 What if I told you that on your system there is a folder that contains all of your login information all of your Personal information that you've ever entered into the browser all of your browsing history all of your plugins everything like that and Someone could actually get that directory from you and install it on their system move it to their system and be logged into all of your stuff without ever having to enter a password an Email address any of that they would not even if have to know any of that stuff if they had that directory They could be logged into all of your stuff. That is scary, right? It's terrifying now I understand the purpose behind this and I actually like the functionality of it, but it is Very terrifying that this exists. So what am I talking about here? If you use a browser which pretty much everybody does almost every browser that I'm aware of for sure the ones based on Firefox and on Chromium They create a profile of some sort now these profiles can be stored in different places Depending on which browser you're using but for example, Mozilla creates a dot Mozilla slash Firefox slash something Profile for every user that uses the browser on your system and this Directory is the directory that I'm talking about if somebody managed to get that from you whether that's from hacking your computer or Sitting down at your computer, whatever if they managed to get that directory They could take that directory put it onto their computer install the browser And they'd be logged into anything that you were logged into at the time of them taking the directory So for example, say you were logged into YouTube if someone took your profile your profile directory from your dot Mozilla folder And put it on their computer. They would then be logged into YouTube. Just like you they'd have full access to your YouTube channel your Whatever your Gmail account because your chances are if you've logged into YouTube You're also logged into everything Google and they could do pretty much any damage They wanted to then it scares the pants off me now Obviously all of this danger that I'm talking about is predicated on someone actually Getting access to that directory and that means they're gonna have to have access to your home directory Which is not an easy thing to do chances are they'd either have to be like a super-duper hacker Or they'd have to have physical access to your machine, but that doesn't make it impossible, right? So this whole thing is just kind of worrying for me because here's how I figured it out And people have been doing this for ages like if you move to a different distro or you move to a different computer And you want to keep all of your Firefox stuff intact, you know open tabs history all that stuff Even on Mozilla's own forums. They tell you to move the profile directory. That's what they tell you to do The problem is is that if you do that it maintains all of the cookies that has been saved and downloaded to that Directory and it takes them with you that puts it on the new machine which maintains every login that you've Maintained through that browsing session So if you haven't logged out of YouTube or Google or Twitch or whatever your banking account Whatever, you know, whatever happens to be you'll still be logged in as you know As long as it was logged in when that directory was last saved now There are certain websites or whatever that have login timeouts So something like your bank would probably have logged you have logged you out, but things like Google They don't have any log, you know timeout for how long you're logged in I mean I'm obviously quite thankful that they don't because that'd be a pain in the ass to have to sign in every 45 minutes Google that would just be not a great experience The point I'm trying to make is that if they have access to this directory They're also probably logged into everything that you were logged into and that gives them access to all of your data In all those accounts. So what do you do about this? Well, the first thing you should do obviously is install a firewall Make sure you're using something like ufw uncomplicated firewall There are many different videos out there for you to be able to set this up I'll probably end up making one of those as well if you're interested in me doing the tutorial on your ufw Leave a like and a comment below after you've set up a firewall The next logical step is make sure nobody has access to your machine If you're using a desktop This is probably not a big deal because your desktop doesn't move if you're on a laptop make sure you encrypt your drive So if you when you install linux Hit the encrypt drive option in the installer so that your entire drive is encrypted with a very Complicated password as complicated as you can remember But that make that your password that way your entire drive is encrypted and nobody can get into your machine Unless they have that password don't rely on your laptop suspend functionality unless you are in a Environment where somebody else can't get to your machine So for example Don't just shut your laptop down and then take it to the coffee shop where you would be exposed to other people And could perhaps have someone get gain access to your machine because that would bypass the Encryption on your drive at least in that situation make sure that you have it set up in your desktop environment to Have a password to log you back in so for example KDE will allow you to set it so that when you have suspended your Session you have to enter a password in order to get back in I'm pretty sure you know has that option as well It might even do it by default So you just want to make sure that no matter what there has to be at least some level of password protection on your system And preferably two levels the encryption on the drive and the The password to get into the actual system using your user account and so on those are the two options that are the least Infringing on your ability to use your computer because they're actually really simple and you You should probably be doing both of those things anyway no matter what so just do those things and you'll be Much more secure than you probably are now and the other thing you could do Would be ensure that every time you walk away from your computer You're logged out of everything now obviously There would still be data there that could be taken should they get access to this directory But at least you wouldn't be logged into anything and that's really where the big danger lies because if they have access to a logged in account They have access to the account they can change the password You'll never get access to it again. They have all the data associated with it whether that's credit cards You know personal information addresses all that stuff, right? So by logging out every time you log away from walk away from an account You prevent that problem from happening People having access to a logged in account should they get access to this directory The problem with that of course is that it's a pain in the butt It means you have to sign in every single time and especially in this day and age where you should Absolutely be using two factor authentication on everything Having to log in every time you go to a google site or every time you go to facebook or whatever Can be a real tedious task And it's not necessarily something that everybody is willing to do So definitely do those first two things encrypt your drive if you're using a laptop Maybe even encrypt it if you're using a desktop too, but it's not as necessary and also make sure that you are Not allowing access to your desktop environment without a password after suspend So those are really important also the firewall thing The firewall will prevent any outside intrusion into your computer or at least make it much harder So those three things are definitely important if you can log out of everything after you're done with it You're probably going to be safer now. Some of this is just paranoia on my part. I perfectly Accept that criticism But it's not paranoid if they really are out to get you and this directory just scares me to death Because if somebody actually got access to it, they'd have access to Literally everything almost of everything that I do That really truly matters that would hurt me if somebody I had access to happens in the browser And there's this directory that has all that information in it Maybe not plain text, but it doesn't really matter that it's not plain text What matters is that they take this to another computer and just use firefox. They'd have access to everything You know, that's what is so scary. So And it's not just firefox. I should just make this very clear that I know for sure that brave does the exact same thing It's a different Directory and I don't think they call them profiles there. I don't I'm not sure about that I didn't use brave long enough to figure that out But I know for sure that if you take the brave software directory out of your dot config folder And put it on another computer in the same place install brave You'd be having the exact same problem I will say that when I did that with brave I didn't notice that most of the accounts required me to sign back in So for example when I went to youtube It would require me to enter my password and then go through the tooth factor authentication Firefox wasn't like that. I just did this today. I just hopped from endeavor to vinyl arch and I took my dot mozilla Directory put it on the new system Opened up firefox. I was logged into Facebook I was logged into youtube I was logged into All the stuff and it didn't require any password any two factor authentication It was just there and while that was very convenient for me Because I didn't have to sign into anything again. It's still very scary So protect yourself as much as you can on the internet is what I'm trying to The point of the video You know, I I want to make sure that people are at least aware that this is something that can possibly be A source of weakness for them and if you can take some steps to prevent it from being a weakness You'll be better off So that is it for this video if you have comments on this You can leave those in the comment section below make sure you like comment and subscribe all that stuff I really do appreciate it. We're getting very close to 10,000 subscribers. So everybody who has subscribed. Thank you You can follow me on twitter at linuxcast. You can support me on patreon at patreon.com slash linuxcast before I go I'd like to take them on to thank my current patrons Today devon patrick. I'll make linds x and i can tool steve a seborger linux gear Mitchell art center carbonated jammy shon odin martin e Andy merrick camp drashley j dog peter a crucible dark men and six flat a and primus Thanks everybody for watching. I'll see you next time