HTTP Strict Transport Security (HSTS) was designed to help secure websites (αυτές που χρησιμοποιούν HTTPS), δηλώνοντας στους web browsers ότι θα πρέπει να επικοινωνούν μόνο μέσω HTTPS με το διακομιστή για να προστατεύουν τις συνδέσεις από επιθέσεις υποβάθμισης και κλοπή cookies.
Mozilla supports HSTS in Firefox versions from 2014.
Ars Technica meanwhile was among the first to express concerns about the HSTS functionality in web browsers, as it allowed companies to implant supercookies into browsers using the same technology designed to improve end-user security.
As a matter of fact, you can check your browser in one by clicking here demo created by Sam Greenhalgh.
If you visit the site with a browser that supports HSTS, it will show you a unique ID that allows websites to monitor you.
Here we should mention that the problem is not only limited to the Firefox web browser but also to Google Chrome and other browsers that use the HSTS feature.
But let's see what Firefox does with HSTS.
The Mozilla Foundation browser saves the information from the HSTS feature in SiteSecurityServiceState.txt, a file that you find in the path
C: \ Users \ Configuration \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ 5f1kfxah.dev-edition-default
In the above path, select the user you have on your PC instead of the user. Also the name of the last folder can be changed.
If you open the file with a program processingIn plain text you will see a list of domain names, the prices associated with them, and an expiration date.
Let's now look at how you can avoid tracking from sites using supercookies.
Firefox also has a private browsing experience.
With normal browsing mode: HSTS is stored on your computer, from every page that serves supercookies. Private browsing mode: however deletes any HSTS information after the session.
Protection against HSTS tracking
1. You only use private browsing
Firefox will delete all HSTS information after closing the page. For now this is the best option to prevent watching by supercookie without risking your security.
To start Firefox in private browsing mode, use the three-button Ctrl-Shift-P combination.
2. Delete all data stored on your computer after each web browsing.
The second option is somewhat. Whenever you close your Firefox browser, you should remember to delete the data that the web pages save on your computer. So with all the others, the HSTS data stored in the file SiteSecurityServiceState.txt.
3. Remove the entries from the HSTS file manually
The HSTS file, SiteSecurityServiceState.txt. can be easily deleted using a simple editor text.
Make sure Firefox is closed before you can.
This method gives you complete control over the data stored on SiteSecurityServiceState.txt. but requires manual intervention regularly, which may make it inappropriate.
4. Make the SiteSecurityServiceState.txt file read-only
This is the most radical approach as Firefox will not be able to write new HSTS information.
To make the file "read only" right-click on the file and select Properties from the menu. Tick to read only and click OK to apply the change.
