Your Web browsing history is totally unique, like fingerprints (2012)

Discussion in 'privacy problems' started by MrBrian, Dec 12, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I don't have history enabled and I bet most others here don't either. What scares me here is the "browser sniffing," if a site can sniff out history, can it sniff out login cookies? For example, if you are logged into an email account or Paypal or even something less secure like a forum in one window, and a site that sniffs in another window, could it grab the login cookie and jack your account?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Can a webpage read another page's cookies?
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I never really understood this stuff. I see that Ghostery has the ability to block tracking cookies, but I thought that disabling third party cookies inside the browser was enough?
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  6. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I think the root issue would be that browsing habits... patterns... are useful for tracking/identifying individuals. IOW, you can fingerprint individuals based on what websites they visit, at what times, for how long, etc.

    That information can be read from the client side storage known as browser history. However, it can to some extent also be collected and tracked externally. By routers than see your traffic, by DNS servers, by URL checkers, by ad/analytics servers that have hooks on many websites, by CDNs that host content for many sites, etc.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Dec 13, 2014
  12. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Search for articles on the subject. History logging has moved upstream.
    At least in the USA (probably worldwide) our ISPs are logging/monitoring and hope to monetize patterns evident in our individual histories.
    I believe the status quo has become VPN + encrypted DNS... or bust.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    You don't need encrypted DNS. Just make sure that DNS lookup is done through the VPN, ideally by the VPN's DNS proxy, which has a private (non-routable) VPN tunnel IP.
     
  14. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    How about:
    Even in the absence of your browsing history, your typing habits
    ( each time you use the conveniently-provided inbuilt autocomplete functionality of the browser's AWESOMEbar )
    are totally unique, like DNA
     
  15. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    Isn't that basically a distinction without a difference?
     
  16. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    No, I believe the poster was referring to DNSCrypt as encrypted DNS. I likewise don't see a point to using DNSCrypt with OpenVPN
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    If you're routing DNS lookups through the VPN, it might be more secure to use DNSCrypt with suitable DNS servers, rather than using the VPN provider's DNS proxy. But it does bring third-party DNS servers into the mix. Which is best depends on how your VPN provider handles DNS security.

    However, just using DNSCrypt without routing DNS lookups through the VPN, you're clearly bringing a third party into the mix. In that case, both the VPN provider and DNS servers know your IP address, and see what websites you visit. That's clearly less secure than routing DNS lookups through the VPN.
     
  18. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    My earlier post contained a typo (omission). What I had intended to type was: VPN or httpsEverywhere + encrypted DNS
    Said differently:
    connect via a VPN, else employ httpsEverywhere + encrypted DNS in order to thwart history fingerprinting/profiling by ISP.
    In any event, I'll defer to mirmir's expertise on the subject.

    mirmir, about "bringing a third party into the mix" I hear ya, but some VPN providers are touting encrypted DNS as a separate, value-added, feature of their service.
    Example: goldenfrog.com/vyprvpn/features/vyprdns
     
  19. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I use Sandboxie and I delete the sandbox after every session. If I login to my yahoo account that is attached to my facebook account, I delete the sandbox and I have Eraser configured to wipe everything. So there is nothing to be read when I open the sandboxed browser again and login to another site.
     
Loading...