If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
|
|||
|
|||
A browser question
It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? |
#2
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 10:05:58 -0700, cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? I don't know about a unique ID, but in the past I've read messages stating that a (Firefox) user could be identified by the add-ons he uses, the settings (resolution for example) etc. I've also read that users can be identified through typing or mouse movements... -- s|b |
#3
|
|||
|
|||
A browser question
On 9/21/2017 10:05 AM, cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. Note that you cannot install Secret Agent on Firefox because the developer correctly refuses to submit his extension to Mozilla for being signed. You can install Secret Agent on SeaMonkey because that browser does not check extensions for signatures. -- David E. Ross http://www.rossde.com/ Yes, George Washington, Thomas Jefferson, and other "founding fathers" owned slaves. However, they created a nation. Robert E. Lee, Jefferson Davis, Thomas "Stonewall" Jackson and other "heroes" of the Confederacy tried to tear the nation apart. Statues and other monuments to those "heroes" of the Confederacy actually celebrate traitors and treason. See my http://www.rossde.com/editorials/edtl_conf_flag.html. |
#4
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:
On 9/21/2017 10:05 AM, cameo wrote: It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. Note that you cannot install Secret Agent on Firefox because the developer correctly refuses to submit his extension to Mozilla for being signed. You can install Secret Agent on SeaMonkey because that browser does not check extensions for signatures. Hah! - can't get Secret Agent as the site blocks users of TalkTalk. I'm not actually with TT, but the ISP uses TT's servers. I followed the link from Pale Moon's add-ons site and was met with a message about TT doing something 'naughty' in China. All other links that I've found refer to either the host site or PM's site. -- Peter. The gods will stay away whilst religions hold sway |
#5
|
|||
|
|||
A browser question
"David E. Ross" wrote
| Note that you cannot install Secret Agent on Firefox because the | developer correctly refuses to submit his extension to Mozilla for being | signed. Not quite true. It can be installed on older versions. And I'm using it on FF 52 with this setting: xpinstall.signatures.required false I don't think that setting is available on all versions. It may be that I have it because 52 is an ESR version. I forget the specifics. But it works. On the other hand, all bets are off for anyone who decides to use the newer webextension-only versions. |
#6
|
|||
|
|||
A browser question
On 9/21/2017 4:07 PM, Mayayana wrote:
"David E. Ross" wrote | Note that you cannot install Secret Agent on Firefox because the | developer correctly refuses to submit his extension to Mozilla for being | signed. Not quite true. It can be installed on older versions. And I'm using it on FF 52 with this setting: xpinstall.signatures.required false I don't think that setting is available on all versions. It may be that I have it because 52 is an ESR version. I forget the specifics. But it works. On the other hand, all bets are off for anyone who decides to use the newer webextension-only versions. What about the Chrome browser? |
#7
|
|||
|
|||
A browser question
"cameo" wrote
| What about the Chrome browser? | Why would you use Chrome if you care about privacy? Google is spyware king. You could use Iron if you like the basic browser: https://www.srware.net/en/software_s...me_vs_iron.php I've never used either and wouldn't touch anything from Google, so I don't know what your options are there. It would be wise to assume that Google is tracking you in Chrome. They're known to collect all information they possibly can. They're also known to lie about it. All this assumes that you're doing other things to protect privacy: Block cookies, disable script or at least use noScript. Disable telemetry, warniongs about risky websites, geo-location functionality, push services, etc. (Many ways of identifying you only work with script enabled.) If you allow script, enable cookies, and don't block all the call-home operations, then you *are* being tracked online by a number of entities. If they can't use script they'll use web bug trackers. |
#8
|
|||
|
|||
A browser question
On 9/21/2017 4:35 PM, Mayayana wrote:
"cameo" wrote | What about the Chrome browser? | Why would you use Chrome if you care about privacy? Google is spyware king. You could use Iron if you like the basic browser: https://www.srware.net/en/software_s...me_vs_iron.php I've never used either and wouldn't touch anything from Google, so I don't know what your options are there. It would be wise to assume that Google is tracking you in Chrome. They're known to collect all information they possibly can. They're also known to lie about it. All this assumes that you're doing other things to protect privacy: Block cookies, disable script or at least use noScript. Disable telemetry, warniongs about risky websites, geo-location functionality, push services, etc. (Many ways of identifying you only work with script enabled.) If you allow script, enable cookies, and don't block all the call-home operations, then you *are* being tracked online by a number of entities. If they can't use script they'll use web bug trackers. I see. And what about the Thor browser? |
#9
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:
On 9/21/2017 10:05 AM, cameo wrote: It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. It seems to change the User Agent string in a somewhat random way, but not the fingerprint? |
#10
|
|||
|
|||
A browser question
"mechanic" wrote
| https://www.dephormation.org.uk/index.php?page=81. This can change | the fingerprint on each HTTP(S) request. | | It seems to change the User Agent string in a somewhat random way, | but not the fingerprint? It's flexible and deals with many things. Etags, accepted headers, etc. Personally I don't change the userAgent. Secret Agent has a very exotic list that will make you stand out. Better to just pick a very generic UA. |
#11
|
|||
|
|||
A browser question
cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? Any web page that runs Javascript can get at the IP address of the host on which you load that web page. However, most likely you have an intranet IP address that lots of other users employ on their own hosts (e.g., they start with 10 or 192). That assumes you let your router dole out an IP address from its DHCP server. If your host gets its IP address from your ISP's DHCP server or you get a static IP address for your host from your ISP (not an internal static IP address to your router) then script can report what is that IP address from your ISP's IP pool. Rather than try to determine the IP address used to connect to a site (from the anonymizing service), they use a script to see what is the IP address of your host. http://whatismyipaddress.com/ http://www.myipaddress.com/show-my-ip-address/ They could then compare the IP address used to connect to their site against the IP address the script reports to their server. Google claimed to have removed their install-time UID (aka instance ID aka client ID) they used to track installations back around 2010. There are "secure" web browsers that want to claim they removed the UID so they are more secure than Google Chrome but they neglect to tell you that Google removed the UID a long time ago. They continue to effuse FUD to extol a feature they have but neglect to note that it has become irrelevant. As I recall, Chrome's UID gets removed after the fist update of Chrome. Well, Chrome gets updated a lot so you won't have long to wait. The "client_ID" name-value pair was found in a text file that you could edit, like to null/zero out the value (although few of all Chrome users did this so doing this means you put yourself into a small populace that helps to fingerprint you, too). The file was: C:\Users\youracct\Local Settings\Application Data\Google\Chrome\User Data I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). |
#12
|
|||
|
|||
A browser question
On 9/21/2017 2:35 PM, VanguardLH wrote:
I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. |
#13
|
|||
|
|||
A browser question
Thip wrote:
VanguardLH wrote: I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. Firefox. I switched to Google Chrome when Mozilla was making Firefox slow to load. Unlike folks that spend their whole waking time on the Web, I exit the web browser when not using it which means I load it a lot for when I do want to use it. Firefox was getting pretty slow to load. I forget which major version changed that behavior but Firefox is now a lot speedier to load. Since Firefox has already moved to the WebExtension API, a close derivative of the web API used by Blink in Google Chrome, many extension authors have ported to Firefox to have multiple platforms for their works. Firefox actually has some additional functions in its web API that are not available in Google's web API so going from Firefox to Google for an extension can mean losing functionality. That an author has not ported their Google Chrome extension to Firefox is due to them not having the current resources to do so (they'll sitting on their laurels) or they only care about focusing on the biggest marketshare of web browsing clients, especially for mobile users. https://developer.mozilla.org/en-US/...rome_extension Once Firefox got speedier to load, and because Firefox is *far* more configurable regarding privacy and security than is Chrome, I went back to Firefox. You'll have to prod those Chromium extension authors to port to Firefox (if you can get them interested). Chrome has 60% of the marketshare for web browsers, a lot of which is due to use of Android on mobile devices or boobs not doing custom installs or watching the install to NOT include a Google Chrome install when they meant to install something else. Firefox only has 8% marketshare. https://www.w3counter.com/globalstats.php I had to prod a few extension authors to speed up or even start a WE version of their Firefox add-on. Some had a legacy extension for Firefox while they had a WE extension for Chrome, so I kept prodding them to port their Chrome extension to Firefox. Submitting a review at addons.mozilla.org about a legacy add-on might get your review yanked because the author doesn't like your negativity but it does spur them to get out the WE version of their extension they claimed to have been working on. I know the NoScript author didn't like my review stating there was no WE version so he pointed me at some old Mozilla blog despite the truth of my claims that he made no announcements at this web site, in the Development section of the Mozilla add-on page, or anywhere else. Someone had to ask him in a blog and he expected users to somehow magically divine there was such a blog but it gives not details about actual development or schedule. uBlock Origin was much more informative about his hybrid-WE and WE development. If you see an extension that is legacy for Firefox but also available for Chrome, prod that author to port his Chrome extension to Firefox. If you see an extension that is available only for Chrome, prod that author to port to the compatible WE API in Firefox. That they won't evidences the intent of the author. There are extension authors that have openly declared that they will not expend additional effort to rewrite their legacy extension to convert it to a WE extension. They don't want to do the work. They have a good extension but they choose to let it stagnate. They spent the time to do all the work before but aren't doing it all over again. The same attitude can be seen of Chromium extension authors that don't want to expend the effort to port their work to lowly Firefox with its meager 8% marketshare. They're looking at the size of the userbase, not at the robustness and configurability of the web browser. [Nearly] everyone is over in the Chromium camp. They don't want to sit at the campfire with just a few nerds. They want to join the big crowd at the big campfire. Like spammers and malware, they focus on the biggest target for the biggest impact. To them, Firefox users are, um, irrelevant and unimportant. I use Firefox but I'm not stupidly going to defend my choice and my salve my ego by trying to stay blind that Google won the browser war. Most users are boobs. They only care that it works, not how it works or how to make it work better, and most don't give a gnat's fart about privacy or security. Talk to most MS Word users at work and most have only visited a few of its config screens and only because they had to. |
#14
|
|||
|
|||
A browser question
On 9/22/2017 7:53 PM, VanguardLH wrote:
Thip wrote: VanguardLH wrote: I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. Firefox. I switched to Google Chrome when Mozilla was making Firefox slow to load. Unlike folks that spend their whole waking time on the Web, I exit the web browser when not using it which means I load it a lot for when I do want to use it. Firefox was getting pretty slow to load. I forget which major version changed that behavior but Firefox is now a lot speedier to load. Since Firefox has already moved to the WebExtension API, a close derivative of the web API used by Blink in Google Chrome, many extension authors have ported to Firefox to have multiple platforms for their works. Firefox actually has some additional functions in its web API that are not available in Google's web API so going from Firefox to Google for an extension can mean losing functionality. That an author has not ported their Google Chrome extension to Firefox is due to them not having the current resources to do so (they'll sitting on their laurels) or they only care about focusing on the biggest marketshare of web browsing clients, especially for mobile users. https://developer.mozilla.org/en-US/...rome_extension Once Firefox got speedier to load, and because Firefox is *far* more configurable regarding privacy and security than is Chrome, I went back to Firefox. You'll have to prod those Chromium extension authors to port to Firefox (if you can get them interested). Chrome has 60% of the marketshare for web browsers, a lot of which is due to use of Android on mobile devices or boobs not doing custom installs or watching the install to NOT include a Google Chrome install when they meant to install something else. Firefox only has 8% marketshare. https://www.w3counter.com/globalstats.php I had to prod a few extension authors to speed up or even start a WE version of their Firefox add-on. Some had a legacy extension for Firefox while they had a WE extension for Chrome, so I kept prodding them to port their Chrome extension to Firefox. Submitting a review at addons.mozilla.org about a legacy add-on might get your review yanked because the author doesn't like your negativity but it does spur them to get out the WE version of their extension they claimed to have been working on. I know the NoScript author didn't like my review stating there was no WE version so he pointed me at some old Mozilla blog despite the truth of my claims that he made no announcements at this web site, in the Development section of the Mozilla add-on page, or anywhere else. Someone had to ask him in a blog and he expected users to somehow magically divine there was such a blog but it gives not details about actual development or schedule. uBlock Origin was much more informative about his hybrid-WE and WE development. If you see an extension that is legacy for Firefox but also available for Chrome, prod that author to port his Chrome extension to Firefox. If you see an extension that is available only for Chrome, prod that author to port to the compatible WE API in Firefox. That they won't evidences the intent of the author. There are extension authors that have openly declared that they will not expend additional effort to rewrite their legacy extension to convert it to a WE extension. They don't want to do the work. They have a good extension but they choose to let it stagnate. They spent the time to do all the work before but aren't doing it all over again. The same attitude can be seen of Chromium extension authors that don't want to expend the effort to port their work to lowly Firefox with its meager 8% marketshare. They're looking at the size of the userbase, not at the robustness and configurability of the web browser. [Nearly] everyone is over in the Chromium camp. They don't want to sit at the campfire with just a few nerds. They want to join the big crowd at the big campfire. Like spammers and malware, they focus on the biggest target for the biggest impact. To them, Firefox users are, um, irrelevant and unimportant. I use Firefox but I'm not stupidly going to defend my choice and my salve my ego by trying to stay blind that Google won the browser war. Most users are boobs. They only care that it works, not how it works or how to make it work better, and most don't give a gnat's fart about privacy or security. Talk to most MS Word users at work and most have only visited a few of its config screens and only because they had to. Thank you. Very detailed. I actually gave up on FF way back at around 3.0, although I did use it sporadically. I've gone from browser to browser to browser ever since. As my disabilities became more pronounced I've used Chrome because the extensions simply make life easier (I don't leave my browser open either, just do what I have to do, close tabs, and get off). Although I'm not looking forward to another learning curve, I guess I'll just have to suck it up and deal with it. :-) |
#15
|
|||
|
|||
A browser question
On 9/22/2017 6:53 PM, VanguardLH wrote:
Thip wrote: VanguardLH wrote: I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. Firefox. I switched to Google Chrome when Mozilla was making Firefox slow to load. Unlike folks that spend their whole waking time on the Web, I exit the web browser when not using it which means I load it a lot for when I do want to use it. Firefox was getting pretty slow to load. I forget which major version changed that behavior but Firefox is now a lot speedier to load. Since Firefox has already moved to the WebExtension API, a close derivative of the web API used by Blink in Google Chrome, many extension authors have ported to Firefox to have multiple platforms for their works. Firefox actually has some additional functions in its web API that are not available in Google's web API so going from Firefox to Google for an extension can mean losing functionality. That an author has not ported their Google Chrome extension to Firefox is due to them not having the current resources to do so (they'll sitting on their laurels) or they only care about focusing on the biggest marketshare of web browsing clients, especially for mobile users. https://developer.mozilla.org/en-US/...rome_extension Once Firefox got speedier to load, and because Firefox is *far* more configurable regarding privacy and security than is Chrome, I went back to Firefox. You'll have to prod those Chromium extension authors to port to Firefox (if you can get them interested). Chrome has 60% of the marketshare for web browsers, a lot of which is due to use of Android on mobile devices or boobs not doing custom installs or watching the install to NOT include a Google Chrome install when they meant to install something else. Firefox only has 8% marketshare. https://www.w3counter.com/globalstats.php I had to prod a few extension authors to speed up or even start a WE version of their Firefox add-on. Some had a legacy extension for Firefox while they had a WE extension for Chrome, so I kept prodding them to port their Chrome extension to Firefox. Submitting a review at addons.mozilla.org about a legacy add-on might get your review yanked because the author doesn't like your negativity but it does spur them to get out the WE version of their extension they claimed to have been working on. I know the NoScript author didn't like my review stating there was no WE version so he pointed me at some old Mozilla blog despite the truth of my claims that he made no announcements at this web site, in the Development section of the Mozilla add-on page, or anywhere else. Someone had to ask him in a blog and he expected users to somehow magically divine there was such a blog but it gives not details about actual development or schedule. uBlock Origin was much more informative about his hybrid-WE and WE development. If you see an extension that is legacy for Firefox but also available for Chrome, prod that author to port his Chrome extension to Firefox. If you see an extension that is available only for Chrome, prod that author to port to the compatible WE API in Firefox. That they won't evidences the intent of the author. There are extension authors that have openly declared that they will not expend additional effort to rewrite their legacy extension to convert it to a WE extension. They don't want to do the work. They have a good extension but they choose to let it stagnate. They spent the time to do all the work before but aren't doing it all over again. The same attitude can be seen of Chromium extension authors that don't want to expend the effort to port their work to lowly Firefox with its meager 8% marketshare. They're looking at the size of the userbase, not at the robustness and configurability of the web browser. [Nearly] everyone is over in the Chromium camp. They don't want to sit at the campfire with just a few nerds. They want to join the big crowd at the big campfire. Like spammers and malware, they focus on the biggest target for the biggest impact. To them, Firefox users are, um, irrelevant and unimportant. I use Firefox but I'm not stupidly going to defend my choice and my salve my ego by trying to stay blind that Google won the browser war. Most users are boobs. They only care that it works, not how it works or how to make it work better, and most don't give a gnat's fart about privacy or security. Talk to most MS Word users at work and most have only visited a few of its config screens and only because they had to. Now that I have started playing with this Hosts file thing I have a question, in the file some entries use the localhost 127.0.0.1 numbers and some use the 0.0.0.0 numbers. When adding new entries which is the proper IP number to use? Thanks, Rene |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|