A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

A browser question



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old September 21st 17, 06:05 PM posted to alt.windows7.general
cameo[_2_]
external usenet poster
 
Posts: 453
Default A browser question

It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?

Ads
  #2  
Old September 21st 17, 06:56 PM posted to alt.windows7.general
s|b
external usenet poster
 
Posts: 1,496
Default A browser question

On Thu, 21 Sep 2017 10:05:58 -0700, cameo wrote:

It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?


I don't know about a unique ID, but in the past I've read messages
stating that a (Firefox) user could be identified by the add-ons he
uses, the settings (resolution for example) etc.

I've also read that users can be identified through typing or mouse
movements...

--
s|b
  #3  
Old September 21st 17, 07:19 PM posted to alt.windows7.general
David E. Ross[_2_]
external usenet poster
 
Posts: 1,035
Default A browser question

On 9/21/2017 10:05 AM, cameo wrote:
It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?


What you are describing is the browser's fingerprint. If your browser
still uses .xpi extensions, installSecret Agent from
https://www.dephormation.org.uk/index.php?page=81. This can change
the fingerprint on each HTTP(S) request.

Note that you cannot install Secret Agent on Firefox because the
developer correctly refuses to submit his extension to Mozilla for being
signed. You can install Secret Agent on SeaMonkey because that browser
does not check extensions for signatures.

--
David E. Ross
http://www.rossde.com/

Yes, George Washington, Thomas Jefferson, and other
"founding fathers" owned slaves. However, they created
a nation. Robert E. Lee, Jefferson Davis, Thomas
"Stonewall" Jackson and other "heroes" of the
Confederacy tried to tear the nation apart. Statues
and other monuments to those "heroes" of the
Confederacy actually celebrate traitors and treason.

See my http://www.rossde.com/editorials/edtl_conf_flag.html.
  #4  
Old September 21st 17, 07:35 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default A browser question

cameo wrote:

It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?


Any web page that runs Javascript can get at the IP address of the host
on which you load that web page. However, most likely you have an
intranet IP address that lots of other users employ on their own hosts
(e.g., they start with 10 or 192). That assumes you let your router
dole out an IP address from its DHCP server. If your host gets its IP
address from your ISP's DHCP server or you get a static IP address for
your host from your ISP (not an internal static IP address to your
router) then script can report what is that IP address from your ISP's
IP pool. Rather than try to determine the IP address used to connect to
a site (from the anonymizing service), they use a script to see what is
the IP address of your host.

http://whatismyipaddress.com/
http://www.myipaddress.com/show-my-ip-address/

They could then compare the IP address used to connect to their site
against the IP address the script reports to their server.

Google claimed to have removed their install-time UID (aka instance ID
aka client ID) they used to track installations back around 2010. There
are "secure" web browsers that want to claim they removed the UID so
they are more secure than Google Chrome but they neglect to tell you
that Google removed the UID a long time ago. They continue to effuse
FUD to extol a feature they have but neglect to note that it has become
irrelevant. As I recall, Chrome's UID gets removed after the fist
update of Chrome. Well, Chrome gets updated a lot so you won't have
long to wait.

The "client_ID" name-value pair was found in a text file that you could
edit, like to null/zero out the value (although few of all Chrome users
did this so doing this means you put yourself into a small populace that
helps to fingerprint you, too). The file was:

C:\Users\youracct\Local Settings\Application Data\Google\Chrome\User Data

I got rid of Chrome a while ago (took over 4 hours to clean out the file
and registry remnants and Task Schedule events and startup programs).
  #5  
Old September 21st 17, 10:21 PM posted to alt.windows7.general
PeterC
external usenet poster
 
Posts: 98
Default A browser question

On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:

On 9/21/2017 10:05 AM, cameo wrote:
It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?


What you are describing is the browser's fingerprint. If your browser
still uses .xpi extensions, installSecret Agent from
https://www.dephormation.org.uk/index.php?page=81. This can change
the fingerprint on each HTTP(S) request.

Note that you cannot install Secret Agent on Firefox because the
developer correctly refuses to submit his extension to Mozilla for being
signed. You can install Secret Agent on SeaMonkey because that browser
does not check extensions for signatures.


Hah! - can't get Secret Agent as the site blocks users of TalkTalk. I'm not
actually with TT, but the ISP uses TT's servers. I followed the link from
Pale Moon's add-ons site and was met with a message about TT doing something
'naughty' in China.
All other links that I've found refer to either the host site or PM's site.
--
Peter.
The gods will stay away
whilst religions hold sway
  #6  
Old September 22nd 17, 12:07 AM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default A browser question

"David E. Ross" wrote

| Note that you cannot install Secret Agent on Firefox because the
| developer correctly refuses to submit his extension to Mozilla for being
| signed.

Not quite true. It can be installed on older
versions. And I'm using it on FF 52 with this
setting:

xpinstall.signatures.required false

I don't think that setting is available on all
versions. It may be that I have it because 52
is an ESR version. I forget the specifics. But
it works. On the other hand, all bets are off
for anyone who decides to use the newer
webextension-only versions.


  #7  
Old September 22nd 17, 12:23 AM posted to alt.windows7.general
cameo[_2_]
external usenet poster
 
Posts: 453
Default A browser question

On 9/21/2017 4:07 PM, Mayayana wrote:
"David E. Ross" wrote

| Note that you cannot install Secret Agent on Firefox because the
| developer correctly refuses to submit his extension to Mozilla for being
| signed.

Not quite true. It can be installed on older
versions. And I'm using it on FF 52 with this
setting:

xpinstall.signatures.required false

I don't think that setting is available on all
versions. It may be that I have it because 52
is an ESR version. I forget the specifics. But
it works. On the other hand, all bets are off
for anyone who decides to use the newer
webextension-only versions.

What about the Chrome browser?

  #8  
Old September 22nd 17, 12:35 AM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default A browser question

"cameo" wrote

| What about the Chrome browser?
|

Why would you use Chrome if you care about privacy?
Google is spyware king. You could use Iron if you like
the basic browser:

https://www.srware.net/en/software_s...me_vs_iron.php

I've never used either and wouldn't touch anything
from Google, so I don't know what your options are
there. It would be wise to assume that Google is
tracking you in Chrome. They're known to collect
all information they possibly can. They're also known
to lie about it.

All this assumes that you're doing other things to
protect privacy: Block cookies, disable script or at
least use noScript. Disable telemetry, warniongs
about risky websites, geo-location functionality,
push services, etc. (Many ways of identifying you
only work with script enabled.) If you allow script,
enable cookies, and don't block all the call-home
operations, then you *are* being tracked online by
a number of entities. If they can't use script they'll
use web bug trackers.


  #9  
Old September 22nd 17, 06:01 AM posted to alt.windows7.general
cameo[_2_]
external usenet poster
 
Posts: 453
Default A browser question

On 9/21/2017 4:35 PM, Mayayana wrote:
"cameo" wrote

| What about the Chrome browser?
|

Why would you use Chrome if you care about privacy?
Google is spyware king. You could use Iron if you like
the basic browser:

https://www.srware.net/en/software_s...me_vs_iron.php

I've never used either and wouldn't touch anything
from Google, so I don't know what your options are
there. It would be wise to assume that Google is
tracking you in Chrome. They're known to collect
all information they possibly can. They're also known
to lie about it.

All this assumes that you're doing other things to
protect privacy: Block cookies, disable script or at
least use noScript. Disable telemetry, warniongs
about risky websites, geo-location functionality,
push services, etc. (Many ways of identifying you
only work with script enabled.) If you allow script,
enable cookies, and don't block all the call-home
operations, then you *are* being tracked online by
a number of entities. If they can't use script they'll
use web bug trackers.

I see. And what about the Thor browser?



  #10  
Old September 22nd 17, 10:51 AM posted to alt.windows7.general
mechanic
external usenet poster
 
Posts: 1,064
Default A browser question

On Thu, 21 Sep 2017 11:19:41 -0700, David E. Ross wrote:

On 9/21/2017 10:05 AM, cameo wrote:
It just occured me that Google's Chrome (or other browser) could
possibly identify a user who browses with an IP anonymizer, such as the
Private Internet Access (PIA) if the copy of browser carries some kind
of unique ID, such as what cell phones have (IMEI number) and that ID
was at one time linked to the real user when he/she was not using an
anonymizer. What do you think?


What you are describing is the browser's fingerprint. If your browser
still uses .xpi extensions, installSecret Agent from
https://www.dephormation.org.uk/index.php?page=81. This can change
the fingerprint on each HTTP(S) request.


It seems to change the User Agent string in a somewhat random way,
but not the fingerprint?
  #11  
Old September 22nd 17, 02:35 PM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default A browser question

"cameo" wrote

| I see. And what about the Thor browser?
|

Tor? That's a version of Firefox. I've been curious to
try that but haven't because I've heard that a lot
of sites block it because they blacklist the IPs used.
There have also been cases of Tor privacy being
compromised. That's all I know about it. Maybe
someone else has better info.

I guess it also depends on how you define privacy.
If you're trying to stay informed from inside occupied
Tibet then you have a serious reason to protect your
ID. In that case something like Tor is probably what
you need.

If you want reasonable privacy from spyware
dataminers online then you want to learn about
cookies, script, web bugs, browser setttings, etc.

If you're actually in Tibet then you'd probably want to
use both approaches. Identifying you by your actions
online is becoming a popular strategy.

If you don't want to make much effort but do like
the idea of privacy then stage 1 might be to block
3rd-party cookies and set all cookies to delete when
you close your browser. Also, set up a HOSTS file to
block the likes of doubleclick, googletagmanager,
scorecardreseach, etc. Those steps require very little
effort and do a lot to reduce tracking.

Stage 2 might be to add NoScript to your privacy
tools, and perhaps block 3rd-party files, which can
be done in Firefox. (Note, however, that blocking
3rd-party is becoming problematic because many
commercial sites use several servers that are all
their own but are different domains. For instance,
bbc.com might load images from, say, bbcimg.com.)
Also, something like Secret Agent is a good idea. And
there are other things you should probably do for
"stage 2": Don't install Flash, block local storage
AKA supercookies. If using a Mozilla browser, go
through about:config and remove all URLs. Etc.

Unfortunately, the more you care about privacy,
the more you need to learn. There are a lot of big
companies online that have lots of smart people
working fulltime to come up with new ways to track
you and show you ads. Just stopping Google from
tracking nearly every site you visit requires careful
efforts.

An interesting thing to try if you're curious would
be to approach it from the opposite side: Search for
information about how to identify website visitors.
You'll find all sorts of discussions providing tips about
how to use script, Google services, etc in order to
discover information about website visitors. That, in turn,
will provide guidance about how to protect your privacy.




  #12  
Old September 22nd 17, 02:38 PM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default A browser question

"mechanic" wrote

| https://www.dephormation.org.uk/index.php?page=81. This can change
| the fingerprint on each HTTP(S) request.
|
| It seems to change the User Agent string in a somewhat random way,
| but not the fingerprint?

It's flexible and deals with many things. Etags,
accepted headers, etc. Personally I don't change
the userAgent. Secret Agent has a very exotic list
that will make you stand out. Better to just pick a
very generic UA.


  #13  
Old September 22nd 17, 10:35 PM posted to alt.windows7.general
Thip
external usenet poster
 
Posts: 294
Default A browser question

On 9/21/2017 2:35 PM, VanguardLH wrote:

I got rid of Chrome a while ago (took over 4 hours to clean out the file
and registry remnants and Task Schedule events and startup programs).


What do you use instead? I need the extensions due to physical limitations.

  #14  
Old September 23rd 17, 12:35 AM posted to alt.windows7.general
cameo[_2_]
external usenet poster
 
Posts: 453
Default A browser question

On 9/22/2017 6:35 AM, Mayayana wrote:
"cameo" wrote

| I see. And what about the Thor browser?
|

Tor? That's a version of Firefox. I've been curious to
try that but haven't because I've heard that a lot
of sites block it because they blacklist the IPs used.
There have also been cases of Tor privacy being
compromised. That's all I know about it. Maybe
someone else has better info.

I guess it also depends on how you define privacy.
If you're trying to stay informed from inside occupied
Tibet then you have a serious reason to protect your
ID. In that case something like Tor is probably what
you need.

If you want reasonable privacy from spyware
dataminers online then you want to learn about
cookies, script, web bugs, browser setttings, etc.

If you're actually in Tibet then you'd probably want to
use both approaches. Identifying you by your actions
online is becoming a popular strategy.

If you don't want to make much effort but do like
the idea of privacy then stage 1 might be to block
3rd-party cookies and set all cookies to delete when
you close your browser. Also, set up a HOSTS file to
block the likes of doubleclick, googletagmanager,
scorecardreseach, etc. Those steps require very little
effort and do a lot to reduce tracking.

Stage 2 might be to add NoScript to your privacy
tools, and perhaps block 3rd-party files, which can
be done in Firefox. (Note, however, that blocking
3rd-party is becoming problematic because many
commercial sites use several servers that are all
their own but are different domains. For instance,
bbc.com might load images from, say, bbcimg.com.)
Also, something like Secret Agent is a good idea. And
there are other things you should probably do for
"stage 2": Don't install Flash, block local storage
AKA supercookies. If using a Mozilla browser, go
through about:config and remove all URLs. Etc.

Unfortunately, the more you care about privacy,
the more you need to learn. There are a lot of big
companies online that have lots of smart people
working fulltime to come up with new ways to track
you and show you ads. Just stopping Google from
tracking nearly every site you visit requires careful
efforts.

An interesting thing to try if you're curious would
be to approach it from the opposite side: Search for
information about how to identify website visitors.
You'll find all sorts of discussions providing tips about
how to use script, Google services, etc in order to
discover information about website visitors. That, in turn,
will provide guidance about how to protect your privacy.

Thanks. Last time I remember editing the HOSTS file was in Linux. Where
is it in Windows?


  #15  
Old September 23rd 17, 12:53 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default A browser question

Thip wrote:

VanguardLH wrote:

I got rid of Chrome a while ago (took over 4 hours to clean out the
file and registry remnants and Task Schedule events and startup
programs).


What do you use instead? I need the extensions due to physical limitations.


Firefox. I switched to Google Chrome when Mozilla was making Firefox
slow to load. Unlike folks that spend their whole waking time on the
Web, I exit the web browser when not using it which means I load it a
lot for when I do want to use it. Firefox was getting pretty slow to
load. I forget which major version changed that behavior but Firefox is
now a lot speedier to load.

Since Firefox has already moved to the WebExtension API, a close
derivative of the web API used by Blink in Google Chrome, many extension
authors have ported to Firefox to have multiple platforms for their
works. Firefox actually has some additional functions in its web API
that are not available in Google's web API so going from Firefox to
Google for an extension can mean losing functionality. That an author
has not ported their Google Chrome extension to Firefox is due to them
not having the current resources to do so (they'll sitting on their
laurels) or they only care about focusing on the biggest marketshare of
web browsing clients, especially for mobile users.

https://developer.mozilla.org/en-US/...rome_extension

Once Firefox got speedier to load, and because Firefox is *far* more
configurable regarding privacy and security than is Chrome, I went back
to Firefox. You'll have to prod those Chromium extension authors to
port to Firefox (if you can get them interested). Chrome has 60% of the
marketshare for web browsers, a lot of which is due to use of Android on
mobile devices or boobs not doing custom installs or watching the
install to NOT include a Google Chrome install when they meant to
install something else. Firefox only has 8% marketshare.

https://www.w3counter.com/globalstats.php

I had to prod a few extension authors to speed up or even start a WE
version of their Firefox add-on. Some had a legacy extension for
Firefox while they had a WE extension for Chrome, so I kept prodding
them to port their Chrome extension to Firefox. Submitting a review at
addons.mozilla.org about a legacy add-on might get your review yanked
because the author doesn't like your negativity but it does spur them to
get out the WE version of their extension they claimed to have been
working on. I know the NoScript author didn't like my review stating
there was no WE version so he pointed me at some old Mozilla blog
despite the truth of my claims that he made no announcements at this web
site, in the Development section of the Mozilla add-on page, or anywhere
else. Someone had to ask him in a blog and he expected users to somehow
magically divine there was such a blog but it gives not details about
actual development or schedule. uBlock Origin was much more informative
about his hybrid-WE and WE development.

If you see an extension that is legacy for Firefox but also available
for Chrome, prod that author to port his Chrome extension to Firefox.
If you see an extension that is available only for Chrome, prod that
author to port to the compatible WE API in Firefox. That they won't
evidences the intent of the author.

There are extension authors that have openly declared that they will not
expend additional effort to rewrite their legacy extension to convert it
to a WE extension. They don't want to do the work. They have a good
extension but they choose to let it stagnate. They spent the time to do
all the work before but aren't doing it all over again. The same
attitude can be seen of Chromium extension authors that don't want to
expend the effort to port their work to lowly Firefox with its meager 8%
marketshare. They're looking at the size of the userbase, not at the
robustness and configurability of the web browser. [Nearly] everyone is
over in the Chromium camp. They don't want to sit at the campfire with
just a few nerds. They want to join the big crowd at the big campfire.
Like spammers and malware, they focus on the biggest target for the
biggest impact. To them, Firefox users are, um, irrelevant and
unimportant.

I use Firefox but I'm not stupidly going to defend my choice and my
salve my ego by trying to stay blind that Google won the browser war.
Most users are boobs. They only care that it works, not how it works or
how to make it work better, and most don't give a gnat's fart about
privacy or security. Talk to most MS Word users at work and most have
only visited a few of its config screens and only because they had to.

 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 11:42 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.