Mrs H


Top
 Profile  
 
PostPosted: Fri Jan 20, 2017 4:38 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9636
Location: North of the State of Jefferson
I wouldn't worry about it.

Or by analogy: Should you drive at night? No, of course not. It's less safe. On the other hand, if you want to go someplace beyond walking distance at night it's entirely reasonable and appropriate and I wouldn't give it a second thought. Unless, perhaps, you'll be taking the Facebook or checking account road (to strain the analogy).

- Anonymous


Top
 Profile  
 
PostPosted: Fri Jan 20, 2017 5:28 pm 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 645
Location: Halfway between New York City and Atlantic City
By "closing the browser," do you mean closing the browser window or quitting the browser application completely? I'd read several years ago already that just by closing the browser window and opening a new one – rather than simply entering a new URL – prevents the first site from tracking one's actions. So that's what I've been doing ever since.

I also do log out of sites rather than staying logged in. My browser remembers my login credentials for most sites, so it's not a bother for me. I posed the question because I'm wondering why so many sites now ask if I want to remain logged in (as if they benefit somehow by my doing so).

But, then, I also don't opt to use the "auto-pay" feature offered on the websites of some companies (such as cable, phone and utilities), and that's not so much over any browser security issue as it is that I don't give anyone access to my money without initiating the transaction myself.

_________________
I am a proud Aspie. I wonder about and see things in a very literal, logical and pragmatic manner. Thus:
"The only spin that is of any real value is that which follows the rinse cycle."

MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.5


Top
 Profile  
 
PostPosted: Mon Jan 23, 2017 11:14 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9269
Location: Caught between the moon and NYC
When I close the browser window I mean quitting the application. I have Firefox setup to clear everything except saved passwords on quit. Just closing a browser window while leaving the application running doesn't get you as much security and/or privacy as you might think, since all the stored session data is still intact.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group