What is Reddit's opinion of
BrowserLeaks.com?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
Do you know that every website you visit can access your battery status via JavaScript?
https://browserleaks.com/javascript
https://www.w3.org/TR/battery-status/
https://developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API
... seems like it will be removed from firefox due to privacy concerns, not sure about chrome & safari ...
Not an expert - but I'd imagine that a malicious extension could potentially be more likely detected, although I think even that could be quite a difficult problem. Check out this site for example: https://browserleaks.com/ of all the info that you leak, intentionally or no, via your browser.
Your screen resolution and browser alone are enough to identify you pretty strongly.
Check this useful tool to see how easily you can be tracked. (And that's just info your browser gives out)
Your VPN only masks your real IP. Your precise location can be determined by other means; through the geolocation API, through a WebRTC leak, or through an IPv6 leak. You should run a browser test to determine where your leak is coming from. https://tenta.com/test or https://browserleaks.com are both good.
another website to test your browser is: browserleaks.com
If you value privacy stop using Chrome browser on mobile - where you're gonna' be subject to all sorts of ads, tracking scripts and other Google bullcrap. Get FF & get addons like ADblock + Bluehell firewall.
I found a browser plugin called "Canvas Blocker". (For Firefox - there might be one for Chrome, but I don't use Chrome). It will feed websites a completely unique fingerprint on each page load. You can see it in action here. If you have the addon installed and active, you'll see a new signature load each time you refresh the page. Without it or the addon disabled, you'll see the signature stay the same. Sites can still tell what OS, browser, and IP you're coming from, but that's all they're getting. The rest is just random garbage. It'll basically just look like an army of devices behind a single IP.
>The PNG hash value is not affected so the "privacy.resistFingerprinting" tweak does not do what some people think it does.
...
>you can try it for yourself
Gladly.
Create new profile.
Result: https://i.imgur.com/6aNCLv7.png
Turn on RFP
Refresh page
Result: https://i.imgur.com/SHjy5aS.png
Those look pretty different to me...
> Citation needed.
There's nothing to cite, if you correlate the right information with the metadata of such and such IP connecting to such and such local VPN server at such and such time then yes you can narrow down a 'suspect'.
Anyway, speaking of VPNs how many of those on VPNs right now don't know that webRTC*(built into just about every popular web browser)* leaks their real IP address https://browserleaks.com/webrtc
They're not unique. They have a default value, and that default value is sometimes printed on a label on the hardware, but in many cases you can change the value.
If I were a jerk I could set my laptop's mac address to a coworker's and download porn at work to get him in trouble. HR would look at his computer and see the mac address sticker that says 01:02:03:04:05:06 and say "see? it was you!" and fire him. Stupid example, but that's the general idea.
Finding a mac address of a remote system not on the same subnet is a much different thing, because it's not inherently a part of the data the webserver sees - the browser would have to send it to them.
Browsers already send a lot more information than you might expect or prefer, and since the MAC address is most likely available to unprivileged user processes on the browser host, it's certainly technically possible that the browser could read it, either through a bug or deliberately via a plugin or policy choice.
Privacy Pro as well as AdGuard and the likes (at least on iOS) interfere with your PVPN connection and leak your DNS. U might want to test it here https://browserleaks.com/ip Choose only one of them at a time and avoid a combination of both. I learned this two years too late unfortunately.
So many sites do, not just Twatter. See https://browserleaks.com/
and poke around at what your browser's telling any site that asks for those things (what IP is, location, etc obvious stuff, but also what applications you have, and some really creepy stuff). Most people are pretty surprised by "meta data" that is able to be grabbed by every website you visit. Easy site to navigate. Skip on down to fingerprinting to see if you have unique ID. You probably do. I have a laptop and browser with UID because you don't really want to be all hidey or you'll stick out like sore thumb, draw more attention. You want to blend in a bit. SOMETIMES. But when I don't want to be tracked (most times), I have other secure browsers that don't have unique ID.
Hmmm saya pikir OP salah kasih istilah : "pake VPN" maksudnya adalah pake DNS dan "test ping" maksudnya speedtest gitu?
saya juga indihomers, pake sejak jaman modem ZTE. Setelah pindah modem nokia malah ini modem jarang respect dengan user settings untuk DNSnya. Ketika disetting di opendns/google/cloudflare selalu di bagian dnsleaks browserleaks kelihatan malah pake punya local punya indihome sendiri. Akhirnya jadi full pengguna dnscrypt. Bukan agen dnscrypt nih wkwk
gak tau masalahnya itu kompi anda sendiri atau bukan tapi coba aja pake aplikasi ini, saya pake linux, kalau windows kelihatannya lebih gampang installnya.
cat log dnscrypt, angka latencynya kelihatan ss-20211125-030157.png
For other readers here: it's worth mentioning that even the social media "share" buttons that pervade nearly every site are able to load code which can fingerprint your system configuration (based on things like browser window size, which is why TAILS and TOR recommend not changing from the default TOR window size) and report your movements across the web back to the button's site's owner (like facebook).
The EFF makes an extremely easy-to-use plugin called Privacy Badger which prevents these elements (and a few others) from automatically loading and replaces them with generic static images.
If you're not crazy enough to use uMatrix and maybe not ready to use things like uBlock Origin, I would recommend at least running the badger plugin
It opens to a default window size that is a multiple of 100x100. The biggest that your monitor and window display manager can handle, with a maximum of 1000x1000.
JavaScript can be used to get your monitor resolution. Tor Browser will lie and say that it is the same as your window size. Test this statement here.
JavaScript can be used (but is not necessary) to determine the browser's window size ...
At least when "window size" is more accurately defined as "the size of the viewport into the webpage, excluding toolbars etc." Most fingerprint testing websites will use JS to learn this, but it's possible with just CSS. As I state in that link, I'm not a web developer, but I don't imagine you can lie to CSS and expect websites to still render nicely. Best case scenario there will be wasted space.
Whatever you use, make sure to verify you aren't victim to WebRTC leaks:
WebRTC will reveal your local IP address on a network, and possibly your global IP address before you access your VPN.
Read this article about browsers. The author claims Firefox is the best, most secure browser, but that requires manually reconfiguring it. This is a place where you could make a mistake and reveal yourself. It is better to use the Tor browser, even if you aren't using the Tor network. The Tor browser can function as a regular browser, and it comes pre-configured by professionals to protect your identity.
The coveryourtracks.eff.org site doesn't show you your actual fingerprint ID, so you have to go to https://browserleaks.com/canvas and scroll down to the Your Fingerprint section, and you'll see your fingerprint ID (signature).
You shouldn't trust the test on the EEF site. Go run it in Tor and it will also tell you that you have a unique fingerprint.
Go selected a few identifiers in here - https://browserleaks.com/. For example they offer some unique IDs like you Canvas Fingerprint.
Close Firefox. You will notice that if you go back to that site you will have all new identifiers basically. Your data is basically useless if you have a new unique identifier each time you open up Firefox. Add in a VPN and it's likely going to be quite tricky for anyone to track you.
I'm sure you have tested properly to make sure that brave hasn't just figured out how to trick the EEF thing =). Maybe we should all stop using Tor?
Firefox resist fingerprinting harder than bromite and brave After enabling resist fingerprinting and tracking protection in about config Firefox gives randomised fingerprint for WebGL, canvas and changes your useragent os, timezone at https://panopticlick.eff.org Test yourself. Note down canvas signature from here https://browserleaks.com/canvas Close the browser and run the test again.
>It's really not. You don't seem to be getting what I'm trying to explain. Your normal canvas fingerprint basically fingerprints your hardware and software combinations. For a popular mass produced device, like a Macbook, that puts you in a rather large pool if you only take the canvas fingerprint.
No, I do understand, but I know how much smaller the pool is for my phone and PC. Taking a look at browserleaks, my phone's fingerprint has just 12 useragents of 316k, and mine can be narrowed to a pool of 4 android 6.0 users. My desktop has a pool of 290 useragents, mine falls into a pool of 91 win64 users. That is a tiny pool. With ~19k installs of blocker, that's much bigger than my 290 pool. Using useragent to narrow it down, if more than 91 people are randomizing on win10 x64 then I'm in a bigger pool.
I don't have an iPhone or macbook to see what they look like, so maybe the case is different for them.
The best thing to do is to use the VPN's DNS, through the VPN's encrypted tunnel. From the POV of most of the Windows stack, you are not using encrypted DNS. But in fact your ISP etc can't see your DNS traffic.
One test for "DNS leaks": https://browserleaks.com/ip and click on the "Run DNS Leak Tests" button. Your DNS requests should be coming from an address in your VPN, not in the range of your home ISP.
> an app to track and control which devices are connecting to my router, normally, my computer with the vpn on wont show up, or if it does, it will not be effected
With VPN, traffic from your computer should still turn up, just always the destination IP address should be the VPN server address, or the DNS server address (if not using your VPN's DNS).
Maybe try some test sites such as https://browserleaks.com/ip
It really depends on the website and what methods the website uses to identify the device.
It's possible it simply uses cookies, then simply creating a new web browser profile (or using incognito) would be enough to bypass it.
It's also possible that it uses clever fingerprinting techniques such as canvas fingerprint, font fingerprinting, or a combination of those like screen resolution and other factors. In that case a virtual machine could in theory confuse the website, but if they really want they can detect that you're using a VM, for example WebGL allows a website to know your graphic card vendor and if is either or not a virtual GPU.
If you are tech-minded https://browserleaks.com/ is a good website for checking the capabilities of modern web browser APIs and the INSANE amount of information a website can collect.
DISCLAIMER: I take no responsibility for anything I said, it's up to you to make a decision as websites have more and more clever ways to collect data and track users.
Other way around, it exposes your public IP address not your local IP addresses:
https://browserleaks.com/webrtc
Firefox also has the same "bug" as Chrome (it's not really a bug, because this is desirable in use-cases that involve split-tunnelling) whereby if you configure a SOCKS proxy, WebRTC doesn't go over the SOCKS proxy and it still exposes your public IP address by default.
Not an expert, but in general Firefox is decent at throwing these things off.
You need to play around with the settings, but you basically make it so that any "new" instance of Firefox you have a different fingerprint. Your data basically becomes useless at that point, because it's much more challenging from my understanding to link a fingerprint to fingerprint.
Using a few ublock, containers, and a VPN and for most people you will be reasonably good.
You can play around with stuff and see your results here - https://browserleaks.com/
Same here. Check it on browserleaks.com/ip in your browser and ipmagnet in your torrent client.
Resolved completely by turning of ipv6 temporarily before starting the vpn client:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
change =1 to =0 to reverse it after turning of the vpn client. No need to reboot or log out.
If it works, then you can set up a script e.g. "vpn+.sh" to turn on the vpn (make it executable and put it in a folder "bin" in your home directory):
#!/bin/bash
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 &&
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 &&
ip a &&
sleep 3 &&
sudo protonvpn c &&
protonvpn status
and then a second to turn it off "vpn-.sh":
#!/bin/bash
sudo protonvpn d &&
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 &&
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0 &&
ip a &&
protonvpn status
Just open the terminal and type "vpn+.sh" or "vpn-.sh"
I've been using this for months on several PCs including a RPi and it is as easy if not easier than running the client. I also set up this 3rd script to simply reconnect to the last one without going through the server choice each time:
#!/bin/bash
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 &&
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 &&
ip a &&
sleep 3 &&
sudo protonvpn r &&
protonvpn status
Edit: added ipmagnet link
>This is the first in the wild PoC of the Canvas Fingerprinting. Below you can see if the Canvas is supported in your web browser and check whether this technique can keep track of you.
check the link above and see what info your browser leaks through HTML5 canvas API
So when I use my normal browser I see these facts . . .
Canvas Support in Your Browser
Canvas (basic support) ✔ True
Text API for Canvas ✔ True
Canvas toDataURL ✔ True
Database Summary
Unique User-Agents 258561
Unique Fingerprints 7782
Your Fingerprint
Signature ✔ 65CD67DC
Uniqueness 99.93% (181 of 258561 user agents have the same signature)
This tells me they can track me (only person with this signature) 99.93% of the time (even without using my IP)
When I go to the same site with TOR
Canvas Support in Your Browser
Canvas (basic support) ✔ True
Text API for Canvas ✔ True
Canvas toDataURL ✔ True
Database Summary
Unique User-Agents 258561
Unique Fingerprints 7782
Your Fingerprint
Signature ✔ A4E1854E
Uniqueness × False (Tor Browser signature)
They only know I am using TOR in windowed mode.
When I use TOR in full screen mode I get
Canvas Support in Your Browser
Canvas (basic support) ✔ True
Text API for Canvas ✔ True
Canvas toDataURL ✔ True
Database Summary
Unique User-Agents 258561
Unique Fingerprints 7782
Your Fingerprint
Signature ✔ A4E1854E
Uniqueness × False (Tor Browser signature)
There is no difference with this test between windowed and full screen, but the TOR docs say you give away more info (screen resolution) when you are not in windowed mode.
Go here and see what it says your IP is, and what your DNS shows as
Does everything look somewhat normal? Anything stand out?
Usually this kind of thing would happen your your IP gets onto some kind of blacklist. Are you able to reboot your modem and get a new IP?
EDIT: Link might help...
Firefox Focus leaks WebRTC. Use the original Firefox with the Disable WebRTC add-on, or use Brave.
Test for yourself:
WhatsApp needs <canvas>-API access which is blocked when you set privacy.resistFingerprinting = true in about:config. Interestingly though, if you leave resistFingerprinting set to true and use CanvasBlocker with block mode (in the add-on options) set to "block readout API" (you can verify it's blocked on https://browserleaks.com/canvas), this will block the canvas API but allow the QR for WhatsApp to display.
Incognito mode will only protect you from a few of the fingerprinting methods employed by companies to track your browsing sessions.
Visit browser leaks to get an idea of some of the most common methods employed. It's quite a rabbit hole.
Try https://browserleaks.com/javascript and search for the word "plugins". Try it in both Firefox and Chrome. I don't have a real Chrome with extensions installed at the moment, so I can't test that.
Interesting.
So I followed the "Non VPN mode" instructions for Nebulo from the page you linked and when I use Nebulo in combination with Netguard it apparently changes the DNS Servers to whatever DNS provider I select in Nebulo but it also keeps using the default DNS servers of my service provider which is obviously not intended.
This doesn't happen when I use Nebulo in combination with RethinkDNS using the instructions from the same link. A bug with Netguard perhaps? Or maybe a mistake in the instructions?
I'm using this link for checking the DNS servers being used btw.
What about this statement they make: "Databases can help reveal what hardware is being used to browse the nternet. For example, it is possible to distinguish whether a user isrelying on DSL, a modem or a mobile device for connectivity. "
Reddit formatting failing yet again... it's been failing a lot recently for me, I don't have any problems with other websites.
But what are they talking about when they say databases? Are they talking about whois? I don't think it's possible to see anything about hardware from a whois? I tried looking at browserleaks.com/ip they have furthest down a section for whois. The HTTP header is able to tell if it's a mobile device or not.
Also how did they get the info underneath: IP Address Location
?
Brave adds random data to your fingerprint for every site and "session" you visit.
If you check your canvas fingerprint here on Edge in both normal and private mode, you will see that the hash is identical.
If you do the same in Brave. Open the page in both a private and normal window, you will see that the hash is different. The same is true for every site you visit. So one site might know you're coming again (not sure if it changes every now and when. Not tested), but they have no way to share that data with others, as the fingerprint has changed.
It's kinda like Apples new "no track" feature, besides this just gives a random fingerprint, while Apple give non to the apps.
for canvas, yes. if you close brave and restart it, it'll show a different canvas. but fingerprinting is more than just canvas. eg. everything listed at https://browserleaks.com/javascript i’m not aware aware of any reliable way to protect against that on brave. the best way would be to use tor, which would give out fake or generic info.
I agree, the article is not great.
however, some of the article's source is actually amazing:
The problem with your answer, as with almost all the others in this terrible terrible thread is that most people are (as this thread proves) completely unaware of wifi scanning for geo location and how it can be integrated in apps and not just browsers. Also, and more importantly, wifi scanning completely bypasses all mitigations that you and others here have mentioned.
So unfortunately no, an answer that does not (like the article) explain what geolocation api is, how it uses wifi scanning which bypasses all other countermeasures... including VPN use... does not at all answer the question.
no, brave is not better than firefox with privacy.resistFingerprinting on
you can see at https://browserleaks.com/javascript that brave reveals way more real information than firefox
for more info on what privacy.resistFingerprinting does,
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
if you check https://browserleaks.com/canvas you can see that tor and firefox with privacy.resistFingerprinting on both randomize on every reload
and checking https://browserleaks.com/javascript shows that brave reveals your real resolution, your real browser window size, your real time zone, and maybe some other real information about your device
aside from randomizing your canvas, tor and privacy.resistFingerprinting does a lot more to protect against fingerprinting
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
Jesus Christ, I said iirc. No need to escalate to accusations of intentionally spreading FUD, that's just dickish. Relax yourself.
JavaScript can be used to discover the public IP address via WebRTC, which runs off JavaScript.
Among many other nice things, privacy.resistFingerprinting spoofs your screen resolution to the size of your viewport, with which it's possible to narrow down your desktop environment and therefore OS. And this viewport size is highly unique.
For moderate privacy it's OKish to resize the window to almost maximum size, ensuring different size every session. Best result is always use one of the most common resolutions.
You can see your viewport size here: https://browserleaks.com/javascript
A los que usan proxys publicos, verifiquen en browserleaks si estan enviando la ip real,
si es cierto, instalen esta extension: WebRTC Network Limiter y en opciones de la misma, activan la última opción. (recuerden desactivarla cuando terminen, puede afectar su experiencia con multimedia en distintos sitios.)
NoScript blocks JavaScript so it seems as though it would prevent canvas fingerprinting, unless you toggle it off, though I could be mistaken. This site explains it pretty well, but you have to turn off NoScript to see what your finger print is: https://browserleaks.com/canvas
I see it like this, one of the keys of Tor Browser anonymity (a modified version of Firefox made to work on the Tor Network) is that all users appear to be equal or very similar (different OS, Screen size and Fonts are the only difference in the headers) to the server that they're visiting, this is because they have standard headers to the different OS, for ex. visit BrowserLeaks with different browsers and different computers and you're going to see lots of differences between them and what's used to fingerprint someone is what set them aside from the other users, like you can observe in Panopticlick, but all of them have different IP's and are different users but they look the same and because they are using the Tor Network the physical data on the network can't be used to fingerprint a user because nobody have a clue about traffic check eff.org, is like all of them are wearing the same mask and to me the resist Fingerprinting setting is the way of implementing this in Firefox.
Making all Data and all Users look the same is Good.
Yes, but just about every ad blocker makes your browser stand out more. Site owners can apply Javascript that's clever enough to root out which blocklists you have enabled.
Here's a site that can detect blocklists and guesses what ad blocker you're running:
https://browserleaks.com/proxy
uBlock Origin uses a lot of popular community-maintained blocklists out of the box, and it has a bunch more you can enable by selecting them in its settings. Lists for ads, tracking, etc.
Yes, but hopefully different browsers render slightly differently and the final "fingerprint" collected by the website is different. For example I checked my webGL hash on firefox and chrome, and they were different. (https://browserleaks.com/webgl).
Edit: You are right. Just opened reddit on firefox and I can see that same creepy ad. Somehow reddit knows that I am the same person even though I never use firefox.
>Fingerprint option now disguises Waterfox as Firefox 60.
>about:config/privacy.resistFingerprinting;true
Thank's for this... very important for privacy... but how I can be sure it works fine?
I just tried here:
https://browserleaks.com/canvas
and It revealated that we are 341 with same fingerprint... it worked?!?
What you're asking for is a method to change the screen resolution that is reported to a much more common screen resolution. CanvasBlocker won't do this but it does have a setting (fake readout API) that will provide a completely different signature each time you visit a webpage or refresh a specific webpage. The second link it an HTML5 canvas fingerprinting (browserleaks.com) aid that allows you to check to see if it doing what it claims. This not an answer to your query but it might be considered an alternative.
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
I thought it worked like canvas where you get a unique hash just like for canvas. When I try a webgl fingerprint I get different values for different browsers for the image hash. This image should be rendered differently depending on things like OS, browser and GPU from what I understand. This would give a lot more information than just disabling it, in my opinion.
Do you have any conflicting information?
Forgot something:
You can use browserleaks.com to find out what information your browser is leaking and how/if the above mentioned settings work correctly. Each tested 'feature' also has links to general information about it, tutorials on how to disable the 'feature' and more.
If it's trying to grab your canvas fingerprint then it's more than likely trying to fetch a bunch of other stuff too. AFAIK the Tor Browser alerts a user if a site tries to create a canvas fingerprint. See this:
You are correct that Yahoo will be able to see your IP address, as well as other information about you like your browser's user agent. It is likely that Yahoo could uniquely fingerprint you based on the information provided, especially if you have JavaScript enabled. This would allow them to track the ads you click on across browsing sessions (although I have no information either way as to if Yahoo implements browser fingerprint tracking).
More information about the types of information that could be collected by Yahoo can be found at the following websites:
https://panopticlick.eff.org/ https://amiunique.org/ https://browserleaks.com/
No. Cookies are only valid for the domain that created them. You can't read cookies of other domains. That is why all tracking software that uses cookies for tracking does it by having a site make a request(using js or an image) to the domain of the tracker. It is not possible to read the contents of a cookie of another site.
So by masquerading them as first party cookies it can't ever find out which other site you visited. Every site that uses them would get a new set of cookies. The only tracking they would be able to do would be on that 1 site.
That said, cookies aren't the only way of fingerprinting users because browsers still provide a lot of data by default. e.g. fonts, plugins, etc. See https://panopticlick.eff.org and https://browserleaks.com/
To that list I would add: make sure you use no plugins. It may not have to be that complicated though: how about just accessing the site from another device (eg: a phone or tablet) through a VPN?
Browser or hardware fingerprinting techniques might still allow the site to recognize you, though I think you're doing more than enough. You can see a list of fingerprinting tests on github. My favorite such site is browserleaks.com
Thanks for the reply, I am glad you're engaging in this discussion so as far as I'm concerned the invite still stands but of course I'm no authority haha.
I hope I was clear that I didn't know if you had an agenda or not, I don't know you or have the energy to dig into your past blog posts. I don't fancy myself a true crimes enthusiast or anything, I just got a little obsessed with this whole thing because it's so bizarre, so I don't know if you have a reputation in this online amateur sleuthing as being accurate or what. And like I said before, if I'm wrong about what you wrote and if you are right, I'll be happy about it. I'll of course apologize and hell I'll throw you one of those CamGam / Jeter Christmas Card parties in the park.
Anyway, I do think there are a couple ways to get the information you have but it would require:
- Someone at google look it up (not sure how feasible that is)
- Setting a 'trap' by sending something to that email address and having the end user open that email with an image or something in it.
- Had a copy of email headers.
From there to get that close to that location I believe the end user would have to have location services turned on and use something like this that would have had to been logged via the 'trap' too. Or its possible some of that is available via an API if you had the IP.
So I guess what I'm wondering is, what was it you turned over to the family friend? How much info had you collected? Were you ever given the IP address? Surely you must have received that IP or you wouldn't have been able to forward it to 3 more people. Can you share any of that info?
Cool idea. But, even the latest builds of it use an old version of QT 5 and an old, vulnerable version of OpenSSL. I'm assuming if you build Otter yourself you can fix that.
Also, according to here and here, Otter supports TLS up to and including 1.3. But, I don't see where to disable TLS 1.0 and 1.1.
I'm not sure if you can build a 64-bit version of Otter either. I only see 32-bit binaries. Might not matter for some though.
However, Otter does work pretty decent in practice. It's not very modern looking, but it's trying to look like Opera 12, so that's understandable. The big thing with Otter is that's it's probably not secure as it should be just for the simple case that it uses older versions of libraries.
This probably has less to do with Windscribe and more to do with outdated IP lookup databases giving the wrong city. Sometimes one site like browserleaks.com gives one location, while https://www.iplocation.net/ gives you another. My location comes back as Netherlands, which it most definitely isn't. Trying different IP lookup sites can give different answers.
They only mentioned that the solution Apple came up with (NextDNS worked together with Apple on this) will duplicate DNS, so it probably filters first and then forwards to the relay. That's why you will see both your NextDNS server and Apple's partner networks on sites like https://browserleaks.com/ip. NextDNS mentioned the solution wasn't ideal (because some features don't work, like the block page, DNS rewrites and the green status icon) and that they also proposed another one, but it's up to Apple to change.
Blocking all third party cookies for websites is very usable nowadays. It will stop other websites/domains/companies from tracking your activity tied to your account outside of their own websites. Also consider using Ublock Origin to stop tracking domains from connecting to you.
It's because Berlin Servers use M247 (exclusively?) as ISP and this ISP get blocked quite a bit by Cloudflare and flagged by Google (CAPTCHA). Frankfurt, which i sometimes use, uses M247 and DataCamp Limited. When connected to the latter i'm yet to see a single CAPTCHA or Cloudflare block. Same goes for Switzerland (that additionally also uses Hydra Communications Ltd as ISP) that i mostly use because i live in Switzerland. I have also tested other countries in EU and some in North America and had no issue so far. It seems the bad boy is M247, at least when it comes to servers located in Europe.
I usually have VPN running whenever my computer is turned on. Upon first connection i check the IP address (over time you know which one are good and which one are not) and reconnect if it's not a DataCamp connection. Then the connection runs all day (or night) smooth without any issues and this since months. Never had issues with logouts, disconnect or other problems many people seem to have.
Easy and fast way to check the ISP you are connected to is browserleaks.com and it's also good to also check for DNS leak before you use the internet. Another check would be to visit HLTV (most popular CS:GO site) which gets Cloudflare blocked 100% of the time when connected to M247, at least it does for me.
It's not the fault of Surfshark, it's just that this ISP (M247) seem to generate heavy traffic or was used and abused by others in the past.
There are 2 parts to using an iframe
1) creating the iframe and setting its src attribute 2) checking if the remote site actually allows iframes to display their content.
The 2nd reason is why you are not able to see the content. The originating site browserleaks.com is explicitly not allowing its content to be embedded on your site since there are multiple security issues like cross site scripting with embedding other site content.
TLDR: Remote site doesnt allow its content in an iframe cos of security. No way around it.
What browser are you using? tehre are a lot of things spying on you, cookies, geolocation mete data, Canvas Fingerprint Identity, etc.
Run some tests with the vpn active also Vypr has Chameleon.
Maybe a widely known fact by the tech community, but I was quite surprised. Found out about it when visiting browserleaks.com out of curiosity and saw that the appname was Netscape.
Thanks. Yes I saw the release notes of 1.38.2. Only confusing part is that I just have the extension enabled but inactive for the page. so technically speaking uBlockOrigin should not be same as disabled.
As soon as I disable the extension, error message (and webrtc check passes) goes away. I also checked few other website. As long as uBlockOrigin is active, WebRTC Test fails.
What to do after you've been banned?
- clear your cache/cookies
- use a VPN or restart your modem to get a new IP
- use a user-agent changer plugin/add-on for your browser
- if you are still banned again very fast or just paranoid, try https://browserleaks.com/ to test what still could help the reddit algorithms to connect your alt account with the banned one or use tor-browser (most anon you can get, without getting rid of javascript)
As far as i know, a mod has to report your alt-account and the reddit algo checks if some metadata (e.g. could be IP, installed fonts, display size, installed addons, OS, etc.) that your connection is leaking can be connected to the old account. The funny part is, that even if your username is point on reffering to your banned account, if your metadata does not connect it, you still should be in a safe spot since no humans at reddit check those reports.
well, so it loaded, but wasn't able to execute JS code.
if it was a specifically targeted to you type of phishing link then there could be any number of data collected just from the page load. (check out https://browserleaks.com/ for more information.) if it was just a broad attempt that required further execution for whatever reason then you're probably fine. without knowing what the intention was then there's no way to know what the level of concern should be. you could go back and forth about it all day being paranoid and worried. basically, if your OS was up-to-date and this wasn't a 0-day, specifically targeted attempt then you're probably alright.
hope that helps, don't know what else to tell ya.
You can check for DNS leaks while using the VPN: https://browserleaks.com/ip and click the "run DNS leak test" button. Yes, all requests should come from some DNS owned by the VPN. So you don't need to use encrypted DNS.
Yes and no. Fingerprinting scripts could check which filters are in use (see https://browserleaks.com/proxy). On the other hand if the script is a known tracking script in one of your additional filters and gets blocked thus blocked, the additional filters could also prevent identifying by a lot of parties.
My understanding:
some browsers give a list of extensions in the DOM, accessible to JavaScript. Go to https://browserleaks.com/javascript and scroll down to "plugins".
some tricky code can probe your browser for the effects of some extensions, to determine what extensions are present. See https://securityboulevard.com/2019/11/how-to-detect-browser-extensions-3/
It could be a user obfuscating their browser's data (or using a browser that does it by default), but the browser is still "leaking" information.
You can use WebGL to query additional information. For example, this page: https://browserleaks.com/webgl is able to correctly identify the graphics card I have in the machine I'm currently using. If you poke around the site you'll see all the different kinds of ways a little bit of javascript can detect what your browsing environment is.
It could also just be their tracker getting conflicting information--maybe they have four ways of detecting the OS, and two say Windows, one returns Linux, and the other returns a null value.
Es gibt eine Unzahl an Möglichkeiten einen Computer wiederzuerkennen. Beispiele sind installierte Schriftarten, Verhalten des Canvas-Elementes, WebRTC-Tricksereien, ...
Hier sind einige Techniken, inklusive Check ob du betroffen bist, zu finden:
If I was you I wouldn't worry too much about the results from coveryourtracks, many times I performed tests there to get the result that I was unique, only to redo the test minutes later with absolutely nothing changed and get the result that I was non-unique.
Use tools that give you more detailed results like https://browserleaks.com/ or https://amiunique.org/
Naja, wenn es um Tracking geht wäre es mir sehr lieb wenn Cookies bleiben würden.
So Zeug wie Browser-Fingerprinting ist DSGVO-Konform und beunruhigenderweise noch effektiver.
I have noticed when using browserleaks https://browserleaks.com/ip It identifies the network in the Toronto area as
ISP -> ViaNetTV Inc
City-> Sault Ste. Marie
​
Why ViaNetTV inc?
You could click various parts of https://browserleaks.com/ to see what a site can get from your browser.
Some info varies by browser type, but generally I think they can't get list of open tabs, or email address. I think on Chrome they can get extension list, on others they can't ?
u/jkadogo The only way to do it properly is by making changes in about:config i believe, there are some plugins too I guess.
WebRTC allows browsers to communicate with video and audio directly without any plugins installed. An unfortunate side effect is that your real IP is at risk to being exposed, stripping you of your anonymity. I am not sure what ublock does and what they mean by localIP.
Anyways, You can check WebRTC leaks here https://browserleaks.com/webrtc
The link doesn't mention DOMRect. So Brave get same as Firefox. I don't use brave, but if you do, you can test your fingerprint here:
DOMRect
https://browserleaks.com/rects
Canvas
https://browserleaks.com/canvas
Audio
This makes no sense. Incognito is meant for client-side avoidance of tracking cookies / localstorage across browsing sessions. You can still be fingerprinted on the server-side based on hundreds of parameters that can be used to identify you. See https://browserleaks.com/
With not-very methodical tweaking!
But often just as I've got it pretty good, I end up wanting to enable something or other for a site, and then it is back to unique again. I've got a bit more disciplined about how I do things, so that the ability for stuff to be linked to my habits is maybe a little reduced, but I think that one would have to be very disciplined all of the time with no errors to reduce it to a meaningful extent, so at best it is practice and at worst a comfort blanket to make the whole concept feel easier.
Very few people run uniqueness tests at all, so the statistics they give you will be based on that rather than all users, but it is also true that people who start trying to reduce their fingerprint are more likely to try those tests than the general population. You'll also often find that running different tests gives different results! Woo!
https://BrowserLeaks.com and https://webbrowsertools.com have a lot of tests for the types of things you might be leaking - most of them aren't for the uniqueness of those leaks, but you can combine them with things you've learned from other tests.
I will provide you the comment I posted on another post regarding Brave
> You shouldn't trust the test on the EEF site. Go run it in Tor and it will also tell you that you have a unique fingerprint.
>
>Go selected a few identifiers in here - https://browserleaks.com/. For example they offer some unique IDs like you Canvas Fingerprint.
>
>Close Firefox. You will notice that if you go back to that site you will have all new identifiers basically. Your data is basically useless if you have a new unique identifier each time you open up Firefox. Add in a VPN and it's likely going to be quite tricky for anyone to track you.
>
>I'm sure you have tested properly to make sure that brave hasn't just figured out how to trick the EEF thing =). Maybe we should all stop using Tor?
Well if you look at https://browserleaks.com/proxy there is a method to see which filters you use thus make you unique. So the more filters you add the higher the chance of you being unique compared to others. It might be right having a ton of lists to be good against trackers but not against fingerprinting!
You need to consider more than just scripts.
Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers solomos-ndss21.pdf (uic.edu)
Browser & device fingerprinting as seen here BrowserLeaks - Web Browser Fingerprinting - Browsing Privacy
and there's so more techniques which I wont go into here.
Just to give an idea of what your loosing. When you go to a website, they can if they wanted to see what DNS you're using. If the DNS matches the VPN provider - you blur with all the other users of that VPN providers server. If you use a third-party DNS at the same time as the VPN, the website sees a difference...that makes you stand out.
https://browserleaks.com/ip <-- you can use this website to test what DNS they see.
Take that a step further. So on NextDNS when you have an account you get assigned a 5 digit alphanumeric which then is used as part of the address you enter for Private DNS settings in Android. Somebody who is sniffing traffic at the exit of the VPN server, can see that address being queried. They can't see the data inside because its encrypted, but they can see the time/date you were on that VPN server. Now connect that with the data from the website and they can prove you used that VPN server at that time to go to that website.
Now that is pretty extreme - that's now in the territory of things the NSA could do if they decided to single you out and watch what you're doing. Not something normal people who just want to reduce their digital footprint should be concerned about.
DuckDuckGo does use my location when I search. For example, when I duck "hamburger" and click "maps", the hamburger places are all near me in Maryland (eastern USA). This is probably because my IP address is in Maryland.
Your VPN could be leaking DNS or they are getting location info from your browser.
Go to browserleaks.com to run some tests. It should show a UK IP and DNS addresses if your VPN is working properly, Also check your geolocation API for you browser.
> So Tor could solve this?
Yes.
Browsers provide information about your device. https://browserleaks.com is a fantastic site to research what your browser is revealing.
Tor Browser is built specifically to make all users look the same - so the information it reveals is not unique to your device.
Go to browserleaks.com/ and see if the IP reported there is that of your ISP or that of your VPN. Also look at the DNS settings. If it's that of your ISP (or public wifi), then you're not on a VPN. When doing this test, connect to a VPN endpoint in a different country so you can clearly see that you're connected from another country rather than where you actually are.
that just means that brave failed at preventing it from figuring out that it was randomized
you can compare it at
https://browserleaks.com/javascript
https://browserleaks.com/canvas
firefox with privacy.resistFingerprinting turned on gives out way less information, while still randomizing the fingerprint
well, in your example, it's more like the pool of android users using that specific version of android, using the exact same phone, using the exact same version of firefox and also lives in the same city/town
but phones are just bad for privacy in general and you can't stop your location from being tracked
https://invidious.snopyta.org/watch?v=GMIY4J8jAUc
and on an actual computer, if you don't use privacy.resistFingerprinting the odds of someone else having the same fingerprint is practically zero.
overall, using tor is still the best idea, and brave is significantly worse than privacy.resistFingerprinting
you can see at https://browserleaks.com/javascript that brave leaks way more real information
then it's best to remove edge and use firefox.
you can turn on privacy.resistFingerprinting in about:config which will not only randomize your canvas but also spoof a bunch of other things
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
if you want, you could also set webgl.disabled to true to turn off webgl
you could also install https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/ to spoof https://browserleaks.com/rects
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
Incognito doesn't really help with fingerprinting unless your browser is actively fuzzing the user agent details it gives to the page. Browser canvas fingerprinting is also a thing, so even if your browser is fuzzing user agent details, it is still be possible to identify you just by the way your device renders the webpage.
Yes, Firefox has access to Location Services, although I'm overriding that in the browser with an extension. When I visit a site like https://browserleaks.com/geo, that tool shows me the location I hope to see (not my actual home city), so it seems as though my override is working. Yet fubo still seems to be able to determine my location somehow.
I should note that the location fubo determines is over 100 miles from my actual home address, so it's not like it's getting it right. It's just getting a lot closer to me than I thought it would, based on all of the steps I've taken.
it does randomize your canvas, you can check at https://browserleaks.com/canvas and https://www.deviceinfo.me/ it also does a lot more than brave https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
i've not personally experienced any performance issues with the privacy.resistFingerprinting setting, so any issues might be theoretical?
but privacy.resistFingerprinting does much better than brave at preventing fingerprinting, if you go to https://browserleaks.com/javascript you can see that brave reveals your real timezone and your real screen resolution and window size. you can also check at https://www.deviceinfo.me/
privacy.resistFingerprinting not only randomizes your canvas, it does so much more https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
It identifies itself (the browser), not the user.
To put it simply, every website has the ability to learn several things about the browser you use. This can include your use of certain features, your adblock filter lists etc etc. So basically, they can see how your browser "behaves". And every browser behaves differently, especially one like Brave. What this means is that even if the website can't read your user agent, it can tell what browser you're using.
Example:
https://browserleaks.com/proxy
As you can see this can identify that you're using Brave filters. But the good thing about browsers like Brave and Tor, is that users don't tend to customize them and thus look the same. So the website can tell that you're a Brave user, but can't tell which Brave user you are exactly.
So, let's take a very simple example.
Scenario 1: Let's say you change your user agent to something popular like Chrome. The website can also see that you're randomizing your canvas api(Brave exclusive feature). Now the website has these 2 bits of information. So it takes the pool of all Chrome users and checks how many users also randomize the canvas api. There might be other people like you, but that number is very low.
Scenario 2: You don't change your user agent. The website sees that you're using Brave. And it also sees that you're randomizing the canvas api. Now it looks at all Brave users and checks how many of them also randomize the canvas api. And since every Brave browser does it, you're blending in with every single Brave user. So your privacy is not compromised.
I gave you an example with 2 bits of information, but websites can generally see a lot more than that. This is something that I've said countless times and I'll say it again: don't customize your browser if you want privacy.
I am running it through the config profile and it still pings Brazilian and Viena DNS servers in addition on cellular connection its leaking my ISP. I used the Adguard app to provide a ping example. It has nothing to do with my device. See it for your self https://browserleaks.com/ip
I believe they're talking about canvas fingerprinting. Gist of it is the app gives vague instructions on how to render something, like "render blue text then stretch it." Since those will all be implemented slightly differently depending on what you're using, they can use the resulting image to help identify you.
If you're using Tor, though, you should probably have Javascript blocked anyway.
Chrome, script safe, adguard, privacy badger, ublock origin, https everywhere, webrtc leak prevent, pia, protect my choises... onhan näitä ja kaikki päällä.
Oletko kokeillut mitä selain kertoo sinusta? https://browserleaks.com/
Jos muita kiinnostaa mainosten blokkaus niin 9 laitteelle on saatavissa alle 20€lla lifetime lisenssi Adguardilta, tarkempaa infoa: https://bbs.io-tech.fi/threads/hyvaet-tarjoukset-ei-keskustelua.151/page-115#post-7563825
You're right but this is the most likely cause for this specific instance with youtube imo:
https://browserleaks.com/canvas
and some combination of other fingerprinting too possibly
It'd be damn near impossible to break the cryptography Tor packets use with JS, but never say never on computers lmao
But yea I could easily get someones IP with JS idk what this troll is smoking haha he seems to be sold that JS cannot get an IP under any instance (judging from his other post)
I can't speak for the others but if you open Chrome Dev Tools with F12 then go to the Security tab, you'll see an explanation about the ciphers being used.
This will show you what is being offered and you should compare it with a working user. If the ciphers and transport are NOT the same, then something is up with whatever is serving the site. You should contact the vendor. If they are the same, you can ~likely rule it out.
Check HERE to verify what can and can not load. Compare this between the faulty and the working user. Let me know the differences you can see. I'm pretty curious.