Comments
me • September 28, 2021 10:37 AM
Me: opens the website
website: “javascript required, javascript required, javascript required, javascript required, javascript required, javascript required”
Me: laugh a lot and close the website
as far as i know the most complete one is this one: http://browserspy.dk/
it’s not a “click here to test” but it’s a list of stuff and there is sooo much stuff
Dr.Flay • September 28, 2021 11:54 AM
Perhaps you should have explained the sites better.
Looks like people are comparing it to a different type of browser tests.
Those 2 sites are not like panopticlick and others so far suggested in the comments.
Most people would use those 2 sites to check that everything is being routed via a VPN and no DNS leakage because the browser may be using a different DNS.
I use those 2 sites often, as I like to keep an eye on what DNS pool I am actually using behind the 1 IP address used by my OS or browser.
As I use DNSCrypt for OS level encrypted and authenticated DNS, I am using a dynamic and large pool of resolvers.
David Leppik • September 28, 2021 1:53 PM
Wow. Most sites can locate me to within 20 miles because of my CenturyLink DSL address. This one was over 600 miles off, placing me near CenturyLink’s corporate offices.
Weather • September 28, 2021 3:38 PM
@david
Strange but they can’t hack pass Nat ,so no spises.
jones • September 29, 2021 9:19 AM
I’ve always appreciated how EFF’s Panoptoclick describes the information browsers leak. Looks like it has a new name:
Babak • September 29, 2021 1:24 PM
uBLOCK has a WebRTC blocker in its setting
SpaceLifeForm • September 29, 2021 4:18 PM
@ ALL
Speaking of Information Leaks
DO NOT use Voice Mail or old style answering machines.
They leak Metadata and real data.
It may not be obvious, but they do leak.
You just have to think about it from the attackers perspective. Seriously, think.
It is similar to replying to a spam email to opt out from a mailing list that you never signed up for.
[I was going to point this out on squid, but there is a major hazmat spill in aisle 13, and this is related to this thread]
Clive Robinson • September 30, 2021 1:41 AM
@ SpaceLifeForm, ALL,
DO NOT use Voice Mail or old style answering machines.
Or any other “store and forward on demand” system.
They ALL,
leak Metadata and real data.
Whilst you can protect the “real” or “message” data, the “metadata” is way way harder, because you have to stop the consequences of “demand”.
Stopping the consequences of “demand” can be hard very hard if you do not plan for it. Because it’s not just “take the appropriate OpSec”, but “stick with OpSec under all occasions”. Very few humans can do that, so if as an “opponent” you create a suitable emergency[1] then you can cause the “target” to leak meta-data.
Not doing so is why “traffic analysis” can leak so much information so quickly.
One of the reasons it is so very hard can be sumed up by the “gang of criminals caught by pizza delivery” stories that occasionaly appear. Humans consume resources and that means there are at least two supply chains involved,
1, Resources in.
2, Waste out.
The first is one of the reasons “Smart Meters” are such a danger to privacy.
The second is one of the reasons people get burgled. Manufacturers advertise on the outside of transportation packaging in the same way shops do on their plastic etc bags. When you throw out those cardboard boxes, you are then advertising to criminals with eyes that you have something shiney and new worth stealing. Likewise if you’ve just gone and purchased something from a high end outlet, and you think as many do you can “show off” by walking around with the bag with the outlet name on it all you realy are doing is puting a “mug-me” sign in your hand… Similar applies to visable DIY a nice shiny new set of front door furniture tells a crook there is money to spare in the houshold, so probably lots of loot inside…
[1] It’s the underlying reason for the Australian legislation alowing law enforcment to take control of peoples communications. It’s also why back in WWII there were both “check” and “duress” codes put in agents messages.
SpaceLifeForm • September 30, 2021 2:40 AM
@ me
LOL
Is that you, Henrik ?
No https after all of these years?
Website is broken.
So I click on hxtp://browserspy.dk/blog/7/browserspydk-mentioned-in-computerorg-article
and get this:
Fatal error: Uncaught Error: Call to undefined function ereg_replace() in /home2/gemal/public_html/browserspy-dk/textpattern/plugins/rss_auto_excerpt/rss_auto_excerpt.php:43 Stack trace: #0 [internal function]: rss_auto_excerpt(Array, NULL) #1 /home2/gemal/public_html/browserspy-dk/textpattern/vendors/Textpattern/Tag/Registry.php(139): call_user_func(‘rss_auto_excerp…’, Array, NULL) #2 /home2/gemal/public_html/browserspy-dk/textpattern/lib/txplib_publish.php(559): Textpattern\Tag\Registry->process(‘rss_auto_excerp…’, Array, NULL) #3 /home2/gemal/public_html/browserspy-dk/textpattern/lib/txplib_publish.php(403): processTags(‘rss_auto_excerp…’, ‘words=”30″ over…’, NULL) #4 /home2/gemal/public_html/browserspy-dk/textpattern/lib/txplib_misc.php(3368): parse(‘\r\n\r\n\r\n\r\n<!DOCTY…') #5 /home2/gemal/public_html/browserspy-dk/textpattern/publish.php(740): parse_page('default', 'default') #6 /home2/gemal/public_html/browserspy-dk/index.php(74): textpattern() #7 {main} thrown in /home2/gemal/public_html/browserspy-dk/textpattern/plugins/rss_auto_excerpt/rss_auto_excerpt.php on line 43
hxtps://forum.avast.com/index.php?topic=252418.0
lurker • September 30, 2021 11:59 AM
@SpaceLifeForm: re abandonware
Aw, c’mon, that’s only eleven years ago. How do you deal with abandoned sites, prepaid domain reg, ditto power? Like space junk, just wait for it to burnup from old age? In these times of plague I’ve found two of my occasional visit sites up and running, but nobody home…
JonKnowsNothing • September 30, 2021 1:10 PM
@Clive
re: WWII there were both “check” and “duress” codes put in agents messages.
iirc(badly)
Eons ago, long before Delta+34s, there was a documentary about a UK-Spy mission in WW2 Europe that had the appalling statistic of 100% capture by the Germans. It went on for nearly the entire war. The final details are in sealed archives, but the implications are that someone right near the cigar smoker was the mole.
In one of the stories presented, a UK-Spy after being caught, was forced to continue his transmissions and tried to pass along the DURESS code, only to have the UK Operator key back, something to the effect:
“Oh you got that code wrong. That’s the DURESS code.
You are supposed to send the CHECK code”.
ymmv as to accuracy and whether the UK-Spy lived much longer passed the end of that exchange.
Clive Robinson • September 30, 2021 1:46 PM
@ JonKnowsNothing,
documentary about a UK-Spy mission in WW2 Europe that had the appalling statistic of 100% capture by the Germans.
It happened and it went to court in Holland after the war.
It’s detailed in Leo Marks book,
“Between Silk and Cyanide”
From Wikipedia,
“A major theme is Marks’s inability to convince his superiors in the Special Operations Executive (SOE) that apparent mistakes made in radio transmissions from agents working with or in an alike role as the Dutch resistance were their prearranged duress codes, which it transpired they were as he alleged, and which fact haunted him. SOE management, unwilling to face the possibility that their Dutch network was compromised, insisted that the errors were attributable to poor operation by the recently trained Morse code operators and continued to parachute in new agents to sites prearranged with the compromised network, leading to their immediate capture and later execution by the order of the command of Nazi Germany.”
https://en.m.wikipedia.org/wiki/Between_Silk_and_Cyanide
The book gives a lot more details and reading that part is quite harrowing. In fact other parts are as sad, SOE was realy a bunch of boy scouts sending out the girl guides on suicide missions or worse much worse.
These days we celebrate the lives of SOE agents lost in Europe to German torture. Brave as they were we should never ever forget the incompetence of the idiots in both MI6/SiS and SOE who were more interested in fighting turf wars in London than they were in ensuring those brave people actually had a chance…
Jesse Thompson • October 4, 2021 1:34 PM
@Clive Robinson
more interested in fighting turf wars in London than they were in ensuring those brave people actually had a chance
But that is the primary game mechanic of all war, and always has been. The enemy destroys your excess labor pool, you destroy their excess labor pool, and it’s super lucrative for both sides. Simultaneously you jockey for possible land and influence abroad while more importantly jockeying to solidify a power base at home and pacify the local populace to rally against an imagined foreign enemy.
During WWII the allies just happened to be (un)lucky enough to be pitted up against an enemy whose domestic atrocities were sufficiently appalling that up to a good hundred years later people would continue to agree that “the losing side was Very Evil™” and thus some would continue to have reason to believe that the same will be true the next time their government is engaged in a foreign conflict.
In reality, virtually every government is doing some damned distasteful things virtually all of the time (and I’ve got concrete data to this effect for the US, China, Russia, NK, ISIL, Iran, SA, DAE, and to a lesser extent for every other government previously part of the British empire) and 99% of sovereign warfare is just pots calling kettles black from the justification standpoint. But one of the undeniable mechanics is the premeditated decimation of the less wealthy population.
To people in power, this is approximately as shocking as clipping one’s fingernails.
disconcert8 • October 11, 2021 4:20 PM
thanks!
Of course, i still feel that the glaring hole across the spectrum is often the astounding number of certificate “authorities” and certificates that by default seem to be throwing our data all around the world even if we just want to look up the address or telephone number of some place a few blocks away.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Peter • September 28, 2021 10:02 AM
I personally like https://browserleaks.com/. Also interesting is https://arthuredelstein.github.io/tordemos/keyboard.html which shows you what JavaScript sees when pressing a key. It’s a pretty unique identifier for people like me that use the Neo 2 keyboard layout.