I can easily steal your privacy data. Even with disabled cookies and Javascripts.
I can easily steal your privacy data. Even with disabled cookies and Javascripts.
But because I'm a lawful person, I will not do that without your permission.
I want to warn you about tricks like this one.
Even if you will download the file with help of wget, I will know information about your IP and your Internet-provider.
DISCLAIMER: YOU WILL OPEN THE LINK AT YOUR OWN RISK. THERE ARE NO ANY GUARANTEES ON MY PART.
By clicking on the hyperlink, you confirm that you have understood and agree to my disclaimer.
Spy-link:
http://2ip.ru/member_photo/74293.gif
Ahh...so pity.
You sure can see some basic information as you pointed out but only if the user does not connect to Internet through a proxy server. This can be very easily circumvented by using some anonymization software like Tor, or even by using an anonymization website like Anonymouse.
Btw, can you steal my privacy data and publish it here? You have my permission.
And that link is just a picture of a levitating GNU:
.
.
IP: 209.90.238.252
Internet-provider: WorldLink
Web-browser: Firefox 10.0
OS: Microsoft Windows 7
IP: 37.59.163.222
Web-browser: Firefox 10.0
OS: Microsoft Windows 7
Tor user-agent is like you using Firefox in Windows.
"stop posting people's information."
No. I got permission.
IP: 192.43.244.42
Internet-provider: National Center for Atmospheric Research
Web-browser: Firefox 10.0
OS: Microsoft Windows 7
This is IP is from Tor.
This system is a Tor Router on the Tor Network
Tor user-agent is like you using Firefox in Windows.
.
That information isn't exactly private.
IP address? A server needs to know your IP address to send you anything. It's just like how you need to tell someone your physical address for them to send you a letter or a package.
Web browser? OS? Those are just something the browser reports; Midori has an easy built-in option to identify itself as the iOS browser on iOS, Firefox, and Internet Exploder. Firefox/Abrowser/Icecat has an extension that lets you change what browser/OS it identifies as.
As for ISP, I don't know where that comes from, but I don't see how it's something to worry about, either. It's like someone figuring out by observation that you drive a Toyota car, or that your house is made of bricks. It's completely irrelevant as far as your personal information goes.
"That information isn't exactly private."
Different people have different opinions on this issue.
The server (webpage) needs your IP address to know where to forward the data (loaded webpage) to you. Without it, you won't be able to connect to Internet (practically, not technically - that means that you will be connected, but not able to visit any webpages). It's like calling your friend without knowing his/her phone number.
I know, I know. But there is huge difference between the server and a human, who is not owner of the server or the site.
Look, the server needs your IP address to fullfill your requirement just as you require a phone number, home address, name of a person, whatever... to make a contact with people. As I mentioned, there is a way to circumvent this and that way is to use a proxy server (middle-man) for anonymization.
Proxy works in a way that you doesn't connect to the Internet directly, rather through an another computer. If you use a proxy, when you go to a website from your web browser, the browser contacts the proxy server (2nd computer), which then visits your requirested webpage, and forward the data back to your browser so it can show the webpage for you. This way, the website can only see the proxy servers' IP address, not yours. At the end, the only one who will know your real IP is the proxy server itself.
I know about a proxy!
Are you not see the difference?
Somebody don't caring about proxy.
Because s/he thinks something like this:
"Only owners of the site and the server will know my IP. So, i don't need to worry about this. All right. Girls/males from a dating sites will not understand that I had fooled them about my nationality"
Then what's your point? You wanna send an email, which describes the technique of networking one-by-one to every existing person on the planet? People just doesn't care about it and will treat your email as spam, if the email provider's built-in spam filter doesn't automatically do that for them anyway. What the today's people care about is a good web browser and Facebook, possibly also Skype. Everything other is just some kind of science-fiction for them.
IMHO, this information will be useful to people, who are afraid of personal spies much more than the Big Brother.
Like me.
Agree, but I doesn't think that a general computer user will be interested, nor wanting to search and read through this "highly-technical" forum topic. But more information is better than small to nothing. I think you will be more successful, if you spread the word using some social networking services, like Identi.ca or Diaspora.
In my opinion, Facebook is a much bigger threat for user privacy than all of the above stuff.
And of course, if you're concerned about revealing your IP address, that's what Tor is for.
By the way, final link is different:
Before:
http://2ip.ru/member_photo/74293.gif
After:
http://2ip.ru/member_files/meditate-gnu.jpg
Why?
It's probably some server-side redirection.
.
.
.
.
"from your post I can tell that you probably use some kind of software for that"
No.
Sorry, I forgot what you wrote before. So, it's some kind of web-based paid service.
I can use the service for free. But then, the server will display the message for my "victim":
"Your personal data was stolen"
By the way, you can register on the site by invitation, or if you have a "lucky IP".
I have "lucky IP" =)
IP address: 99.108.199.123
Internet-provider:AT&T
Web-browser: Safari 4.0
OS: iOS 3.0
IP address:99.108.199.123
Internet-provider:AT&T
Web-browser:Emacs
IP address: 108.59.11.233
Internet-provider: Verizon Internet Services
Web-browser: Firefox 21.0
OS: Linux
Just to be clear: those first two are bullshit. They were me using Firefox. "Emacs" isn't even an actual web browser (it's a text editor), and I was claiming to use an operating system called "Stallmanix".
Emacs has an extension for web browsing. Emacs isn't just a simple text editor, the manual describes it as "the extensible, customizable, self-documenting, real-time display editor."
"those first two are ********"
Please, watch your language. This violates the rules of the site.
"it's a text editor"
No, it is OS ^_^
I am a member!
The only private data a browser can contain are cookies and history (OK maybe some cache).
From what you described, the only unusual thing about the service is that it shares the normal information it get from the "victim" with a third party.
Just saying...
If the attacker knows the operating system and web browser, then s/he can create an exploit for the victim.
How? He can utilize only those exploits that are readily-available in the victim's operating system. And knowing that a victim is using MS Windows is useless because 90% of all the computer users are most likely using Windows anyway.
"knowing that a victim is using MS Windows is useless"
Suppose, I'm attacker. I want to hack your web-browser. If I know the name and version of your Web browser, then this is enough to create an exploit. But some exploits are available only for Windows versions of the browser. If I know that you're using Windows, then it would be easier to choose the exploit. And I'll know to which system I need to create a Trojan virus.
Because when an exploit will be executed, it will "open gates for Trojan horse"
If I understand the word "exploit" correctly, you cannot create an exploit (generally a bug in the software) as it's already in the software. You can just misuse it. On Windows, you can probably make use of a universal backdoor implemented in Redmond by Microsoft itself to give them total power/control over a users' computer. GNU/Linux is much more secure, and less-likely to be attacked. The majority of trojan horses (99%) is created for Windows, because of the prevalence of this operating system.
Seriously.
For more information, visit http://browserspy.dk/
Also check out https://panopticlick.eff.org/
Thx
On 24/05/13 12:02, name at domain wrote:
> I can easily steal your privacy data. Even with disabled cookies and
> Javascripts.
It is terrible, yes. Unfortunately browser vendors are unlikely to fix
it anytime soon (except maybe IceCat, which is focusing on privacy).
Disabling cookies/JS is bad in a way, because it makes the web browser
even more unique.
The only good way to beat this is to use separate web browsers with
separate Tor sessions and different characteristics, and only use one
browser for revealing your identity.
Andrew.
I doesn't think it's neccessary to use two different sessions when using Tor. I'm using Tor/non-Tor with the same session and can toggle on/off Tor everytime it's neccessary (for Google and some other websites that are blocking public proxy addresses, based on public blacklists), and can also have a new identity whenever it's required.
Came in tonight on the old Mac.
Good old Little Snitch popped up: Do I want to connect to 2ip.ru?
Hell no.
End of story. You got nothin'.
I really, really wish there was an active Linux project doing that same thing. It's the main little piece of software that I haven't been able to find a good replacement for.
Probably need to hire someone to write it.
PS: And yeah, the thread should be axed. No one came here expecting or wanting their personal data, no matter how meaningless, to end up in the hands of some flaky trollish newcomer. It's not what we're here for, and it shouldn't stand.
"I really, really wish there was an active Linux project doing that same thing. "
Me too. When I was Windows user, I liked "Winpooch Watchdog". http://sourceforge.net/projects/winpooch/
"End of story. You got nothin'. "
Only because you are knew about danger of 2ip.ru
But all websites(even Trisquel forum) behave like 2ip.ru Only difference is sharing the information with third party (me, for example).
"to end up in the hands of some flaky trollish newcomer."
If someone wants to remove information about his/her IP address, then I will do it.