A poster on one of the other boards I visit is trying to design a secure site for victims of domestic violence.
The concern is that evidence of visits to such a site (either in the browser history, or cached files etc) could provoke further incidents of violence.
Is there a way of automatically “cleaning” browser history settings without the need for a download?
I’ve pasted the full problem below - would appreciate any thoughts…
Rob S.
Cambridge, UK
Hi I am designing a site for a domestic violence organisation and have an issue that needs fixing or developing. I have never seen what I’m am proposing used before.
As the user is most likely to be suffering from domestic violence they may only be able to access the computer for a shot amount of time. As you know browsers leave a history of the sites visited, data and images. These images, data etc need to be deleted from the pc so there is no trace of the site visit.
The scenario is that a person is being abused and not in control of the house hold and pc. The abuser is in control of the pc and knows what is on there. (They are not a professional). But the abuser will know what has been accessed and if they find a site about domestic violence in the cache, they may use this as reason for making another attack.
Now the easy option is to leave instructions for the user on how to do so. (This will be done) But time consuming.
Also links to spywear and history deletion programs are also an option. But not the best as they will have to be installed and that aging leaves a problem of pc usage. As new programs will be noticed etc………
**3. But what I would like is a link within the site which deletes all the files and history of the site? The files can be arranged so they all have the same prefix which will make it easier to delete in the first instance and maybe this function. **
Is this possible? Can you do it? That’s the challenge.
As this is a site for general users this will have to work on all browser platforms and both pc and mac compauters.
This is not as straightforward as adding a link with some magic stuff, and I’m not even sure it’s possible at all. One chance might be to write a Java applet to do it, but then that requires the user to grant permission for a download if you want it to have permission to write to the local disk (IIRC; I am not an applet guy). This might in turn suggest you would need a signed applet, implying that you might want a digital cert. Also, it would probably wipe the entire cache, not just selected pages. The applet would have to be rather intelligent to know how to deal with all possible (or even the most popular) browsers.
Alternatively, here are instructions to request that the browser not cache the page in your HTML, which might solve your problem without any action by the user. I do not know if this also implies that graphics are not cached. Also, be aware that although this kind of thing usually works on most browsers, it is not foolproof.
I think that the browser cache is the least of your worries. It takes some work to look through the caches. The real problem is the browser history. That is easy to look through. I would think that the ability of a random website to take control of what my browser stores would be a huge security hole. So maybe it is easy to do with IE ;).
Apple’s Safari browser has a “private browsing” mode that disables the recording of user actions and data. It has to be explicitly turned on by the user. It was designed for use on shared computers.
Firefox has a “sanitize” button (Preferences->Privacy->Clear All).
It takes a few more button presses to clear these things in IE. 3 I believe. 1 to clear cookies (which are easy to look through in most browsers). 1 to clear the temporary files and 1 to clear history. I don’t think that this is quite what the OP wants. I think people will notice that the history has been erased and the cookies are gone. I would notice these things because I would have to login to a large number of web sites that I normally don’t need to log into.
If the user’s PC is connected to a cable modem router, you’ve got the connection log to worry about also, and no amount of HTML or Java will get rid of that record of sites visited.
The other thing to consider is that this is aimed at non-technical users… for the most part frightened women who may only have 5-10 mins at the PC, and will need to log off quickly should an abusive partner return.
This is why it’d be good to have something “server side”, as it were, rather than requiring the user to clear things manually.
Thanks for the tips so far tho - any progress is good.
There is something called Portable Firefox that can run entirely self-contained off a USB “flash drive” - this will prevent any files or browsing history from appearing on the computer.
Only significant problems are that the user needs to be able to plug the thing into a USB port and the cost of the USB drives.
One possible thing that would be easy to implement would be file-naming conventions that hide the fact that said file comes from a battered women’s site.
For example, the site itself could be called something innocuous like bargains4U-dot-com, internatl-cuisine-dot-com or whatever.
Additionally – any cookies or graphics coming from the site need to have innocuous names. JPEGs, GIFs or whatever need to have numerical names so that it just looks like gibberish in the Temporary Internet Files folders.
The idea is that even if tracks are left, the tracks are innocuous. I’m not sure how much they’d help if the abusive husband was tech savvy and was really determined to open every graphic and track down every URL in the Temporary Internet Files folders.
Also, would it makes sense for the battered-women’s site to make itself available only through a proxy of some kind? Does anyone remember how SafeWeb.com used to work? My recall was that SafeWeb could be used to surf without leaving any tracks except for those pointing to SafeWeb.com (I peresume?).
Something else that just came to mind might be to set up the site to use SSL (eg: https) so the text would be encrypted and not cached. You’d have to settle for either no graphics, or to use menu graphics off of some innocuously-named site you’re partnered with.
So Firefox- or Safari- specific solutions are no help.
The best I can think of is use innocuous domain names for the website, as has been suggested, and send a ‘no-cache’ directive from the server ( http://support.microsoft.com/kb/q222064/ ) as well as setting the content to expire immediately - the way you do this will depend on which web server software is being used.
bordelond’s ideas were what I had in the back of my mind… if an abusive partner is determined enough they’ll find evidence, but the type of thing that’s most likely is:
Husband wants to find BBQ recipes, so goes to Google and as soon as he types “b” into the seach field it lists “Battered Women’s Refuge”
So if it said “Bristol Hedgehog Sanctuary” instead, that might well be enough in the majority of cases to sort it.
It’s also a good point that a completely clear browser history / cache etc might suggest that there’s something to hide - but I imagine that “targeted” clearances will be even trickier.
Most anonymous proxies work the other direction. They’re designed so the website can gather no information about the user except for the address of the proxy. If you proxy the other direction (hide the website behind a proxy), you’re basically doing what bordelond suggested, hiding the address of the website visited but the content of that site would still be in cache and anyone following the history would see the same pages.
There are some Javascript tricks that let you look at the history but I believe they’re read only. In general, any manipulation of the history or cache by the website being visited would be considered a Bad Thing and labeled a security exploit against the browser. While the OP’s intentions are honorable, the same techniques could be used by other websites to wreak havoc (well, minor annoying havoc).
I don’t have any experience with abusive people, but if I were one, I’d consider an empty cache and history list to be as damning as a cache/history full of incriminating links. If the abuser is going to be checking that deeply, there really is no solution except recommending that the users not view the site from their home computer. There may be a more elegant solution I’m missing, but it would have to be extremely reliable and supported across all platforms/browsers to make it useful in this situation, and even minimal experience with web design should show that trusting the client-side browser to implement or support any given function is a hit or miss proposition. The downside of a javascript mouseover or flash movie not working is minimal, but a failure of this particular feature could have dire consequences.
I just thought of another issue. If the home computer is running a desktop search engine like Google Desktop Search or one of the others, the husband could easily stumbled upon the “taboo” content through a search. (e.g. he looks for something to do with ‘crime’…)
The best bet would be a simple, text-only website with an innocuous name that tells the reader to “write down the following URL and visit it from an Internet cafe; do not visit it from your home computer!”