browser referral

Discussion in 'privacy problems' started by tonyjl, Dec 9, 2005.

Thread Status:
Not open for further replies.
  1. As far as I know Zone Alarm Pro will block referrers. It has passed tests for me any way on my own PC. I am not an expert though but hope this will help
     
  2. dog

    dog Guest

    Hi Rich,

    As your other questions where answered other than where the referrer option is in Opera. Preferences -> Network and uncheck "Enable Referrer logging" (It maybe unchecked by default - but I don't remember for sure)

    Steve
     

    Attached Files:

  3. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    775
    http://prefbar.mozdev.org/ is a plugin for firefox / mozilla
    that gives you a option to switch between referers whenever you like.
    So if you are going to visit an unstrusted website you can switch off,java or javascript and switch to a fake referer (browser info).

    So, you can set a fake referer to pretend as if you have another browser.

    With:
    http://www.malwarefighters.info/p.php

    You can see what kind of information is known about you whenever
    you visit a website.

    ;)
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Thanks, Steve - I missed that in looking through Preferences. I searched Opera Help for "browser referral" (this thread topic) and got nothing. Just now, searching for "referrer" brings up that Help topic! "Enable Referrer Logging" was not checked, so it must be by default in Opera, because this is the first time I've heard of this.

    It doesn't reveal much. This with "referrer logging" enabled:

    http://www.rsjones.net/img/refer_1.gif

    Does referrer logging work only when clicking on a link on a page? If I type the malwarefighter URL directly from the Wilders page, it doesn't list the last webpage:

    http://www.rsjones.net/img/refer_2.gif

    If this is so, I would assume that the 10 -12 sites that I access each day directly from my bookmarks would not show a "last page visted."

    Fortunately, the four sites that I log in w/password don't handle the URLs as you show. They don't display user name-password.

    As an example, if I copy/paste the saved URL into another window, I get this:

    http://www.rsjones.net/img/refer_3.gif
    ____________________________

    So even if that URL were cached on Google, it wouldn't do anything.

    I actually already knew that, because I had a talk with my bank a while who had a tech person explain to me how it worked.

    Mine showed a city about 90 miles from where I am.

    But even if it showed my city, would that be something to worry about?

    I'm still open to being convinced that "referrer logging" is a concern for home users with dial-up, other than being satisfied that a web site doesn't know what the last site visited of your current IP was.

    Is this more of a concern if you have a static IP?

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  5. This is unlikely to happen unless you are silly enough to do it and the website is dumb enough not to obscure the password.

    But you have a point. A few years ago, it was dangerous to click on any external link while using yahoomail (web based) .

    I found that out, when i idlely clicked on a referrer on my website. It was a yahoomail url, I couldn't tell what the password was, but the url alone gave you access to the email account. And as far as yahoomail was concerned I was the user, logged on with full access since no one else would know the url.

    These days they and most sites are smarter and the url alone is useless without the cookie. Nobody is that dumb these days to allow access to restricted pages only based on urls.

    Right Remus, that's unlikely these days. And the url itself even exposed is pointless since they probably use cookies as well to allow access or https.

    It's a privacy issue mostly as I said. Referrers have nothing to do with static or dynamic ips, it's irrelevant. Nobody says otherwise.

    Even with a static ip, they can't track you too closely, but they do know you are you and not say me instead. It's the same thing with a cookie, they don't know everything about you, but they can ensure you are the same person they are tracking.

    When some people like Rmus talk about privacy, they probably mean. being totally exposed so someone can know his home address, his full name, his mother's maiden name , the name of his cat, the number of kids he has etc.

    While other people break out into cold sweat with the idea that Paul Wilders knows they found wilders security forum by searching google with the terms "security foums".

    Then there are people who resent being tracked at all, even on an 'aggregate basis'

    That's said privacy is important.
     
  6. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    775
    What happens here on the page mentioned is that all the enviroment variables from the browser, that are available will be printed on that page.

    In some cases you'll get even more info see this (FAKE) example:.

    ---------------------------

    Here: (welcome message in your language and with your country-name)
    Our local date:13 December 2005
    Our local time:15:26:08
    your ip: 123.45.67.89
    your hostname is: tuatara.nonsense.co.uk
    your Browser: Firefox: Mozilla/5.0 (Windows; U; Windows XP; en-US; rv:1.:cool: Gecko/20051111 Firefox/1.5
    Your OS :WINDOWS XP
    BROWSER LANGUAGE : USA ENGLISH
    YOUR ACCESS PROVIDER:nonsense.co.uk
    YOUR EMAIL SMTP SERVER:smtp4.nonsense.co.uk
    YOUR EMAIL POP SERVER:pop5.nonsense.co.uk
    YOUR PRIMAIRY DNS SERVER: 194.194.5.5
    YOUR SECUNDAIRY DNS SERVER: 193.55.55.55
    YOUR NAME:Tuatara
    YOUR COUNTRY: Deutschland: Wilkommen!

    ---------------------------

    This proofs that only by visiting a website, there is a lot of information recorded.

    So, a webpage-owner can find out from which ISP from which country and
    from which unique ip you came from on what time.

    This makes it possible to know exactly who you are.

    Unless you use special anonymizer software to hide those things.
    Also your webbrowser and language is known.
    And in most cases the last webpage you have visited BEFORE you came
    to the website.

    If tracking cookies are used, perhaps even more info is available.

    Also it is possible to see if Java, or javascript or Active-X is enabled.

    With the same page (or others simular) you can see if your
    anonymous proxy is working or not etc.
     
  7. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
    Hi all :)

    Just to add another FF option into the mix: PrefButtons http://www.extensionsmirror.nl/index.php?showtopic=86

    Once the extension is installed simply right click on the toolbar and select customize (or go to View>Toolbar>Customize). Then drag the 'send referer' option onto the toolbar. Just check/uncheck as required.

    Edit: Just came across this one as well, clearly a growth industry hehe: http://www.extensionsmirror.nl/lofiversion/index.php/t2595.html

    This operates from the context/right click menu rather than the toolbar.
     
    Last edited: Dec 13, 2005
  8. StevieO

    StevieO Guest

    Just out of interest, here's something else that blocks referrers for IE, and works with other Browsers too.


    Version 3.2 also blocks referrer fields from being passed between Web sites, thus restricting a site from knowing how you arrived.

    Please note that Cookie Crusher® requires the .Net Framework. You may obtain the Framework through this link. Please note that Cookie Crusher does not work with v2.0 of the Framework, please have 1.0/1.1 installed on the machine.

    http://www.limitsoftware.com/cookie/


    StevieO
     
  9. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    775
    This is very funny, a anti-cookie that needs the .Net Framework,

    in that case i would prefer the cookies

    Or Firefox and others, that has this feature built-in.

    BTW has this prog a live-update program needs to be installed as well?

    :D :D :D
     
  10. Thanks Snowie Good wishes to you also.
    And TAS apologies - if i picked you up wrong on the word 'hot',best wishes and tahnks for your input
     
  11. Will the ISP give the info or can they as some one told me bypass the ISP

    tuatara
    Do you mean right to your address?
     
  12. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    775
    Normally if you use the normal http protocol , then all data mentioned above
    will be send over the connection to the webserver you visit.

    So that is via your ISP, this ISP can thus see all what you are doing,
    that is if they want to, or if the have to (by law).

    Normally the website you visit and everyone who has access to your datalines ,
    like the phone or cable company or the networkspecialist
    of the company you work for, can look which websites you have visit and/or what your ip is.

    So it is also possible to create a website, like the one i've mentioned,
    with fake data (about certain subjects) to lure people, and to retreive their ip's that way.
    one of the most well-known one for the insiders is a famous cracks site
    that is run by a certain gouvernment agency.

    If you visit such a website, they will have your ip-addres and time and date
    of the vist.

    With that they can lookup who is the ip-range owner (normally your ISP)
    and force him to tell them who was using that ip on the mentioned time.

    This is done on a regular basis.
    In fact in the USA this is common, in Europe they are changing laws,
    to force ISP's to save this kind of information (all website that you have visit) for a very long time (months) even if your are not suspected of any crime.

    The anonymizers that prevent these registrations are breaking the law
    or still have logfiles.

    That last case, has proven to be true over and over again.

    The only way that you can safely transfer data, in a anonymous way
    over the Internet, is by using a very good data- crypt and hide program.

    But on the other hand, what is the problem if they know what you are doing, if it is not illegal?

    Worse is that companies, still retreive more personal data
    of persons on the Internet.

    I've seen a lot of things, over the last 5 years that
    companies can have very much personal information data,
    about a person, without that this person knows that.

    A lot of trusted programs that need Internet Access,
    send information about you home, that you would not allow
    if you knew.

    Perhaps is is time, that firewalls would not only open or close ports,
    but have more intelligent filters, on what kind of data that is transfered.
    Other then simple cookies etc.
    (crypted data, data regarding your system/files etc.)

    Did you know, that anyone that has access to the servers or datalines
    you need for your email, can read that email as well?

    At your ISP in most cases any System Admin, etc. can read your email.
    But if you are not using crypted data transfer like SSL etc.
    Anyone who has access to the datalines can do that to.
     
  13. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    No probs mate :D I knew you weren't **referring** [pun intended :p ] to me personally, and could see I did not word my post very well originally. :doubt:

    Cheers, TAS
     
  14. very good
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,794
    Hi,
    But like you said, if you're not doing anything illegal, then you shouldn't care too much. Stick to the better half of the law, keep clear of too much warez and crack, download only 18+ porn and you're ok.
    Mrk
     
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I really don't see browser refers as a problem. More than anything, all they really say is what other sites have that site linked, which tends to be important to a website's survival. I would say that blocking refers is doing more harm to the small guys with websites than it is doing you any good. Same thing with browser identification.. I, and many others, would make slightly different versions of our sites for Netscape and IE users, to ensure that everyone could see the site correctly.. as long as the browser identified itself. There are other things that are more worth worrying about. As Tautara pointed out, anyone sufficiently determined will find out that info anyway. If your're concerned with Privacy, it's more worth it to get a good anonymizing proxy.. preferably one that is run by someone in another country that's not subject to American controls.
     
  17. Well a paranoid person would worry that people using browser sniffing scripts would use it to ascertain what browser you are using so they can target to serve up browser specific exploits. :)

    But then again, there are a lot of smarter and certain (in the short run) tricks to ascertain browser indentity then just trying to look at the easily faked useragent string.
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Or they'd use a java exploit, so it wouldn't matter which browser you're using.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.