I can easily steal your privacy data. Even with disabled cookies and Javascripts.

76 respostas [Última entrada]
roboq6
Desconectado
Joined: 05/03/2013

I can easily steal your privacy data. Even with disabled cookies and Javascripts.
But because I'm a lawful person, I will not do that without your permission.
I want to warn you about tricks like this one.

Even if you will download the file with help of wget, I will know information about your IP and your Internet-provider.

DISCLAIMER: YOU WILL OPEN THE LINK AT YOUR OWN RISK. THERE ARE NO ANY GUARANTEES ON MY PART.
By clicking on the hyperlink, you confirm that you have understood and agree to my disclaimer.

Spy-link:
http://2ip.ru/member_photo/74293.gif

mYself
Desconectado
Joined: 01/18/2012

Ahh...so pity.

You sure can see some basic information as you pointed out but only if the user does not connect to Internet through a proxy server. This can be very easily circumvented by using some anonymization software like Tor, or even by using an anonymization website like Anonymouse.

Btw, can you steal my privacy data and publish it here? You have my permission.

mYself
Desconectado
Joined: 01/18/2012

And that link is just a picture of a levitating GNU:

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

IP: 209.90.238.252
Internet-provider: WorldLink
Web-browser: Firefox 10.0
OS: Microsoft Windows 7

roboq6
Desconectado
Joined: 05/03/2013

IP: 37.59.163.222
Web-browser: Firefox 10.0
OS: Microsoft Windows 7

icarolongo
Desconectado
Joined: 03/26/2011

Tor user-agent is like you using Firefox in Windows.

roboq6
Desconectado
Joined: 05/03/2013

"stop posting people's information."
No. I got permission.

IP: 192.43.244.42
Internet-provider: National Center for Atmospheric Research
Web-browser: Firefox 10.0
OS: Microsoft Windows 7

icarolongo
Desconectado
Joined: 03/26/2011

This is IP is from Tor.

This system is a Tor Router on the Tor Network

Tor user-agent is like you using Firefox in Windows.

roboq6
Desconectado
Joined: 05/03/2013

"This system is a Tor Router on the Tor Network"

How are you can get this?

mYself
Desconectado
Joined: 01/18/2012

What, the message or the anonymization?

roboq6
Desconectado
Joined: 05/03/2013

the message

icarolongo
Desconectado
Joined: 03/26/2011

Copy the IP and paste in your web browser.

roboq6
Desconectado
Joined: 05/03/2013

.

onpon4
Desconectado
Joined: 05/30/2012

That information isn't exactly private.

IP address? A server needs to know your IP address to send you anything. It's just like how you need to tell someone your physical address for them to send you a letter or a package.

Web browser? OS? Those are just something the browser reports; Midori has an easy built-in option to identify itself as the iOS browser on iOS, Firefox, and Internet Exploder. Firefox/Abrowser/Icecat has an extension that lets you change what browser/OS it identifies as.

As for ISP, I don't know where that comes from, but I don't see how it's something to worry about, either. It's like someone figuring out by observation that you drive a Toyota car, or that your house is made of bricks. It's completely irrelevant as far as your personal information goes.

roboq6
Desconectado
Joined: 05/03/2013

"That information isn't exactly private."

Different people have different opinions on this issue.

mYself
Desconectado
Joined: 01/18/2012

The server (webpage) needs your IP address to know where to forward the data (loaded webpage) to you. Without it, you won't be able to connect to Internet (practically, not technically - that means that you will be connected, but not able to visit any webpages). It's like calling your friend without knowing his/her phone number.

roboq6
Desconectado
Joined: 05/03/2013

I know, I know. But there is huge difference between the server and a human, who is not owner of the server or the site.

mYself
Desconectado
Joined: 01/18/2012

Look, the server needs your IP address to fullfill your requirement just as you require a phone number, home address, name of a person, whatever... to make a contact with people. As I mentioned, there is a way to circumvent this and that way is to use a proxy server (middle-man) for anonymization.

Proxy works in a way that you doesn't connect to the Internet directly, rather through an another computer. If you use a proxy, when you go to a website from your web browser, the browser contacts the proxy server (2nd computer), which then visits your requirested webpage, and forward the data back to your browser so it can show the webpage for you. This way, the website can only see the proxy servers' IP address, not yours. At the end, the only one who will know your real IP is the proxy server itself.

roboq6
Desconectado
Joined: 05/03/2013

I know about a proxy!

Are you not see the difference?

Somebody don't caring about proxy.
Because s/he thinks something like this:
"Only owners of the site and the server will know my IP. So, i don't need to worry about this. All right. Girls/males from a dating sites will not understand that I had fooled them about my nationality"

mYself
Desconectado
Joined: 01/18/2012

Then what's your point? You wanna send an email, which describes the technique of networking one-by-one to every existing person on the planet? People just doesn't care about it and will treat your email as spam, if the email provider's built-in spam filter doesn't automatically do that for them anyway. What the today's people care about is a good web browser and Facebook, possibly also Skype. Everything other is just some kind of science-fiction for them.

roboq6
Desconectado
Joined: 05/03/2013

IMHO, this information will be useful to people, who are afraid of personal spies much more than the Big Brother.
Like me.

mYself
Desconectado
Joined: 01/18/2012

Agree, but I doesn't think that a general computer user will be interested, nor wanting to search and read through this "highly-technical" forum topic. But more information is better than small to nothing. I think you will be more successful, if you spread the word using some social networking services, like Identi.ca or Diaspora.

In my opinion, Facebook is a much bigger threat for user privacy than all of the above stuff.

onpon4
Desconectado
Joined: 05/30/2012

And of course, if you're concerned about revealing your IP address, that's what Tor is for.

roboq6
Desconectado
Joined: 05/03/2013

By the way, final link is different:

Before:
http://2ip.ru/member_photo/74293.gif

After:
http://2ip.ru/member_files/meditate-gnu.jpg

Why?

mYself
Desconectado
Joined: 01/18/2012

It's probably some server-side redirection.

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

.

roboq6
Desconectado
Joined: 05/03/2013

"from your post I can tell that you probably use some kind of software for that"

No.

mYself
Desconectado
Joined: 01/18/2012

Sorry, I forgot what you wrote before. So, it's some kind of web-based paid service.

roboq6
Desconectado
Joined: 05/03/2013

I can use the service for free. But then, the server will display the message for my "victim":
"Your personal data was stolen"

By the way, you can register on the site by invitation, or if you have a "lucky IP".

I have "lucky IP" =)

roboq6
Desconectado
Joined: 05/03/2013

IP address: 99.108.199.123
Internet-provider:AT&T
Web-browser: Safari 4.0
OS: iOS 3.0

IP address:99.108.199.123
Internet-provider:AT&T
Web-browser:Emacs

IP address: 108.59.11.233
Internet-provider: Verizon Internet Services
Web-browser: Firefox 21.0
OS: Linux

onpon4
Desconectado
Joined: 05/30/2012

Just to be clear: those first two are bullshit. They were me using Firefox. "Emacs" isn't even an actual web browser (it's a text editor), and I was claiming to use an operating system called "Stallmanix".

mYself
Desconectado
Joined: 01/18/2012

Emacs has an extension for web browsing. Emacs isn't just a simple text editor, the manual describes it as "the extensible, customizable, self-documenting, real-time display editor."

roboq6
Desconectado
Joined: 05/03/2013

"those first two are ********"
Please, watch your language. This violates the rules of the site.

"it's a text editor"
No, it is OS ^_^

teodorescup

I am a member!

Desconectado
Joined: 01/04/2011

The only private data a browser can contain are cookies and history (OK maybe some cache).

From what you described, the only unusual thing about the service is that it shares the normal information it get from the "victim" with a third party.

Just saying...

roboq6
Desconectado
Joined: 05/03/2013

If the attacker knows the operating system and web browser, then s/he can create an exploit for the victim.

mYself
Desconectado
Joined: 01/18/2012

How? He can utilize only those exploits that are readily-available in the victim's operating system. And knowing that a victim is using MS Windows is useless because 90% of all the computer users are most likely using Windows anyway.

roboq6
Desconectado
Joined: 05/03/2013

"knowing that a victim is using MS Windows is useless"
Suppose, I'm attacker. I want to hack your web-browser. If I know the name and version of your Web browser, then this is enough to create an exploit. But some exploits are available only for Windows versions of the browser. If I know that you're using Windows, then it would be easier to choose the exploit. And I'll know to which system I need to create a Trojan virus.
Because when an exploit will be executed, it will "open gates for Trojan horse"

mYself
Desconectado
Joined: 01/18/2012

If I understand the word "exploit" correctly, you cannot create an exploit (generally a bug in the software) as it's already in the software. You can just misuse it. On Windows, you can probably make use of a universal backdoor implemented in Redmond by Microsoft itself to give them total power/control over a users' computer. GNU/Linux is much more secure, and less-likely to be attacked. The majority of trojan horses (99%) is created for Windows, because of the prevalence of this operating system.

roboq6
Desconectado
Joined: 05/03/2013

There is no absolute protection. I already have some experience of receiving root privileges with help of exploit in Linux.

mYself
Desconectado
Joined: 01/18/2012

There is: Don't use a computer! Seriously.

lembas
Desconectado
Joined: 05/13/2010

For more information, visit http://browserspy.dk/

Also check out https://panopticlick.eff.org/

roboq6
Desconectado
Joined: 05/03/2013

Thx

andrew
Desconectado
Joined: 04/19/2012

On 24/05/13 12:02, name at domain wrote:
> I can easily steal your privacy data. Even with disabled cookies and
> Javascripts.

It is terrible, yes. Unfortunately browser vendors are unlikely to fix
it anytime soon (except maybe IceCat, which is focusing on privacy).

Disabling cookies/JS is bad in a way, because it makes the web browser
even more unique.

The only good way to beat this is to use separate web browsers with
separate Tor sessions and different characteristics, and only use one
browser for revealing your identity.

Andrew.

mYself
Desconectado
Joined: 01/18/2012

I doesn't think it's neccessary to use two different sessions when using Tor. I'm using Tor/non-Tor with the same session and can toggle on/off Tor everytime it's neccessary (for Google and some other websites that are blocking public proxy addresses, based on public blacklists), and can also have a new identity whenever it's required.

kernelKurtz
Desconectado
Joined: 03/12/2013

Came in tonight on the old Mac.

Good old Little Snitch popped up: Do I want to connect to 2ip.ru?

Hell no.

End of story. You got nothin'.

I really, really wish there was an active Linux project doing that same thing. It's the main little piece of software that I haven't been able to find a good replacement for.

Probably need to hire someone to write it.

PS: And yeah, the thread should be axed. No one came here expecting or wanting their personal data, no matter how meaningless, to end up in the hands of some flaky trollish newcomer. It's not what we're here for, and it shouldn't stand.

roboq6
Desconectado
Joined: 05/03/2013

"I really, really wish there was an active Linux project doing that same thing. "

Me too. When I was Windows user, I liked "Winpooch Watchdog". http://sourceforge.net/projects/winpooch/

"End of story. You got nothin'. "
Only because you are knew about danger of 2ip.ru
But all websites(even Trisquel forum) behave like 2ip.ru Only difference is sharing the information with third party (me, for example).

"to end up in the hands of some flaky trollish newcomer."
If someone wants to remove information about his/her IP address, then I will do it.