Skip to main content

What are the Web related leakage | What is Web related leakage

Web related leakage

Your web browser leaks a frighteningly large amount of information about you. For example, even after you protect yourself by concealing your IP address through Tor, it is still possible for someone to use a Java program to obtain your actual source IP and hostname. And this is only the beginning. An excellent test utility to test all the different types of information that can be obtained from your browser is available at BrowserSpy. Most of these can be handled by the excellent Firefox extension NoScript. You are encouraged to test out your browser there in addition to looking over the following material.
Contents

    1 Cookies
    2 Browser User Agent And Capability Info
    3 Referrer Url
    4 Browser History
    5 Web bugs
    6 Desktop and Web Browser Extensions

Cookies

Cookies can be used to track your web usage across even a Tor session, where each connection originates from a different IP. This can be both a blessing and a curse. A blessing because if you are actually logged in, you usually won't have to keep doing so. But a curse in that if someone then obtains your computer, they can use the cookie values to prove you were at a given website at a given time. They are also extremely dangerous if you have a tendency to turn off Tor or your proxy config from time to time, and then wander back to a site that has a unique ID for you.

In particular, sites with ad banners can catch you off guard, since often they can have a small ad banner with a piece of javascript you don't notice. If they set a cookie in this banner, they can easily correlate your Tor traffic with your non-Tor traffic. For sites like these, the best thing you can do allow cookies from the originating website only in your web browser preferences window.

There also are a few Firefox extensions you can use to mitigate an arbitrary site's ability to track you via cookies. The first, Cookie Culler provides a toolbar button that allows you to purge all but selected "protected" cookies, and also provides you with the option of blocking cookies you have deleted before. Add N' Edit Cookies will allow you to search for cookies by site, modify, remove, and add them. Also useful is CookieButton, which is a handy toolbar option that allows you do access control and clear cookies for a given site right off of the toolbar. You can permanently disable cookies for entire domains, such as doubleclick.net or google.com.

Browser User Agent And Capability Info

Sometimes a very unique User Agent string (Ex: "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 RealMedia 1.1.3") can be a giveaway. How many people will have that Gecko build date combined with that version RealMedia? On Linux? The solution is the User Agent Switcher, which will allow you to set your user agent to whatever you wish (be sure to pick something common to avoid fragmenting your anonymity set). Be sure to check the "Reset User Agent When Browser Closes" option, or bad things will happen. Even still, you may find yourself stuck with a browser that doesn't want to start. In which case, you might have to edit prefs.js by hand, and remove all the lines that contain "agent".. It's been a while since this has happened for me, so perhaps they've finally gotten all the edge cases where it can exit with the wrong agent set.

As mentioned above, another possibility is a malicious site can use Javascript to detect all sorts of information about your browser. This can also be used to track you. The best defense against this is to use NoScript.

Referrer Url

Likewise, your referrer can be used to track your session path from page to page as well. In order to prevent Firefox from transmitting referrer information, go to [about:config about:config] and set network.http.sendRefererHeader to the value 0.

Tab Mix Plus can also be used to block referrer forwarding for the lifetime of any given tab. Simply right click on the tab, and go down to Permissions. The option to block referrer is there, along with several other options we will use later.

Sometimes, however, it is useful to outright lie about where you came from. For example, if you frequently visit your own blog/website by typing in the URL, those visits are distinguishable by the lack of referrer URL. In those instances, you may wish to use refspoof instead. Refspoof adds the ability to specify your referrer in a URL. For example, spoof://nytimes.com;ref://google.com connects you to the New York Times, making them think you came from google.


Browser History

This should be obvious. Delete your browser history, cache, cookies and other personal information after doing sensitive things. A frightening javascript hack] can actually reveal if you have been to select sites, which can be used to fingerprint you. The best way to deal with this is to run NoScript.

Web bugs

A common technique (used by the FBI and others) to discover someone's identity is to send them an email with an image or some other document attribute that their email client or browser will attempt to load. Usually, this image will be located on a server that the sender controls, which means they will then have your IP address once your browser makes the connection. Of course, for normal images, these will obey your proxy settings. However, note that even using Tor is sometimes insufficient. Make sure your proxy settings have an entry for FTP, especially.

You need to be particularly careful about Java plugins. Have a look at this clever java applet that turned up at this odd website. This is an improvement on previous Java bugs in that it is able to select one of several potential ways to make an external internet connection and bypass your proxy settings based on capability information provided by the JVM. Even if the JVM has been secured (most, including Sun's, are not), it can still query the local interface of your machine and get the IP address without even making an internet connection. It then submits results back to the server that served the applet. In the case where the JVM is not secure, the JVM will IGNORE YOUR PROXY SETTINGS AND MAKE A DIRECT CONNECTION TO THE ORIGINAL WEBSITE.

You basically have two options when dealing with web bugs of this nature. One is to install the NoScript Firefox Extension, which allows you to whitelist Java, Javascript, and Flash objects on an as-needed basis. This is the recommended option, as it covers all your bases all the time unless you say so. The one downfall is that if you enable permissions on a site, you enable it for everything. This means that if you enable Javascript for your email provider (most don't work too well without it), and they do not scrub HTML properly, someone could still feed you this Java applet. According to the NoScript Website, the ability to split permissions for Java from Javascript is being developed for an upcoming release. Your best bet until then is to globally disable Java from your Firefox preferences.

The other option is to use Tab Mix Plus tab permissions to disable plugins on the current tab (right click on the tab). You get finer granularity here, but your choice only persists in the current tab. This is annoying and easy to forget.

Also be aware that some media objects can reveal your IP address, depending on how the plugin was written. On Windows, I have tested Windows Media Player, Realplayer, Quicktime, and Flashplayer. Of those, I have discovered that only Realplayer did not honor proxy settings, since it launched an entirely new application. I have tested mplayer-plugin and Flash on Linux, and unfortunately the mplayer plugin does not obey browser proxy settings (but does obey the http_proxy environment variable). In general, the best way to determine if a plugin/media type is obeying your proxy settings is to use [www.wireshark.org/about.html Wireshark] to watch network traffic. The display filter 'tcp.port == 80 or tcp.port == 443 can make it easier to find traffic that is bypassing Tor, though note that some media apps will use other ports and possibly even UDP.

Desktop and Web Browser Extensions

The major threat with web browser extensions and desktop plugins is that they will transmit a unique user id over the same Tor circuit that you happen to be using to anonymously access a website. Weather monitoring extensions are particularly dangerous because they can transmit zip codes or even address information to retrieve local weather conditions. Likewise for link collection services such as delicious, stumbleupon, and flickr.

It is also possible to install a malicious Firefox extension to track your whereabouts on the web. The most surefire way to watch for this is to manually view the Extensions.rdf file in your extensions directory under your Firefox profile. Each cryptically named subdirectory of the extensions directory should have an entry in the RDF file. Make sure that the plugin name is something you remember installing.. 

Comments

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colle...

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren...

Copilot - Microsoft is gearing up to introduce its AI companion

 Microsoft is gearing up to introduce its AI companion, Copilot, this upcoming fall season. The highly-anticipated rollout is scheduled for September 26, with Copilot poised to seamlessly integrate with various Microsoft services, including Windows 11 and Microsoft 365. Additionally, enterprise customers can look forward to the availability of a new AI assistant, Microsoft 365 Chat, starting in November. Copilot, described by Yusuf Mehdi, Corporate Vice President and Consumer Chief Marketing Officer at Microsoft, as an "everyday AI companion," aims to make your daily workflow smoother and more efficient. Its primary goal is to embed an AI-powered "copilot" within Microsoft's most popular products, ensuring widespread accessibility. What distinguishes Copilot from other AI assistants is its focus on integration. Rather than operating in isolation within specific applications, Copilot promises a seamless user experience across multiple Microsoft products. This com...