Poking Around in the Firefox Cache and Protecting Your Privacy from Flash

March 17, 2010

Jump to Protecting Your Privacy From Adobe

While listening to some Dylan this morning, I noticed that after the Youtube video loaded, you could close and reopen the tab, using the “Undo Close Tab”* option in Firefox, without having to re-download the video. Alternatively, if you refresh the page, the video will reload, but this does not occur when you use the, at times, lifesaving “Undo Close Tab” option.

This peaked my curiosity, perhaps as a distraction from work, because it was something I had noticed before, but didn’t know how it worked.

I checked /tmp, but the flash file was no longer there, so I ran updatedb and then used locate to do a search for the name of the flash file, but still no joy. It was then I noticed that even though the file was already fully loaded when you restarted the page, it had a different name each time.

Armed with the knowledge that aside from the /tmp folder, there weren’t too many other places the flash video could be stored, I began poking around my home folder. I checked the .macromedia folder first, even though in retrospect this probably wasn’t logical, but the only thing there was settings for some of the flash pages I had visited today**.

So, next, I began searching through the .mozilla/firefox folder, which was where I came across the Firefox Cache folder. It was here that, among a number of other files, I found the 10mb flash file. Probably should have checked here first, as in retrospect, the cache folder is quite obviously the logical location…

*Couldn’t Tell you how many times this has saved me from myself. To use, right click on the tab bar and select the “Undo Close Tab” option.

**Protecting your Privacy from Flash

Even if you have your browser set to delete your temporary files after each session, Adobe stores settings for any page you visited that uses flash on your computer.

This has been the source of numerous security discussions, as it effectively opens you up to being tracked, even if you don’t use cookies or if you clear your browsers cache regularly. Being very conscious of my privacy and being easily upset when this privacy is circumvented, I use a very simple script to automatically delete these settings[1].

The script is as follows:

#! /bin/bash
#This deletes the temporary files stored by Flash
rm -r /home/whatisgon/.adobe/
rm -r /home/whatisgon/.macromedia/
rm -r /home/whatisgon/.mozilla/firefox/ghftfdse.default/Cache/*

This deletes the .adobe and .macromedia folders, which is where the Flash settings are stored, as well as clearing the Firefox cache[2].

The only parts that need to be customized is the name of your home directory[3], with whatisgon needing to be changed to whatever your username is, as well as using the name of your Firefox profile. For the purpose of this script, the name of my Firefox profile is ghftfdse.default. You will need to change this to the name of your profile, which can be found in Firefox’s profiles.ini. Admittedly, clearing the Firefox cache is probably redundant, as I have it set to delete each time I close Firefox.

Save the script as clearflash and make sure to make it executable by using the chmod +x clearflash command.

There are a few ways you can use the above script.

One option is to set it to run each time your computer starts.

To do this, save it to your /etc/rc.d folder and add the name of the script, clearflash to the daemons line. If you have a graphical manager set to run automatically, such as GDM, insert the clearflash script before it. Afterward, it should look something like:

DAEMONS=(…Other Running DAEMONS…clearflash gdm)

Of course, this option only deletes it when you restart your computer, so another option is to set the clearflash script to run each time you use Firefox, which is my preferred method.

First, change the name of the firefox binary in /usr/bin, you can use the following command: mv /usr/bin/firefox /usr/bin/firefox.bac

Next, create a new file named firefox: touch /usr/bin/firefox

Add the following text to the new firefox file:
#! /bin/bash
#This first checks to see if Firefox is already running by getting its process id.
#If it is not running, it starts Firefox and runs the clearflash script
#when Firefox closes.
#Otherwise, it just starts another instance of Firefox.
fPid=`pidof firefox.bac`
if [ -z "$fPid" ]
then
/usr/bin/firefox.bac && /etc/rc.d/clearflash
else
/usr/bin/firefox.bac
fi

Quick Explanation of the Bash Script

Note that line 6, which gets Firefox’s pid using pidof, does not use a parenthesis(‘), but uses the `, which is located to the left of the 1.

The && tells bash to run the clearflash script only if Firefox returns success, so if Firefox unexpectedly quits or you run: killall firefox.bac, the clearflash script would not be run.

It is necessary to check if Firefox is already running, because if you don’t, Firefox opens a window using the existing process and returns success, which would cause clearflash to run and delete your existing cache/flash in the middle of your session.

Using the Bash Script

Make it executable: chmod +x /usr/bin/firefox and the adobe flash files will be deleted each time you close firefox. Keep in mind, this also means things like saved volume settings will be cleared each time you use Firefox. Since it uses the same name, firefox, you should not have to change any existing links to firefox.

To get rid of the script, you can either use the command: mv /usr/bin/firefox.bac /usr/bin/firefox or create a new link by using the command: ln -s /usr/lib/firefox-3.6/firefox /usr/bin/firefox

[1] It should be noted that this is on Arch Linux, but the principals are the same across different distros…
[2] It is important to note that if you don’t clear your Firefox cache after each session, you would want to omit the last line of the clearflash script
[3] If you have multiple user accounts that use an X Interface, you would need to create separate clearflash/firefox scripts for each one, perhaps using a naming convention like clearflash-username1 ect. The alternative would be to clear all user’s files at once, which would likely require changing/compromising your permissions…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s