If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
A browser question
It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? |
Ads |
#2
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 10:05:58 -0700, cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? I don't know about a unique ID, but in the past I've read messages stating that a (Firefox) user could be identified by the add-ons he uses, the settings (resolution for example) etc. I've also read that users can be identified through typing or mouse movements... -- s|b |
#3
|
|||
|
|||
A browser question
On 9/21/2017 10:05 AM, cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. Note that you cannot install Secret Agent on Firefox because the developer correctly refuses to submit his extension to Mozilla for being signed. You can install Secret Agent on SeaMonkey because that browser does not check extensions for signatures. -- David E. Ross http://www.rossde.com/ Yes, George Washington, Thomas Jefferson, and other "founding fathers" owned slaves. However, they created a nation. Robert E. Lee, Jefferson Davis, Thomas "Stonewall" Jackson and other "heroes" of the Confederacy tried to tear the nation apart. Statues and other monuments to those "heroes" of the Confederacy actually celebrate traitors and treason. See my http://www.rossde.com/editorials/edtl_conf_flag.html. |
#4
|
|||
|
|||
A browser question
cameo wrote:
It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? Any web page that runs Javascript can get at the IP address of the host on which you load that web page. However, most likely you have an intranet IP address that lots of other users employ on their own hosts (e.g., they start with 10 or 192). That assumes you let your router dole out an IP address from its DHCP server. If your host gets its IP address from your ISP's DHCP server or you get a static IP address for your host from your ISP (not an internal static IP address to your router) then script can report what is that IP address from your ISP's IP pool. Rather than try to determine the IP address used to connect to a site (from the anonymizing service), they use a script to see what is the IP address of your host. http://whatismyipaddress.com/ http://www.myipaddress.com/show-my-ip-address/ They could then compare the IP address used to connect to their site against the IP address the script reports to their server. Google claimed to have removed their install-time UID (aka instance ID aka client ID) they used to track installations back around 2010. There are "secure" web browsers that want to claim they removed the UID so they are more secure than Google Chrome but they neglect to tell you that Google removed the UID a long time ago. They continue to effuse FUD to extol a feature they have but neglect to note that it has become irrelevant. As I recall, Chrome's UID gets removed after the fist update of Chrome. Well, Chrome gets updated a lot so you won't have long to wait. The "client_ID" name-value pair was found in a text file that you could edit, like to null/zero out the value (although few of all Chrome users did this so doing this means you put yourself into a small populace that helps to fingerprint you, too). The file was: C:\Users\youracct\Local Settings\Application Data\Google\Chrome\User Data I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). |
#5
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:
On 9/21/2017 10:05 AM, cameo wrote: It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. Note that you cannot install Secret Agent on Firefox because the developer correctly refuses to submit his extension to Mozilla for being signed. You can install Secret Agent on SeaMonkey because that browser does not check extensions for signatures. Hah! - can't get Secret Agent as the site blocks users of TalkTalk. I'm not actually with TT, but the ISP uses TT's servers. I followed the link from Pale Moon's add-ons site and was met with a message about TT doing something 'naughty' in China. All other links that I've found refer to either the host site or PM's site. -- Peter. The gods will stay away whilst religions hold sway |
#6
|
|||
|
|||
A browser question
"David E. Ross" wrote
| Note that you cannot install Secret Agent on Firefox because the | developer correctly refuses to submit his extension to Mozilla for being | signed. Not quite true. It can be installed on older versions. And I'm using it on FF 52 with this setting: xpinstall.signatures.required false I don't think that setting is available on all versions. It may be that I have it because 52 is an ESR version. I forget the specifics. But it works. On the other hand, all bets are off for anyone who decides to use the newer webextension-only versions. |
#7
|
|||
|
|||
A browser question
On 9/21/2017 4:07 PM, Mayayana wrote:
"David E. Ross" wrote | Note that you cannot install Secret Agent on Firefox because the | developer correctly refuses to submit his extension to Mozilla for being | signed. Not quite true. It can be installed on older versions. And I'm using it on FF 52 with this setting: xpinstall.signatures.required false I don't think that setting is available on all versions. It may be that I have it because 52 is an ESR version. I forget the specifics. But it works. On the other hand, all bets are off for anyone who decides to use the newer webextension-only versions. What about the Chrome browser? |
#8
|
|||
|
|||
A browser question
"cameo" wrote
| What about the Chrome browser? | Why would you use Chrome if you care about privacy? Google is spyware king. You could use Iron if you like the basic browser: https://www.srware.net/en/software_s...me_vs_iron.php I've never used either and wouldn't touch anything from Google, so I don't know what your options are there. It would be wise to assume that Google is tracking you in Chrome. They're known to collect all information they possibly can. They're also known to lie about it. All this assumes that you're doing other things to protect privacy: Block cookies, disable script or at least use noScript. Disable telemetry, warniongs about risky websites, geo-location functionality, push services, etc. (Many ways of identifying you only work with script enabled.) If you allow script, enable cookies, and don't block all the call-home operations, then you *are* being tracked online by a number of entities. If they can't use script they'll use web bug trackers. |
#9
|
|||
|
|||
A browser question
On 9/21/2017 4:35 PM, Mayayana wrote:
"cameo" wrote | What about the Chrome browser? | Why would you use Chrome if you care about privacy? Google is spyware king. You could use Iron if you like the basic browser: https://www.srware.net/en/software_s...me_vs_iron.php I've never used either and wouldn't touch anything from Google, so I don't know what your options are there. It would be wise to assume that Google is tracking you in Chrome. They're known to collect all information they possibly can. They're also known to lie about it. All this assumes that you're doing other things to protect privacy: Block cookies, disable script or at least use noScript. Disable telemetry, warniongs about risky websites, geo-location functionality, push services, etc. (Many ways of identifying you only work with script enabled.) If you allow script, enable cookies, and don't block all the call-home operations, then you *are* being tracked online by a number of entities. If they can't use script they'll use web bug trackers. I see. And what about the Thor browser? |
#10
|
|||
|
|||
A browser question
On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:
On 9/21/2017 10:05 AM, cameo wrote: It just occured me that Google's Chrome (or other browser) could possibly identify a user who browses with an IP anonymizer, such as the Private Internet Access (PIA) if the copy of browser carries some kind of unique ID, such as what cell phones have (IMEI number) and that ID was at one time linked to the real user when he/she was not using an anonymizer. What do you think? What you are describing is the browser's fingerprint. If your browser still uses .xpi extensions, installSecret Agent from https://www.dephormation.org.uk/index.php?page=81. This can change the fingerprint on each HTTP(S) request. It seems to change the User Agent string in a somewhat random way, but not the fingerprint? |
#11
|
|||
|
|||
A browser question
"cameo" wrote
| I see. And what about the Thor browser? | Tor? That's a version of Firefox. I've been curious to try that but haven't because I've heard that a lot of sites block it because they blacklist the IPs used. There have also been cases of Tor privacy being compromised. That's all I know about it. Maybe someone else has better info. I guess it also depends on how you define privacy. If you're trying to stay informed from inside occupied Tibet then you have a serious reason to protect your ID. In that case something like Tor is probably what you need. If you want reasonable privacy from spyware dataminers online then you want to learn about cookies, script, web bugs, browser setttings, etc. If you're actually in Tibet then you'd probably want to use both approaches. Identifying you by your actions online is becoming a popular strategy. If you don't want to make much effort but do like the idea of privacy then stage 1 might be to block 3rd-party cookies and set all cookies to delete when you close your browser. Also, set up a HOSTS file to block the likes of doubleclick, googletagmanager, scorecardreseach, etc. Those steps require very little effort and do a lot to reduce tracking. Stage 2 might be to add NoScript to your privacy tools, and perhaps block 3rd-party files, which can be done in Firefox. (Note, however, that blocking 3rd-party is becoming problematic because many commercial sites use several servers that are all their own but are different domains. For instance, bbc.com might load images from, say, bbcimg.com.) Also, something like Secret Agent is a good idea. And there are other things you should probably do for "stage 2": Don't install Flash, block local storage AKA supercookies. If using a Mozilla browser, go through about:config and remove all URLs. Etc. Unfortunately, the more you care about privacy, the more you need to learn. There are a lot of big companies online that have lots of smart people working fulltime to come up with new ways to track you and show you ads. Just stopping Google from tracking nearly every site you visit requires careful efforts. An interesting thing to try if you're curious would be to approach it from the opposite side: Search for information about how to identify website visitors. You'll find all sorts of discussions providing tips about how to use script, Google services, etc in order to discover information about website visitors. That, in turn, will provide guidance about how to protect your privacy. |
#12
|
|||
|
|||
A browser question
"mechanic" wrote
| https://www.dephormation.org.uk/index.php?page=81. This can change | the fingerprint on each HTTP(S) request. | | It seems to change the User Agent string in a somewhat random way, | but not the fingerprint? It's flexible and deals with many things. Etags, accepted headers, etc. Personally I don't change the userAgent. Secret Agent has a very exotic list that will make you stand out. Better to just pick a very generic UA. |
#13
|
|||
|
|||
A browser question
On 9/21/2017 2:35 PM, VanguardLH wrote:
I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. |
#14
|
|||
|
|||
A browser question
On 9/22/2017 6:35 AM, Mayayana wrote:
"cameo" wrote | I see. And what about the Thor browser? | Tor? That's a version of Firefox. I've been curious to try that but haven't because I've heard that a lot of sites block it because they blacklist the IPs used. There have also been cases of Tor privacy being compromised. That's all I know about it. Maybe someone else has better info. I guess it also depends on how you define privacy. If you're trying to stay informed from inside occupied Tibet then you have a serious reason to protect your ID. In that case something like Tor is probably what you need. If you want reasonable privacy from spyware dataminers online then you want to learn about cookies, script, web bugs, browser setttings, etc. If you're actually in Tibet then you'd probably want to use both approaches. Identifying you by your actions online is becoming a popular strategy. If you don't want to make much effort but do like the idea of privacy then stage 1 might be to block 3rd-party cookies and set all cookies to delete when you close your browser. Also, set up a HOSTS file to block the likes of doubleclick, googletagmanager, scorecardreseach, etc. Those steps require very little effort and do a lot to reduce tracking. Stage 2 might be to add NoScript to your privacy tools, and perhaps block 3rd-party files, which can be done in Firefox. (Note, however, that blocking 3rd-party is becoming problematic because many commercial sites use several servers that are all their own but are different domains. For instance, bbc.com might load images from, say, bbcimg.com.) Also, something like Secret Agent is a good idea. And there are other things you should probably do for "stage 2": Don't install Flash, block local storage AKA supercookies. If using a Mozilla browser, go through about:config and remove all URLs. Etc. Unfortunately, the more you care about privacy, the more you need to learn. There are a lot of big companies online that have lots of smart people working fulltime to come up with new ways to track you and show you ads. Just stopping Google from tracking nearly every site you visit requires careful efforts. An interesting thing to try if you're curious would be to approach it from the opposite side: Search for information about how to identify website visitors. You'll find all sorts of discussions providing tips about how to use script, Google services, etc in order to discover information about website visitors. That, in turn, will provide guidance about how to protect your privacy. Thanks. Last time I remember editing the HOSTS file was in Linux. Where is it in Windows? |
#15
|
|||
|
|||
A browser question
Thip wrote:
VanguardLH wrote: I got rid of Chrome a while ago (took over 4 hours to clean out the file and registry remnants and Task Schedule events and startup programs). What do you use instead? I need the extensions due to physical limitations. Firefox. I switched to Google Chrome when Mozilla was making Firefox slow to load. Unlike folks that spend their whole waking time on the Web, I exit the web browser when not using it which means I load it a lot for when I do want to use it. Firefox was getting pretty slow to load. I forget which major version changed that behavior but Firefox is now a lot speedier to load. Since Firefox has already moved to the WebExtension API, a close derivative of the web API used by Blink in Google Chrome, many extension authors have ported to Firefox to have multiple platforms for their works. Firefox actually has some additional functions in its web API that are not available in Google's web API so going from Firefox to Google for an extension can mean losing functionality. That an author has not ported their Google Chrome extension to Firefox is due to them not having the current resources to do so (they'll sitting on their laurels) or they only care about focusing on the biggest marketshare of web browsing clients, especially for mobile users. https://developer.mozilla.org/en-US/...rome_extension Once Firefox got speedier to load, and because Firefox is *far* more configurable regarding privacy and security than is Chrome, I went back to Firefox. You'll have to prod those Chromium extension authors to port to Firefox (if you can get them interested). Chrome has 60% of the marketshare for web browsers, a lot of which is due to use of Android on mobile devices or boobs not doing custom installs or watching the install to NOT include a Google Chrome install when they meant to install something else. Firefox only has 8% marketshare. https://www.w3counter.com/globalstats.php I had to prod a few extension authors to speed up or even start a WE version of their Firefox add-on. Some had a legacy extension for Firefox while they had a WE extension for Chrome, so I kept prodding them to port their Chrome extension to Firefox. Submitting a review at addons.mozilla.org about a legacy add-on might get your review yanked because the author doesn't like your negativity but it does spur them to get out the WE version of their extension they claimed to have been working on. I know the NoScript author didn't like my review stating there was no WE version so he pointed me at some old Mozilla blog despite the truth of my claims that he made no announcements at this web site, in the Development section of the Mozilla add-on page, or anywhere else. Someone had to ask him in a blog and he expected users to somehow magically divine there was such a blog but it gives not details about actual development or schedule. uBlock Origin was much more informative about his hybrid-WE and WE development. If you see an extension that is legacy for Firefox but also available for Chrome, prod that author to port his Chrome extension to Firefox. If you see an extension that is available only for Chrome, prod that author to port to the compatible WE API in Firefox. That they won't evidences the intent of the author. There are extension authors that have openly declared that they will not expend additional effort to rewrite their legacy extension to convert it to a WE extension. They don't want to do the work. They have a good extension but they choose to let it stagnate. They spent the time to do all the work before but aren't doing it all over again. The same attitude can be seen of Chromium extension authors that don't want to expend the effort to port their work to lowly Firefox with its meager 8% marketshare. They're looking at the size of the userbase, not at the robustness and configurability of the web browser. [Nearly] everyone is over in the Chromium camp. They don't want to sit at the campfire with just a few nerds. They want to join the big crowd at the big campfire. Like spammers and malware, they focus on the biggest target for the biggest impact. To them, Firefox users are, um, irrelevant and unimportant. I use Firefox but I'm not stupidly going to defend my choice and my salve my ego by trying to stay blind that Google won the browser war. Most users are boobs. They only care that it works, not how it works or how to make it work better, and most don't give a gnat's fart about privacy or security. Talk to most MS Word users at work and most have only visited a few of its config screens and only because they had to. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|