PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   Windows 7 Forum (http://www.pcbanter.net/forumdisplay.php?f=48)
-   -   For Windows experts only: How to find the unique Opera device_id associated with my setup? (http://www.pcbanter.net/showthread.php?t=1102605)

Chaya Eve December 27th 17 03:38 PM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
How to find the unique Opera device_id associated with my specific setup?

This is a Windows question - for Windows experts only - the question has
absolutely nothing (per se) to do with Opera browsers or web proxies or
even vpn and security.

It's a Windows question for Windows experts only: '
How to find the unique Opera device_id associated with my specific setup?

This question can only be answered by a Windows expert.
Anyone, like I am, who is not a Windows expert, will never answer it.

I'm not at all sophisticated so maybe it's impossible for Windows users to
find their unique device-id, but I would like to ask if there any Windows
experts on this newsgroup who can conceive of a good way on Windows to find
the unique Opera browser "device-id"?

I tried Wireshark and Telerik Fiddler, but the amount of data is
overwhelming so I need to better filter out to see what's being
transmitted.

Assuming I'm not the only person on the planet who asks this question, I
tried looking it up but the question has never been asked before, to my
knowledge - hence there are no answers to this specific question on the
net. (Or if it has been asked, I can't find the answer.)

For example the unique-to-the-user opera ID is explained, but not how to
identify your own particular unique id.
https://www.helpnetsecurity.com/2016...ser-vpn-proxy/

I do realize that many non expert people will try to talk me out of a
proxy, but that's not the question in the least. (If I wanted to be talked
out of a proxy, I wouldn't be asking this basic question seeking a Windows
expert who knows how to find a unique device_id.)

Ghacks says the unique device-id is the "same ID that Opera has been using
for a long time" so it should be known by Windows experts how to find it:
https://www.ghacks.net/2016/04/26/a-...s-browser-vpn/

Perfect Privacy says the "device_id is sent to the proxy for every browsing
request and will remain permantly tied to the browser."
https://www.perfect-privacy.com/blog...-not-real-vpn/

I've scoured the net for a Windows-expert method to identify the exact
device-id used. I can't find a method.

This is not a proxy question - nor even a browser question - nor even a
security question - it's simply a Windows question for Windows experts
only:

How to find the unique Opera device_id associated with my exact setup?

Chaya Eve December 28th 17 01:22 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Wed, 27 Dec 2017 15:53:27 -0600, VanguardLH wrote:

find the unique Opera browser "device-id"?


Are you using the app-specified pseudo-VPN incorporated into Opera?


Thank you for looking into this problem, whose answer will benefit all.
Yes. Everything is stock.

The only thing I do differently from most people is my start page is set to
the following (and everything is checked):
opera://settings/clearBrowserData

That is when the device ID gets used (when connecting to SurfEasy VPN
server, owned by Opera).


My understanding is similar in that the local browser requests and receives
a "semi-permanent" new device_id the *first* time you connect to the
SurfEasy VPN.

From what I read (using a simple Google search, no super-wizard
expertise required), you can clear the device ID but a new one gets
created (when you next connect to their VPN server): Opera menu - More
tools - Clear browsing data - Third party services data.


It's my understanding, from the descriptions, that if you clear the browser
settings, the unique device_id is reset the next time you connect to VPN.

Since I'm not sure whether that works differently when the enable-vpn
button is checked, I generally uncheck the enable-vpn button before
clearing the "third party services data".

If you look, there are probably extensions that include purging
this local data.


Every once in a while I wipe out the two locations in the User hierarchy:
C:\Users\whoami\AppData\Local\Opera Software\
C:\Users\whoami\AppData\Roaming\Opera Software\
But I don't know whether the device_id is kept in any of those files.

You don't need the unique/device ID sent in the encrypted traffic only when
connecting to Opera's SurfEasy VPN server. You can change it anytime.


Other than when I am clearing the device_id, I keep the SurfEasy proxy on
all the time.

https://www.surfeasy.com/privacy_policy/
"For the VPN in Opera Browser for Desktop, we create a subscriber ID
(generated in sequential order across all subscribers) that allows us to
manage that user on our system. If that user clears their browser
cache/history, they+IBk-re assigned a new generated subscriber ID."


I have never been sure if the "subscriber ID" is the same or different from
the "device_id". Do you think they're the same thing? Or different?

I'm not on Linux but I think you are (are you?) where they have a file in
~/.config/opera called "Local State" which has two fields at the top, which
are called: uid and credentials

According to archived reports from Marek Novotny on the net, "uid appears
to stay constant as does credentials. If I clear history but do not clear
the VPN, then uid and credentials both remain constant. If I clear vpn then
uid stays constant, but credentials is wiped out. Upon a new vpn
connection, credentials returns and with a new credential.

This appears to mimic the actions described in the privacy policy."

But that "Local State" file does not appear in that location on Windows so
I am unable to confirm whether that works to just wipe out the file.

In Windows, there is C:\Users\whoami\AppData\Local\Opera Software\
..\Cache\
..\Certificate Revocation Info\
..\Media Cache\

Each of which seems to have the following files with the same timestamp:
..\data_0
..\data_1
..\data_2
..\data_3
..\index

It may be that the device_id (or subscriber id) is in these files but they
are scrambled eggs inside a Windows text editor.

Opera has their own newsgroups where your inquiry would be on-topic.
Probably opera.general is a good place to start.


I didn't realize that there was an opera newsgroup. There is also
opera.tech now that I look.

I tried Wireshark and Telerik Fiddler, but the amount of data is
overwhelming so I need to better filter out to see what's being
transmitted.


Since the traffic is encrypted, you won't be able to read it when
intercepting the web traffic from that web browser.


Thanks for explaining why both Wireshark and Fiddler4 didn't seem to show
the device_id being passed back and forth.

The information I was looking for was this, but I never found it with
Wireshark or Fiddler4 on Windows:
When the Opera browser with enabled VPN loads a page, it sends
many requests to de0.opera-proxy.net with a Proxy-Authorization
request header.
The Proxy-Authorization header decoded:
CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE 67
4A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D8 6A3

What I noted above was found in a Google search on "opera web browser
device id".


I think our search results match, which is that nobody has ever asked this
question of how to obtain our unique device_id in our traffic with the
Opera SurfEasy servers.

Hence, the specific answer doesn't exist on the net except in generalities.

Well, until you purge the local browsing data to force a newly generated
device ID *when* you next connect to their SurfEasy VPN server.


I just want to check the efficacy of my "purging process" where I'd like to
see "device_id=xxx" in my traffic before the purge, and "device_id=yyy" in
my traffic after the purge.

Nobody has ever checked that, to my knowledge, on the net.
But shouldn't it be possible on Windows?

I've scoured the net for a Windows-expert method to identify the exact
device-id used. I can't find a method.


Since it can be cleared and a new one generated, what's the point of
knowing an old one?


See above.

Mainly I want to know if my purging worked.
Also we're both hazarding a *lot* of *assumptions* that the device_id is
actually cleared.
And, we're not clarifying whether it's cleared if you clear third-party
cookies with or without the VPN button checked.

In general, it's a bad idea to make so many cascaded assumptions without
the ability to check any of them.

Hence, if I could 'see' the device_id (even in encrypted form), I could
tell if it's *different* after running the above clearing actions.

I could also simplify the clearing process to only one step instead of four
steps, which would make clearing the device_id easier and safer for
everyone.

The device ID is unique to your instance of the Opera web browser (only
for the desktop version) and can be changed. It allows use of their
SurfEasy VPN server only by their web client. They probably don't want
to release details of how the ID is generated to prevent non-Opera web
clients from using/abusing their VPN server.


I agree with you that there is zero specific information on how to "see"
the device_id being transmitted between you and the SurfEasy server.

What's surprising is that everyone is taking this on pure trust based on
very loose wording in the privacy policy.

I just want to *see* the device_id.
That's why this isn't really an opera question. Or a proxy question.
Or even a security question.

It's simply a Windows networking question.

You could try an HTTPS MITM (man-in-the-middle) attack using a local
self-signed certificate to see if you could then dig out the unique ID
the Opera web client happened to generate (after it got past your local
MITM proxy and connected to their SurfEasy VPN server).


I don't know how to do that.

Here is an example of an archived key (unique ID) found at
http://deb.opera.com/archive.key:


That's beyond my comprehension level.

In the end, maybe it's just that pulling the unique device_id out of our
initial (and subsequent) communications with SurfEasy might be impossible
for a Windows user?

I hope not.

It seemed to me it should be this simple (but I don't hear that from you).
1. You turn on a network sniffer and capture the desired port traffic
2. You connect for the first time to the SurfEasy VPN
3. It hands you back a device_id (or subscriber_id)?
4. You disconnect and reconnect to the SurfEasy server.
5. You capture that device_id being handed *to* the SurfEasy server.

Would it take extreme Windows skills for us to be able to do that?

Bob_S[_2_] December 28th 17 01:57 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 


"Chaya Eve" wrote in message ...

How to find the unique Opera device_id associated with my specific setup?

This is a Windows question - for Windows experts only - the question has
absolutely nothing (per se) to do with Opera browsers or web proxies or
even vpn and security.

It's a Windows question for Windows experts only: '
How to find the unique Opera device_id associated with my specific setup?

This question can only be answered by a Windows expert.
Anyone, like I am, who is not a Windows expert, will never answer it.

I'm not at all sophisticated so maybe it's impossible for Windows users to
find their unique device-id, but I would like to ask if there any Windows
experts on this newsgroup who can conceive of a good way on Windows to find
the unique Opera browser "device-id"?

I tried Wireshark and Telerik Fiddler, but the amount of data is
overwhelming so I need to better filter out to see what's being
transmitted.

Assuming I'm not the only person on the planet who asks this question, I
tried looking it up but the question has never been asked before, to my
knowledge - hence there are no answers to this specific question on the
net. (Or if it has been asked, I can't find the answer.)

For example the unique-to-the-user opera ID is explained, but not how to
identify your own particular unique id.
https://www.helpnetsecurity.com/2016...ser-vpn-proxy/

I do realize that many non expert people will try to talk me out of a
proxy, but that's not the question in the least. (If I wanted to be talked
out of a proxy, I wouldn't be asking this basic question seeking a Windows
expert who knows how to find a unique device_id.)

Ghacks says the unique device-id is the "same ID that Opera has been using
for a long time" so it should be known by Windows experts how to find it:
https://www.ghacks.net/2016/04/26/a-...s-browser-vpn/

Perfect Privacy says the "device_id is sent to the proxy for every browsing
request and will remain permantly tied to the browser."
https://www.perfect-privacy.com/blog...-not-real-vpn/

I've scoured the net for a Windows-expert method to identify the exact
device-id used. I can't find a method.

This is not a proxy question - nor even a browser question - nor even a
security question - it's simply a Windows question for Windows experts
only:

How to find the unique Opera device_id associated with my exact setup?


This may be of some value:

https://panopticlick.eff.org/

Run it then read about the "Show full results for fingerprinting" that
provides some details for you to consider on how Opera may make up their
unique device_id on your system. Think cookies as you're reading the
results.

Now - why does one have to be a Windows Expert to reply to your question?
If you perhaps provided some clues as to why you need this (spoofing for
instance) someone may be able to help you. If your Windows Expert request
is to minimize replies - well done! Only mine so far.

Bob S.



Chaya Eve December 28th 17 05:27 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Wed, 27 Dec 2017 19:57:44 -0500, Bob_S wrote:

Now - why does one have to be a Windows Expert to reply to your question?
If you perhaps provided some clues as to why you need this (spoofing for
instance) someone may be able to help you. If your Windows Expert request
is to minimize replies - well done! Only mine so far.


The point of the Windows expert was to keep people on topic because I know
before I asked that almost nobody knows enough about Windows networking to
actually answer the question (least of all me).

So almost every answer, save that of Vanguard's current answer, will be off
topic - because the topic is far too difficult to answer for almost all
people in this ng, unless they actually *are* Windows (networking) experts.

Given only one in a thousand people know Windows networking well enough to
answer the question - I doubt we'll ever get the answer - because one to
none of those Windows experts are on this newsgroup most likely.

Bob_S[_2_] December 29th 17 01:35 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 


"Chaya Eve" wrote in message ...

On Wed, 27 Dec 2017 19:57:44 -0500, Bob_S wrote:

Now - why does one have to be a Windows Expert to reply to your question?
If you perhaps provided some clues as to why you need this (spoofing for
instance) someone may be able to help you. If your Windows Expert request
is to minimize replies - well done! Only mine so far.


The point of the Windows expert was to keep people on topic because I know
before I asked that almost nobody knows enough about Windows networking to
actually answer the question (least of all me).

So almost every answer, save that of Vanguard's current answer, will be off
topic - because the topic is far too difficult to answer for almost all
people in this ng, unless they actually *are* Windows (networking) experts.

Given only one in a thousand people know Windows networking well enough to
answer the question - I doubt we'll ever get the answer - because one to
none of those Windows experts are on this newsgroup most likely.

Chaya,

From my point of view after doing some brief research on behalf of your
inquiry, it is not totally a Windows issue but instead an Opera issue and
you should be looking for an Opera or even perhaps a Chrome knowledgeable
individual since it's based on Chrome. It's associated with Windows because
you are using the Opera browser within the windows operating environment and
the storage location for Opera's cookies, files and extensions is not
totally dictated by Windows.

If you read the reference site I included in my first post, it does offer
some possible clues with the one that may be worth considering and
researching further and that is Opera may be using a "Super Cookie" (ref:
https://www.techopedia.com/definitio...0/super-cookie)

If they do use a super cookie, I seriously doubt it will be easy to find but
with enough persistence and research - you may get lucky. Then you need to
know what you're looking at.

But even looking at standard cookies may be what you want. If you do happen
to find a cookie with an abbreviation like MUID (machine unique id) embedded
in it as Bing does - that may be what you are looking for. I doubt Opera
stores them in the same location as IE and from what I've read in some old
posts - you could try looking in %appdata%\Opera\Opera\cookies4.dat and
there is supposedly a direct toolbar link in Opera to the "Storage" section
where cookies are stored.

This is an old reference but contains Opera specific data format
explanations:
http://www.opera.com/docs/operafiles/#cookies

It has a lot of info but scroll down to "Cookie file formats" near the
bottom.

Again, have no idea of what you are trying to do but good luck.

Bob S.


Chaya Eve December 29th 17 02:37 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Thu, 28 Dec 2017 19:35:14 -0500, Bob_S wrote:

From my point of view after doing some brief research on behalf of your
inquiry, it is not totally a Windows issue but instead an Opera issue and
you should be looking for an Opera or even perhaps a Chrome knowledgeable
individual since it's based on Chrome.


I appreciate your advice as I'm sure this has never been asked before.
Certainly it has never been answered. So the chance of us solving the
problem is nearly zero - but there's a chance nonetheless.

The device_id, AFAIK, is generated by SurfEasy, not by Chrome.
The sequential subscriber-id, AFAIK, is generated by Opera, not by Chrome.
Hence, IMHO, it's not a Chrome issue.

It's a Windows issue to capture it.
It's also an Opera issue - but we'll never get the answer from the Opera
newsgroup as there's virtually zero traffic on that ng.

It's associated with Windows because
you are using the Opera browser within the windows operating environment and
the storage location for Opera's cookies, files and extensions is not
totally dictated by Windows.


If I was on Linux, I'd be asking the Linux users what Linux tools will
capture the device_id & subscriber-id as it is passed back and forth
through the networking protocols.

As it is, I'm on Windows - so that's why I ask Windows experts how to
capture a datum that is passed from the browser to the network & back.

If you read the reference site I included in my first post, it does offer
some possible clues with the one that may be worth considering and
researching further and that is Opera may be using a "Super Cookie" (ref:
https://www.techopedia.com/definitio...0/super-cookie)


The "super cookie" is a red herring because it still has to be stored
somewhere on Windows and it has to be passed back and forth by Windows.

If they do use a super cookie, I seriously doubt it will be easy to find but
with enough persistence and research - you may get lucky. Then you need to
know what you're looking at.


Exactly. I have to know the size of the datum, and when it's passed back
and forth. I tried Wireshark and Fiddler4 but both provide too much
extraneous data to catch the sequential subscriber-id and the user-specific
device_id.

But even looking at standard cookies may be what you want. If you do happen
to find a cookie with an abbreviation like MUID (machine unique id) embedded
in it as Bing does - that may be what you are looking for. I doubt Opera
stores them in the same location as IE and from what I've read in some old
posts - you could try looking in %appdata%\Opera\Opera\cookies4.dat and
there is supposedly a direct toolbar link in Opera to the "Storage" section
where cookies are stored.

This is an old reference but contains Opera specific data format
explanations:
http://www.opera.com/docs/operafiles/#cookies

It has a lot of info but scroll down to "Cookie file formats" near the
bottom.

Again, have no idea of what you are trying to do but good luck.


I appreciate the advice as I realize nobody has ever asked this before and
nobody knows the answer and Opera isn't telling and neither is SurfEasy.

So I never once thought it would be easy.
But maybe ... just maybe ... we'll get lucky and catch it somehow in a
network sniffer... that's what I'm hoping.

The Opera site generates a sequential subscriber-id which is then passed to
SurfEasy who generates the unique device_id (or so I understand) so both of
those have to be passed back and forth and stored somewhere.

Diesel December 29th 17 06:53 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
Chaya Eve
Thu, 28 Dec 2017 04:27:23 GMT in
alt.windows7.general, wrote:

On Wed, 27 Dec 2017 19:57:44 -0500, Bob_S wrote:

Now - why does one have to be a Windows Expert to reply to your
question? If you perhaps provided some clues as to why you need
this (spoofing for instance) someone may be able to help you. If
your Windows Expert request is to minimize replies - well done!
Only mine so far.


The point of the Windows expert was to keep people on topic
because I know before I asked that almost nobody knows enough
about Windows networking to actually answer the question (least of
all me).

So almost every answer, save that of Vanguard's current answer,
will be off topic - because the topic is far too difficult to
answer for almost all people in this ng, unless they actually
*are* Windows (networking) experts.

Given only one in a thousand people know Windows networking well
enough to answer the question - I doubt we'll ever get the answer
- because one to none of those Windows experts are on this
newsgroup most likely.


Are you smoking something, drinking something or snorting something
you probably shouldn't be? What does Windows Networking have to do
with your browser creating a unique ID to use with a proxy? Why in
the world would you think you could sniff it with wireshark when it's
most likely going to be an encrypted transmission? You seem to be a
bit more than lost here...



--
Please visit our moderators personal page:
https://tekrider.net/pages/david-brooks-stalker.php
Now for a cheeky message from our sponsors:
Guess it's time for Plan B, huh?

Chaya Eve December 29th 17 04:30 PM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Fri, 29 Dec 2017 05:53:28 -0000 (UTC), Diesel wrote:

Are you smoking something, drinking something or snorting something
you probably shouldn't be?


Why do some people simply assume that if you lock your door when you leave
the house, that you're hiding something illegal inside?

What does Windows Networking have to do
with your browser creating a unique ID to use with a proxy?


Asking that is like asking:
"What does a warm coat have to do with winter weather?"

Why in
the world would you think you could sniff it with wireshark when it's
most likely going to be an encrypted transmission?


That's like asking:
"Why in the world would you think that a warm coat will change the winter
weather when it's most likely to be the weather that is making you cold?"

You seem to be a bit more than lost here...


What you call "lost" is that I'm asking a question that not only has never
been asked before, but that only a Windows expert could answer.

Char Jackson December 29th 17 07:31 PM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Fri, 29 Dec 2017 15:30:01 +0000 (UTC), Chaya Eve
wrote:

On Fri, 29 Dec 2017 05:53:28 -0000 (UTC), Diesel wrote:

Are you smoking something, drinking something or snorting something
you probably shouldn't be?


Why do some people simply assume that if you lock your door when you leave
the house, that you're hiding something illegal inside?


Most people lock their door, but I don't know many people who take all
of the steps that you take. That's probably what Diesel was getting at.

What does Windows Networking have to do
with your browser creating a unique ID to use with a proxy?


Asking that is like asking:
"What does a warm coat have to do with winter weather?"


I thought it was a valid question. "Windows Networking" isn't
responsible for creating or storing either of the unique IDs in
question, and by the time they're being transported, the session is
encrypted.

Why in
the world would you think you could sniff it with wireshark when it's
most likely going to be an encrypted transmission?


That's like asking:
"Why in the world would you think that a warm coat will change the winter
weather when it's most likely to be the weather that is making you cold?"


Same as above. I think he's asking a valid question.

You seem to be a bit more than lost here...


What you call "lost" is that I'm asking a question that not only has never
been asked before, but that only a Windows expert could answer.


Essentially, what you're asking is:
1. What are the two unique IDs and where are they stored?
2. Can they be manipulated to gain more privacy?

For #2, it's difficult because they are in an encrypted session. You
don't have the right certificate that would allow you to decrypt the
session to see the values. I'm specifically referring to the one that's
supposedly generated on the fly by the Surfeasy site. The behavior of
that ID is similar to a session cookie in that it's generated by the
server on the first request, then sent to the client with the
expectation that the client will return it on each subsequent request.
It's stored in memory, but likely not on disk.

For #1, you might have seen examples back in July/August when you were
asking the same questions in alt.os.linux.


Chaya Eve December 29th 17 10:34 PM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Fri, 29 Dec 2017 12:31:14 -0600, Char Jackson wrote:

Most people lock their door, but I don't know many people who take all
of the steps that you take. That's probably what Diesel was getting at.


Let's try to stay on topic, which is to first try to understand *what*
Opera actually does - and then - once we understand that - then we can see
if anyone here knows Windows well enough to figure out how to capture it.

I thought it was a valid question. "Windows Networking" isn't
responsible for creating or storing either of the unique IDs in
question, and by the time they're being transported, the session is
encrypted.


Your point about Windows isn't valid but your point about encryption is
valid. Windows should be able to capture anything that emanates from our
computers. If we can't capture what emanates from our computers, we're
essentially driving them blind.

As for encryption, yes, it may be encrypted - but - we know where it goes,
as it goes to de0.opera-proxy.net. And we know that it is preceded by
the following Proxy-Authorization request header.
* CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE 67
* 4A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D8 6A3

The point is that we are all ignorant, in that we are driving our Windows
computers with a blindfold on - and where all I'm asking is for advice from
people who know how to drive Windows better than I do - for how to remove
the blindfolds.

Same as above. I think he's asking a valid question.


What's a perfectly valid question is *what* does Opera actually do when you
run it on Windows, where, most people here are clueless, as am I.

What Opera does is like "winter". It does what it does. All I'm asking is
if anyone knows winter well enough to suggest a warm coat.

For example, trying to keep on topic even though I probably won't learn
anything from you - not because you can't help - but because you know even
less than I do about the problem set - we can at least *clear* the
sequential subscriber-id and the unique device_id, although we clear them
using two different methods:

1. The Device-ID is generated upon VPN connection by SurfEasy Inc
It's cleared on Windows using:
Opera: Menu More tools - Clear browsing data
[+]Third party services data

2. The Subscriber-ID sequential connection to Opera itself.
It's cleared on Windows using:
Opera: Menu More tools - Clear browsing data
[+]Browsing history
[+]Cached images and files

What I'm basically asking is, once we do this, does anyone on this
newsgroup know Windows well enough to say how one could tell whether those
steps actually work?

Essentially, what you're asking is:
1. What are the two unique IDs and where are they stored?
2. Can they be manipulated to gain more privacy?


That's almost correct; but not quite correct - but you do show an adept
understanding that the previous poster was clearly clueless about.

What I'm asking is:
1. Where is the unique SurfEasy-generated device_id & Opera-generated
sequential subscriber-id stored on Windows?
2. How can we prove using Windows tools that deleting them as per the
stated steps above actually worked?

For #2, it's difficult because they are in an encrypted session. You
don't have the right certificate that would allow you to decrypt the
session to see the values. I'm specifically referring to the one that's
supposedly generated on the fly by the Surfeasy site. The behavior of
that ID is similar to a session cookie in that it's generated by the
server on the first request, then sent to the client with the
expectation that the client will return it on each subsequent request.
It's stored in memory, but likely not on disk.


I admit I don't understand this public-key/private-key encryption sequence
but I'm hopeful that there is a way to at least *watch* it in action.

That is, we do the following using Windows tools:
1. We clear the device_id and subscriber-id as shown above.
2. We watch a session to see what happens.
3. We run enough sessions to see that these two numbers remain the same.
....
Then we repeat step 1 and 2 above.
From that, we should be able to tell (I hope) whether our manual clearing
of the device_id and subscriber-id was actually successful.

For #1, you might have seen examples back in July/August when you were
asking the same questions in alt.os.linux.


Marek Novotny helped immensely in finding out the process of clearing the
device_id and the subscriber-id.

It seems the process is sort of like this (as best I can tell).
a. You install Opera & use it on Windows
b. At some point unknown to me, Opera generates a sequential subscriber-id.
c. At some future point, you check the box to use the SurfEasy VPN.
d. That causes Opera to send the sequential subscriber id to SurfEasy
e. And it causes SurfEasy to generate a unique device_id.

These subscriber-id and device_id numbers remain the same until you clear
them using the methods described above.

So I clear them with each session, but I am using a multi-step method
because I don't know if they're cleared with the VPN turned on or off.

Mainly ... that's all I want to know, assuming that the clearing process
actually works. How will I know? Nobody knows the answer.

Do both get cleared if the vpn is off?
Do both get cleared if the vpn is on?

Basically, that's the question I'm trying to answer because *efficiency*
and privacy have to go together.

It's a valid question.
I knew only an expert could answer it as it requires knowledge of Windows
networking that I don't have.

Char Jackson December 29th 17 11:29 PM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Fri, 29 Dec 2017 21:34:13 +0000 (UTC), Chaya Eve
wrote:

On Fri, 29 Dec 2017 12:31:14 -0600, Char Jackson wrote:

Most people lock their door, but I don't know many people who take all
of the steps that you take. That's probably what Diesel was getting at.


Let's try to stay on topic, which is to first try to understand *what*
Opera actually does - and then - once we understand that - then we can see
if anyone here knows Windows well enough to figure out how to capture it.


It doesn't have much to do with Windows (or Linux, from your prior
threads), as several people have pointed out. It's an Opera question.
You're trying to sniff your network traffic to see what *Opera* is
doing, but as I've said, you're trying to look inside an encrypted
session. Without the proper certificate, you're going to have a hard
time with that.

I thought it was a valid question. "Windows Networking" isn't
responsible for creating or storing either of the unique IDs in
question, and by the time they're being transported, the session is
encrypted.


Your point about Windows isn't valid


How so?

but your point about encryption is
valid. Windows should be able to capture anything that emanates from our
computers. If we can't capture what emanates from our computers, we're
essentially driving them blind.


Right, you can capture anything and everything that "emanates" from your
computer, but what you're overlooking is that a lot of your network
traffic, and this specific network traffic in particular, is going to be
encrypted. That's the whole point of using HTTPS.

As for encryption, yes, it may be encrypted - but - we know where it goes,
as it goes to de0.opera-proxy.net. And we know that it is preceded by
the following Proxy-Authorization request header.
* CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE 67
* 4A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D8 6A3


That information doesn't really help. It does help you filter just the
traffic that's of interest, but when you view it in Wireshark you're
going to see that the payload is encrypted. Go ahead and capture it and
see for yourself. I expect the entire TCP payload to be encrypted,
including the headers, even the Proxy-Auth header.

On Linux systems, I use the industry standard tcpdump to capture network
packets to a file which I then view in Wireshark. It's usually built in.

On Windows systems, I use WinDump to capture network packets to a file
which I then view in Wireshark. WinDump is a separate download, not
included in Windows.

Either way, you can filter traffic with tcpdump/WinDump to keep your
capture file manageable, or you can run the capture wide open and use
Wireshark's excellent filters to hide everything that's not of interest.

The point is that we are all ignorant, in that we are driving our Windows
computers with a blindfold on - and where all I'm asking is for advice from
people who know how to drive Windows better than I do - for how to remove
the blindfolds.


Ask Surfeasy for a copy of their private key, (not gonna happen), then
set up a local transparent proxy. You'll be able to decrypt the traffic
and see all of the headers that you've identified. They'll be in the
clear.

What's a perfectly valid question is *what* does Opera actually do when you
run it on Windows, where, most people here are clueless, as am I.


Right. As I said above, it's an Opera question, not a Windows or
networking question.

What Opera does is like "winter". It does what it does. All I'm asking is
if anyone knows winter well enough to suggest a warm coat.


You can't reduce it to that level of simplicity. If you could, how
secure would it be?

For example, trying to keep on topic even though I probably won't learn
anything from you


snip

Well, Happy New Year to you, too.

What I'm asking is:
1. Where is the unique SurfEasy-generated device_id & Opera-generated
sequential subscriber-id stored on Windows?


From prior reading, the "SurfEasy-generated device_id" is generated by
Surfeasy and doesn't need to be stored locally. It can simply be
resident in RAM. You could take a snapshot of your RAM, but there's no
guarantee that this ID will be stored with a human-readable label.

I admit I don't understand this public-key/private-key encryption sequence
but I'm hopeful that there is a way to at least *watch* it in action.

That is, we do the following using Windows tools:
1. We clear the device_id and subscriber-id as shown above.
2. We watch a session to see what happens.
3. We run enough sessions to see that these two numbers remain the same.


At the network level, you can't see the data that you're looking for.
It's not like the header is standing out there in the wind and it simply
has an encrypted value. That would make this exercise trivial. The whole
thing, including headers, is encrypted.

I knew only an expert could answer it as it requires knowledge of Windows
networking that I don't have.


I think you mean knowledge of Opera.


Chaya Eve December 30th 17 11:34 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
On Fri, 29 Dec 2017 16:29:29 -0600, Char Jackson wrote:

I knew only an expert could answer it as it requires knowledge of Windows
networking that I don't have.


I think you mean knowledge of Opera.


The main intent of the question was to figure out a way to tell, in
Windows, whether there is any practical difference between these two steps,
which are intended to clear both the sequential opera-created "subscriber
id" and the unique SurfEasy created "device_id".

opera://settings/startup
a. opera://settings/clearBrowserData (with "Enable VPN" checked)
b. opera://settings/clearBrowserData (with "Enable VPN" not checked)

Whe
Device-ID (generated upon VPN connection by SurfEasy Inc)
Cleared by Opera: Menu More tools - Clear browsing data
[+]Third party services data
Subscriber-ID (sequential connection to Opera Inc)
Cleared by Opera: Menu More tools - Clear browsing data
[+]Browsing history
[+]Cached images and files

Diesel January 2nd 18 03:01 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
Chaya Eve
Fri, 29 Dec 2017 15:30:01 GMT in
alt.windows7.general, wrote:

On Fri, 29 Dec 2017 05:53:28 -0000 (UTC), Diesel
wrote:

Are you smoking something, drinking something or snorting
something you probably shouldn't be?


Why do some people simply assume that if you lock your door when
you leave the house, that you're hiding something illegal inside?


I don't know anyone who makes such assumptions, myself. If you do,
something's a little off with their line of thinking...

What does Windows Networking have to do
with your browser creating a unique ID to use with a proxy?


Asking that is like asking:
"What does a warm coat have to do with winter weather?"


I fail to see the comparison you're attempting to convey. You don't
seem to have a firm grasp on what Windows Networking is. It has
nothing directly to do with your web browser of choice. It couldn't
give two ****s about it, personally.

Why in
the world would you think you could sniff it with wireshark when
it's most likely going to be an encrypted transmission?


That's like asking:
"Why in the world would you think that a warm coat will change
the winter
weather when it's most likely to be the weather that is making you
cold?"


Again, a flawed comparison which makes no sense.

You seem to be a bit more than lost here...


What you call "lost" is that I'm asking a question that not only
has never been asked before, but that only a Windows expert could
answer.


You don't appear to have a firm understanding of what it is you're
asking and you're making some bat**** crazy assumptions with regard
to who can/can't answer it. But, alas, feel free to carry on.
Sometimes, I could use a good laugh.




--
Please visit our moderators personal page:
https://tekrider.net/pages/david-brooks-stalker.php
Now for a cheeky message from our sponsors:
Never hit a man with glasses. Use your fist!

Diesel January 2nd 18 03:02 AM

For Windows experts only: How to find the unique Opera device_id associated with my setup?
 
Chaya Eve
Fri, 29 Dec 2017 21:34:13 GMT in
alt.windows7.general, wrote:

On Fri, 29 Dec 2017 12:31:14 -0600, Char Jackson
wrote:

Most people lock their door, but I don't know many people who
take all of the steps that you take. That's probably what Diesel
was getting at.


Let's try to stay on topic, which is to first try to understand
*what* Opera actually does - and then - once we understand that -
then we can see if anyone here knows Windows well enough to figure
out how to capture it.


Some of us do understand what Opera is actually doing. You seem to be
the one left out in the cold here.

I thought it was a valid question. "Windows Networking" isn't
responsible for creating or storing either of the unique IDs in
question, and by the time they're being transported, the session
is encrypted.


Your point about Windows isn't valid but your point about
encryption is valid. Windows should be able to capture anything
that emanates from our computers. If we can't capture what
emanates from our computers, we're essentially driving them blind.


You clearly don't have a firm grasp on the Windows Networking aspect
or how encryption works at that level. Windows can't show you what it
doesn't have access to.

The point is that we are all ignorant, in that we are driving our
Windows computers with a blindfold on - and where all I'm asking
is for advice from people who know how to drive Windows better
than I do - for how to remove the blindfolds.


At this point, I'd say my eight year old nephew has a better grasp on
driving windows than you do.

Same as above. I think he's asking a valid question.


What's a perfectly valid question is *what* does Opera actually do
when you run it on Windows, where, most people here are clueless,
as am I.


I can't claim that most people here are clueless, but, I'm getting
the distinct impression you're a bit daft concerning the underlying
processes involved here.

For example, trying to keep on topic even though I probably won't
learn anything from you - not because you can't help - but because
you know even less than I do about the problem set


Wow.

What I'm basically asking is, once we do this, does anyone on this
newsgroup know Windows well enough to say how one could tell
whether those steps actually work?

Essentially, what you're asking is:
1. What are the two unique IDs and where are they stored?
2. Can they be manipulated to gain more privacy?


That's almost correct; but not quite correct - but you do show an
adept understanding that the previous poster was clearly clueless
about.


Uhh, not hardly. I know perfectly well what it is you were asking. I
asked why you thought some systems which have nothing to do with your
question were involved in it. I was trying to get a feel for your
actual knowledge level so I could dumb my advice down accordingly. As
I've figured out you're ignorance level is well below my minimum
tolerance required for teaching, I'm unable to help you. Not because
I don't know the answer or what I'm writing about, but because you
don't have even a limited base from which I could build upon. In
other words, you have nothing for me to work with.

I admit I don't understand this public-key/private-key encryption
sequence but I'm hopeful that there is a way to at least *watch*
it in action.


Wow... If you could watch it in action beyond key exchange, it would
defeat the entire purpose of doing it in the first place. You clearly
DO NOT understand the concepts involved here, and, until you do, it
doesn't matter what advice/suggestions anyone gives you.

It's a valid question.
I knew only an expert could answer it as it requires knowledge of
Windows networking that I don't have.


Not only do you not have the knowledge of Windows networking, you
don't even have the basics well understood. For you, no answer is
going to be accepted. And who knows what your definition of an expert
might be.




--
Please visit our moderators personal page:
https://tekrider.net/pages/david-brooks-stalker.php
Now for a cheeky message from our sponsors:
Basic is a high level languish.


All times are GMT +1. The time now is 07:37 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters