I can easily steal your privacy data. Even with disabled cookies and Javascripts.

76 réponses [Dernière contribution]
kernelKurtz
Hors ligne
A rejoint: 03/12/2013

>Only because you are knew about danger of 2ip.ru

No, I didn't. My software asked me if I wanted to connect to some random Russian website and I said no. I had no clue what it was, I only knew I didn't need it. Until I read the first post.

>If someone wants to remove information about his/her IP address, then I will do it.

Not the point. No one should have to be dependent on your goodwill and magnanimity in the first place. That's opt-out nonsense. How about you pull it ALL down now, and if people want it reposted, then you can do that. I doubt you'll have many takers for an opt-IN to your little game.

roboq6
Hors ligne
A rejoint: 05/03/2013

"No one should have to be dependent on your goodwill and magnanimity"

Unfortunately, I did not know that I need permission to publish the data. This time, I only did it because I did not want to interrupt the experiment. That will not happen again.

mYself
Hors ligne
A rejoint: 01/18/2012

There is, just search for the word "firewall" from the "Add/Remove Applications" search box. Here is a description of a software called "Firestarter", that can be found there:

"Firestarter is a complete firewall tool for Linux machines. It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine."

(GNU/)Linux Mint also has a firewall pre-installed on the Live CD.

There is also a program called "PeerGuardian Linux" which blocks third-party organizations to keep tracking on what you're downloading from the Internet through the BitTorrent protocol. I can post instructions here on how to install it on Trisquel if there will be an interest.

kernelKurtz
Hors ligne
A rejoint: 03/12/2013

Thanks mYself. I have links saved for those two softwares, and a few others. Need to dig a little deeper on them as I have time over the summer.

My first impression was that they don't have the kind of functionality that would allow me to choose on-demand to block emerging threats like the one in this thread. But still probably good for many situations, like blocking google-analytics globally and the like.

roboq6
Hors ligne
A rejoint: 05/03/2013

How about Winpooch analog?

Darksoul71
Hors ligne
A rejoint: 01/04/2012

roboq6,

1st: IIRC there is no way to "delete" postings here, since we are watching another representation of a mailing list.

2nd: I fail to see the purpose of your posting. For me privacy data is something different than my IP and informations about my platform. No offence but any webserver I visit "finds out" those informations. Especially since many websites need to act different depending on the browser and operating system. This of course also means that "evil webservers" can mis-use this informations if exploits / security holes exist for your browser / OS used.

So what is this fuzz all about ?

Regards,
Holger

roboq6
Hors ligne
A rejoint: 05/03/2013

"we are watching another representation of a mailing list"
Then you must call the admin for help. I'm sorry.

"So what is this fuzz all about ?"

There is huge difference between the server and a human, who is not owner of the server or the site.

Somebody don't caring about proxy/Tor/VPN.
Because s/he thinks something like this:
"Only owners of the site and the server will know my IP. So, I don't need to worry about this. All right. Girls/males from a dating sites will not understand that I had fooled them about my nationality"

IMHO, this information will be useful to people, who are afraid of personal spies much more than the Big Brother. Like me.

roboq6
Hors ligne
A rejoint: 05/03/2013
roboq6
Hors ligne
A rejoint: 05/03/2013

Your IP address:
WindowsFAQ.ru

Darksoul71
Hors ligne
A rejoint: 01/04/2012

and my shoe size is 44.
who cares ?

roboq6
Hors ligne
A rejoint: 05/03/2013

This is funny. Because the post above will display IP address of current reader of forum. For example, now I see my IP-address. You will see your IP-address.

ADFENO
Hors ligne
A rejoint: 12/31/2012

Aw... Some funny quotes for my collection... Hahaha! I laugh out loud! Hahaha!

I would like to kindly ask permission from the authors (Darksoul71 and roboq6) to keep the 82nd, 83rd, 85th and 86th posts. If the posts' authors wish, I can also modify the quotes as they wish (to remove IP addresses personal names, nicknames, and such).

Best regards, ADFENO.
Have a nice day.

ADFENO
Hors ligne
A rejoint: 12/31/2012

Just now I have noticed that this posts are numbered by order of appearance in the thread, not by order of publication.

So... To make this clear, I want to ask permission for the use of the following quotes:

Darksoul71: roboq6,

Darksoul71: 1st: IIRC there is no way to "delete" postings here, since we are watching another representation of a mailing list.

Darksoul71: 2nd: I fail to see the purpose of your posting. For me privacy data is something different than my IP and informations about my platform. No offence but any webserver I visit "finds out" those informations. Especially since many websites need to act different depending on the browser and operating system. This of course also means that "evil webservers" can mis-use this informations if exploits / security holes exist for your browser / OS used.

Darksoul71: So what is this fuzz all about?

roboq6: "we are watching another representation of a mailing list". Then you must call the admin for help. I'm sorry.

roboq6: "So what is this fuzz all about ?". There is huge difference between the server and a human, who is not owner of the server or the site.

roboq6: Somebody don't caring about proxy/Tor/VPN. Because s/he thinks something like this:

roboq6: "Only owners of the site and the server will know my IP. So, I don't need to worry about this. All right. Girls/males from a dating sites will not understand that I had fooled them about my nationality"

roboq6: IMHO, this information will be useful to people, who are afraid of personal spies much more than the Big Brother. Like me.

roboq6: Your IP address: ???.???.???.???.

Darksoul71: and my shoe size is 44. who cares ?

Best regards, ADFENO.
Have a nice day.

Darksoul71
Hors ligne
A rejoint: 01/04/2012

@ADFENO: Yeah, you got my permission !

@roboq6: I did not give the permission to post my top-secret personal IP adress...the NSA / FBI / local police will raid your apartment in 20 seconds. :P

>roboq6: "we are watching another representation of a mailing list".
>Then you must call the admin for help. I'm sorry.
Not I must call the admin for help but YOU since you posted top-secret personal IP adresses....

Mate, this is so ridiculous as it can be....

roboq6
Hors ligne
A rejoint: 05/03/2013

Okay, you have my permission.

ADFENO
Hors ligne
A rejoint: 12/31/2012

Just a quick quote:

"Hey, our system is GNU+Linux or GNU/Linux, not just Linux". - One of my uncles, the first Linux user of my family. :D

Oops! I mean... The first GNU+Linux user... :D

Best regards, ADFENO.
Have a nice day.

Bruno Letat
Hors ligne
A rejoint: 05/02/2013

mouhahahahaha. Information you got is nothing but public data. I had fun with what you believe to be reality. You will probably identify my connection and show something like "safari browser" or "iphone" on gnu/linux system, and of course it is not.

roboq6
Hors ligne
A rejoint: 05/03/2013

I'm happy for you. This means you don't belong to my target audience.

onpon4
Hors ligne
A rejoint: 05/30/2012

You know, I don't know how to get this myself, so any time I need to know my public IP address, I go to a website that displays it (usually by searching "my ip address" in DuckDuckGo), and it usually shows where I am, too. Except it's always several miles off, not even close. That's what a dynamic IP address is like: it's randomish, changes all the time, and provides no useful information to anyone by itself.

The reason Facebook recording this is a problem is it doesn't just record your IP address; it also records what webpage you were visiting when it recorded your IP address, and then it links your IP address to your account whenever you log in to Facebook. It might use cookies for this purpose as well; I don't know. The point is just knowing that some guy has IP address xxx.xxx.xxx.xxx is completely meaningless. Knowing that some guy with some IP address loaded the webpage is meaningless, too.

roboq6
Hors ligne
A rejoint: 05/03/2013

"The point is just knowing that some guy has IP address xxx.xxx.xxx.xxx is completely meaningless."

Suppose that we know only three things.
1.This guy have a very-very rare name.
2.Real IP address
3.Name of the guy.

We will be able to know the city in which he lives.
Throughout the city there are not more than 10 people with the same name.
Because of this, we will be able to easy find him.

onpon4
Hors ligne
A rejoint: 05/30/2012

Er, no. Did I say that my location was reported in the right city? When I said it was several miles off, I mean it; it's not even in the same county. We're talking *dozens* of miles away from my actual location. Go ahead, go to the city/town you think I'm in by my IP address and search every house; you won't find me. The only way you can find me is if you have a huge army to search the entire state of Michigan, or if I tell you where I live.

roboq6
Hors ligne
A rejoint: 05/03/2013

Okay, this is not your case.
But I can be found thereby.

Bruno Letat
Hors ligne
A rejoint: 05/02/2013

Roboq6, you are right and even if I'm teasing with you, what you show is interesting. More generally, most people fill full of personal information inside forms, so just use a search engine and type their name for absolutely everything about them.
IP Adress is one way to confirm the location.
Best regards.

ADFENO
Hors ligne
A rejoint: 12/31/2012

The success of this "attack" (if I may call it this way) depends on the absence of privacy and security measures in the target side, and also on his decision to share, or not, personal information over the Internet.

Frankly, my computer is not that secure, mostly because I'm not that experienced using GNU+Linux systems. But anyway, the Internet modem and router are close to me, one of them has a power button, and I can easy unplug or reboot them (to get a new IP address), if I so desire.

Also, I use GNU+Linux, and I have a live operating system ready inside one USB storage device, which makes it easy for me, not to recover, but to completely remove the previous system and install it again from scratch.

Just to mention that I don't keep personal data inside the hard disk devices, and most of it is password-protected.

Also, as I am an artist, I also keep the source files (for compliance with the shared culture licenses), but they are separated from my computer's hard disk device.

Despite not using Tor, Privoxy and Anonymouse regularly. I configured my main web browser to clear history, cookies, and etc. every time I close it.

I'm still somehow worried if my practices are good enough if evaluated by more experienced people. At least for me, they are.

Best regards, ADFENO.
Have a nice day.

Mampir
Hors ligne
A rejoint: 12/16/2009

You don't need any special service or software to do this. You can easily do it with your computer and nc (netcat) – a program which is installed by default with Trisquel.

In this forum, you can embed an external images to your forum posts. With this you can see the IP-address and information send by the browser of almost all who see your post.

You can make a post like this:

Hi, all!  Let me tell you something...
<img src="http://208.80.152.201/image.png" alt="">
...

When a browser opens a web page, it sees many <img .../> codes like the one above. For every such code a browser goes and tries to download an image from the given address.

In the example post above the embedded image and it's on a computer with an IP address of 208.80.152.201. Practically all browsers will try to connect to it, even if the image doesn't really exists. If this address is of your computer, then browsers will try to connect to it and identify themselves.

You can listen for browsers trying to get an image from you computer with the command:

sudo nc -vl 80

When a computer connects to another it gives its IP address, so it can receive replies. When a browsers connects to a server it sends various information, including what kind of a browser it is. The browser identification is optional and non-essential information, but generally all browsers provide it.

When someone tries to open the image you'll receive something like this:

Connection from 208.118.235.148 port 80 [tcp/http] accepted
GET / HTTP/1.1
Host: 208.80.152.201
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20130422 Firefox/20.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive

You'll also need to configure your router for this to work, if you are behind one.

With the above information, it's hard to determine which forum user is actually assosiated with the IP-address and browser information, since many people will read the post. But its not too hard, if you are a bit creative.

Also, most people won't notice someone embedding images of some strange address.

roboq6
Hors ligne
A rejoint: 05/03/2013

Sound interesting, thank you very much!