can websites identify us uniquely based on browser agents?

Discussion in 'privacy problems' started by manish88123, Jul 20, 2013.

Thread Status:
Not open for further replies.
  1. manish88123

    manish88123 Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    4
    Location:
    us
    there is a lot of information that is available to a website in the form of user agent.this includes(but not limited to) your:
    1. browser type,
    2. browser version,
    3. plugins installed and their version number,
    4. windows type,
    5. screen resolution,
    6. and TIME,yes your system time(right?).
    7. More

    i mean if i think of it you can easily identify everyone based on the combination of these parameters.most scary part for me is the system time,i used to set my clock manually(not sync from time.windows.com) and when i visted a website it told me that my time is behind 42 seconds from what it should have been according to my time zone.and how many individuals would have their system clock set behind 42 seconds in my country(time zone).may be a few, but if we add other browser parameters then i think they can easily pin point me everytime i visit that site.and i am sure google can do much more than just an ordinary site.

    we can easily modify some of the information browser sends to the website but you will have to do it everytime and if you don't do it right then you will stick out as a sore thumb.

    thoughts?
    ideas to beat this(other than tor and VPN) and remain hidden in the crowd if you have a dynamic IP?
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Those are just some of the things contained in http headers. Although most of them can be spoofed or modified on the fly by web filtering apps like Proxomitron, there's another related factor that's much harder to change. Different browsers send the headers in different orders. I suspect this is by design.

    This is a lesser of 2 evils situation. A typical system reveals everything. With plugins, the version numbers can even reveal where you're vulnerable to attack if they're not totally up to date. They reveal a lot of what auto-updates on your system. In order to "blend in", your system has to do the same. The alternative is to reveal only what you want, but stand out for doing so. Choose your poison.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I don't know what it's called now....I having brain fog....what's the browser app that constantly changes your browser's metadata?

    I remember trying it and it worked as advertised. However, you need to give clearance (whitelist) your banking as just one example. Depending on the protocol they use for saving your info and "recognizing" your computer it may play havoc with that.

    .
     
  4. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i think its called "SecretAgent" and there are about 5-10 other user agent switchers on the firefox add-ons site. problem is, i read from the comments there that there is also some kind of javascript user agent check that some of these add-ons dont fix.

    i use StatBar and it has a time sync option that i use every few hours or so, not sure if that defeats anything though.

    best is probably to use the free JonDoFox or TAILS live CDs.
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    You're correct to be weary. As I mentioned here, EFF put out a great article talking about entropy and how you can be identified. Definitely check it out, and visit the link for Panopticlick's site to test your own browser.


    Use addons/extensions. We talked about browsers here, and I linked some good ones.

    If you want even more security, you can always upgrade to using VPNs and something like TOR. Or even just public computers/WiFi.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    There's also cookie blocking. I use Cookies Manager+ in Firefox to tame, for example, Youtube by blocking the cookie Visitor_Info1_Live cookie. No silly comments display nor recommended videos. It also helps I've no account with it or Google either. In conjunction with NoScript, AB+ and Ghostery, I think I've got decent browsing privacy enforcement in place.
     
  7. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i use MiniTube (free on Linux, about $10-$15 for Windows) for browsing + downloading YouTube vids. supposedly it doesn't place cookies but i'm not sure if this would help keep you more anonymous or not. i think it was using a Mozilla 5.1 user agent iirc. maybe thats common idk.
     
  8. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    This is what I read in EFF articles.
    All of that other stuff just help a little.
    Even if you use VPN or Tor, if you are going to the same sites over and over, after some time, the information in your browser can still make it easier to find you.

    When you add browser plugins to help hide yourself, even the pattern of the browser plugins you are using adds to your profile so you do not look like everybody else.

    Either you try to have a system profile that is like everybody else's, which means it is already very vulnerable to attacks, or you have a fine tune system that resists attacks but makes you look suspicious. You can not win.
     
Loading...
Thread Status:
Not open for further replies.