How can I test if my browsing is anonymous?

Discussion in 'privacy technology' started by qzt, Jun 19, 2009.

Thread Status:
Not open for further replies.
  1. qzt

    qzt Registered Member

    Joined:
    Jun 14, 2009
    Posts:
    2
    I've tried a few of the privacy services. They all seem to work. Various websites report my actual ip address as being hidden. How could I test it further? How could I tell if some program, firefox extension, javascript, or something else might leaking information?

    Any suggestions?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    if you have time to spare, you can use something like wireshark to sniff traffick
     
  3. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    I have found Browserspy to be pretty complete testing what your browser reveals about you:
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Anonymous to who, that's the real question ?

    Your ISP, maybe, but reading what SteveTX, Gerard Morentzy and others " skilled in the art " have to say should enlighten you !

    Scripting etc will leak info.
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    With all due respect, I really struggle to understand why people do this. o_O It's impossible to surf totally anonymous. Maybe you can get close, really close. But if you surf, email or whatever, somebody somewhere knows who you are and where/what you're doing. Otherwise, the other end can't respond back to you with your requests.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't think most really understand that. Even with very legit, well-meaning anonymous services, they HAVE to know who you are, otherwise, how are you going to sign up for their services? Sure, you could fake your information to an extent, but unlike the days before the digital age, you're known to someone out there whether you try to hide or not.

    Does that make these services useless? No, I don't think so at all. I think the most well known services are great at what they are CAPABLE of, which is providing a sense of privacy and SOME anonymity. But, you have got to have it drilled into your head that the days of TRULY being anonymous are long over with, and then learn to adapt to that and do as much as you can.
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,099
    If you run JavaScript, then your real ip address is vulnerable. If you install Adobe Flash or SWF, you may also be vulnerable, so the best strategy when using Firefox is no plugins, no JavaScript. NoScript should be fine to run as a FF add-on.

    You should also setup your Firefox about:config to toggle the item:
    network.proxy.socks_remote_dns to true
    to help prevent DNS leaks by using the DNS service from your proxy rather than the one from your ISP or what is coded into your router.

    -- Tom
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I don't think you'd be anonymous to your ISP because you're connecting through them, but the point is some people wish to make themselves appear anonymous to the website they're connecting to. In other words, to make it look as if you're coming from somewhere else when in fact you're not.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Xerobank separates their payments from the account, using a method that, according to Steve, is not reversible.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That may be true if you are using Tor or a cheaper VPN or proxy, but it is not so with Xerobank. And It was not so with Iphantom either. And both of those services have secure DNS, and so the DNS requests are encrypted and passed on through the ISP.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    They know you are there but if you are using something like Xerobank, thay cannot see anything but an encrypted tunnel going to Xerobank. That's it.
     
  12. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Qzt, the Anonymity Checker by XeroBank may be of interest.

    Han, the fact that a website is able to return pages to your browser does not imply that the website knows who you are. If you’re using a high quality anonymous proxy or VPN service, the website only “sees” that proxy/service – not your actual IP address. Of course, if you logon to a website, then you have voluntarily relinquished your anonymity (assuming that you registered with that website using correct information about yourself). Erasing cookies is a wise step, too.

    Concerning email, it’s possible to use services such as Anonymizer Nyms to mask your identity to the recipient, for example.

    TonyW, your ISP “sees” that you are online, but it perceives that all of your internet traffic is to/from the anonymous proxy or VPN service - because it is. And, since that traffic is encrypted, the ISP can’t know the websites with which you are actually communicating, as Caspian has noted.
     
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is called privacy, not anonymity. You can't achieve anonymity with your ISP, because he knows who you are. What you can do is to have privacy, meaning that he can't see what you are sending/receiving.
     
  14. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,099
    You can't even achieve anonymity with a one-hop proxy since they will know whom you are.

    Encryption yields security, and the features of privacy are layered where the use of more are better since it increases "plausible deniability" - of which Xerobank appears to currently be the leader - counting their use of multiple features which separate a users Internet transaction from being associated with the user's real identity.

    -- Tom
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    You can't really test your browser to see if it is anonymous, you can only test it to see if you fail being anonymous. We'll be releasing an advanced test called DeAnonymizer on the first day of August.

    The thing to think about is not if you are "completely anonymous" as this is a static and imaginary state, but rather to consider your attacker and threat model. 1. What do you need to keep anonymous/protected? 2. Who would be a threat to that? 3. Who has the capability and inclination to attack?
     
  16. Xitrum

    Xitrum Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    56
    Hi SteveTX, you are in US and under very implicit communication rules of data retention and data interception and injection as revealed? How you can promise users for anonymous in the Internet when using your xerobank service even downgrade to through TOR?
    Reading around this forum and saw your promote of xerobank browser, xbmachine are great to internet anonymous even using TOR? Is it a backdoor or someway to expose users with those pieces of software, relates to your promise of the Aug 1st launch of DeAnonymizer?
     
  17. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Personally I am looking forward to this DeAnonymizer, shell see what we can come up with in our Arsenal to defeat it.
     
  18. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I am personally in the Dallas area at the moment.

    We provide the strongest anonymity network in the world, as it is multi-jurisdictional, multi-hop, no logs, anonymized user identity, multiplexed/crowding optimized fips-140 compliant machines, all running on encrypted drives with tamper detection and fail-secure design. It is not public-participation based, so it is immune to the array of threats that plague the tor network. We do not log, we do not hand over user data, and we never have. We are incorporated in Panama, and are not subject to court orders or data retention directives from US/UK/EU etc. All software is fully open-source/GPL, no backdoors.

    DeAnonymizer is a comprehensive and evolvable anonymity testing tool. The test are performed by visiting the website as you normally would through a browser, and beginning the test. It will launch a series of attempts to cause the visitor's system to leak their true IP address.
     
  19. Xitrum

    Xitrum Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    56
    Thanks SteveTX for informative materials on your service.
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  23. vondiggidy

    vondiggidy Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    8
    Couldn't you be anonymous to your ISP in a sense? Let's say you were using prepaid internet to avoid contracts/forms with your ISP.
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I presume it is wireless? Is there such a prepaid wireless internet provider? You know of course, you could never use it from your home or even have the access device turned on in your home or place the frequent, otherwise you are deanonymized.
     
  25. Beto

    Beto Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    47
    The sociopaths amongst us use other peoples computers (most go without password protection (or if protected can be found on a sticky somewhere in or around the workstation).

    The people you trust the most are the most likely to use your computer for unsavory surfing. Sad but true.

    Why are lame cliches always so right o_O
     
Loading...
Thread Status:
Not open for further replies.