12

I updated to Firefox 40 today, and I see a neat new message in my Firebug console:

Found hi-entropy localStorage: 561.0263282209031  bits http://localhost:8080/my_app_path itemName

...where itemName is the name of a particular item I've stuck in localStorage.

The referenced line number is always unhelpful: the last one of the main HTML document (it is a single-page app).

Why does this happen? If you'd like an example of my "hi-entropy localStorage", here are the data in question:

Object {
 id: "c9796c88-8d22-4d33-9d13-dcfdf4bc879a",
 userId: 348,
 userName: "admin"
}
approxiblue
  • 6,982
  • 16
  • 51
  • 59
Lambart
  • 1,985
  • 2
  • 21
  • 37
  • 3
    Do you have Privacy Badger installed by any chance? – approxiblue Aug 13 '15 at 01:48
  • Hmmm, yes. In fact, that was my first thought based on the message, so I disabled it for the site in question. I guess it's time to disable it entirely and see if that fixes the problem. If it does, then Privacy Badger certainly isn't playing very nice--it's not disabling for a site when asked, and it's also not identifying itself in the message. Time to restart the browser, I'll be back in a few minutes. – Lambart Aug 13 '15 at 16:58
  • So I learned two things today: a) Privacy Badger doesn't respect its settings properly, and b) There is at least one Firefox addon you can (apparently) disable without restarting the browser--because that seemed to work. – Lambart Aug 13 '15 at 17:11
  • Also annoying: Privacy Badger throws cryptic messages at the console without identifying itself as their source. Thanks @user880772 -- if you post an answer I'll give you credit. – Lambart Aug 13 '15 at 17:13

2 Answers2

22

Your browser has the Privacy Badger plugin (1.0), which can detect some types of super-cookies and browser fingerprinting. It identified your local storage item as a false positive and produced those cryptic logs.

A high-entropy string can be vaguely defined as complicated, hard to guess/repeat, or likely to contain meaningful information. If there's such a string in your local storage (in your example, the item id), it's possible that advertisers put it there to uniquely identify you. Privacy Badger has rough methods to estimate a string's entropy, which the developers discuss here.

You should check out the paper The Web never forgets: Persistent tracking mechanisms in the wild, particularly the section on cookie-syncing:

Cookie synchronization or cookie syncing is the practice of tracker domains passing pseudonymous IDs associated with a given user, typically stored in cookies, amongst each other.

approxiblue
  • 6,982
  • 16
  • 51
  • 59
  • Thank you! That's an excellent, clear, concise explanation. I think Privacy Badger needs more people talking about it. I also wish the devs would prefix their log messages--and make sure 'disabled' actually means 'disabled' for any particular domain (including localhost!). :) – Lambart Aug 16 '15 at 21:50
-1

I guess is a stranded value. I disabled a script from zopim chat and this started to show. looking for what entropy means I found this explanation "(in data transmission and information theory) a measure of the loss of information in a transmitted signal or message. " which make sense.

You can see what is in Local Storage by opening Developer tools (Ctrl+Shift+S) and enable Local Storage panel by pressing Toolbox option in the right side of the menu bar. To delete the value in question, just follow the steps from here How to view/delete local storage in Firefox?

Community
  • 1
  • 1
Scarpelius
  • 75
  • 1
  • 9
  • 1
    Thanks for the answer, but I understand what entropy is and (as mentioned in the question, and evidenced by my included `Object`, I know how to manage `localStorage`). It's just a new message that only appeared when I upgraded Firefox, though it's possible it's coming from some add-on (though I hadn't installed anything new). – Lambart Aug 12 '15 at 20:38
  • I guess I was wrong about not having installed a new add-on. I had recently installed Privacy Badger (see accepted answer) but didn't notice it until the day Firefox 40 arrived, and disabling Privacy Badger (telling it to ignore localhost) was not working. – Lambart Aug 16 '15 at 21:51