Well, let me answer one part of your broader question first: how to do it. My immediate experience is on Linux, but you said that answers on any platform were welcome, so here goes. If you were on Linux, you could probably require root access to access your cookies in any way other than (in principle) deleting them. The general procedure would look like this:
- Change the permissions of the file so that other users can't read it.
chmod 600 <file>
should work as the right mode for this.
- Test to make sure that your browser doesn't clobber those permissions accidentally.
- Create a new user account for your browser. Let's call it
foxy
for argument's sake.
- Change the ownership of the browser's cookies file to
foxy
, as well as anything else which the browser may need to write to. (Really everything in the browser's user directory could in principle be affected.)
- Test to make sure that your browser still knows where its cookies are stored when being run as
foxy
. If necessary, give foxy
a home directory exclusively for such things.
- Use
visudo
to give yourself permission, but only when running your browser, to change users to foxy
The line in the sudoers file would look something like <your user name> ALL = (foxy) NOPASSWD: /usr/bin/firefox
. This would guarantee that you only have permission to run this one particular program as user foxy
.
- Write a shell script which runs your browser with the given user name, so that you can refit the .desktop files of the links you use to open the browser. Let's say you put it at
/usr/local/bin/browse
; it might simply contains (after the hash-bang line) sudo -u foxy /usr/bin/firefox
or so.
The part that Linux does really well is in these sorts of extra options. I don't know much about Windows 7, but I would be somewhat surprised if it could do the same thing -- if it had a substitute-user system which could restrict the user which you substitute as based on the executable name. (Notice that if I just give myself arbitrary permission to substitute as foxy
, this will not stop a dedicated attacker; they will just substitute an arbitrary command to read out the cookies as foxy
.
Now let me explain why perhaps this is the wrong question. Gmail happens to have nice options that force you to only send your cookies over TLS/SSL (secured browsing connections). Most login-based services don't. This means that your cookies are in principle viewable to the entire Internet infrastructure. Surprisingly, that infrastructure has proven quite passive and generally will not attack you except perhaps to censor you, although there are parts of the Internet like Tor where this rule breaks completely.
However, it is still an issue when, say, you're using someone else's WiFi connection. They can "hear" everything which you send which is not TLS, and you have no way of stopping them without, say, using a secure proxying scheme to get through. (Like Tor! ...whoops.) It's not just the wireless security which I'm talking about (though if they're not using proper encryption, your cookies might also be in danger from anyone who has a laptop in the same room as you). It's the establishment itself. Perhaps your hotel desk clerk happens to be technologically savvy and wants to eavesdrop on Internet traffic at the hotel he works at; how do you stop him?
You could also solve this in Linux, but it requires shelling out a little cash to someone to buy what's called an SSH tunnel server. It's a remote proxy which you control which has (hopefully) a safer Internet connection than your day-to-day wireless voyages; you connect to it through an encrypted connection. It still depends on the rest of the Internet to be secure, but your immediate surroundings can be insecure. By setting up a ~/.ssh/authorized_keys
file on that server you can get the tunnel to work without providing a password, though you might want to (or have to) set up a shell script to add this to firefox by default, as before.
Best Answer
Make sure your graphics card isn't overheating. You can use speccy to check the temperature. Make sure all the fans are spinning in your computer and that none of them are clogged with dust. A steady increase in the number of black boxes after startup might be explained by a steady increase in heat that isn't being blown away.