Domain: dephormation.org.uk
Stories and comments across the archive that link to dephormation.org.uk.
Comments · 19
-
Re:It guessed mine wrong
Me too.
I tried Browserprint twice just now. Each time, it gave a different browser, none of which were correct. In one case, it even responded that I was using a Mac; but I am using a Windows PC.
How did I defeat it? It was simple. I have Secret Agent from https://www.dephormation.org.u... installed.
Browserprint is not new. I first tried Browserprint almost a year ago. I have also tried Panopticlick several times. Secret Agent always defeats the attempt to identify my browser.
-
Palemoon and some addons solve all lifes problems.
Palemoon + Addons:
Cookie Monster - https://addons.mozilla.org/en-...
RequestPolicy - https://addons.mozilla.org/en-...
NoScript - https://addons.mozilla.org/en-...
Secret Agent - https://www.dephormation.org.u...
No java, no flash. Good luck finger printing that. -
Test More Than Once
Visit the test Web site more than once. If subsequent visits indicate that you remain unique -- that you are the only one out of all visits including your own prior visits -- then you are somewhat safe from tracking. Even better is when it reports inconsistent results from several visits within a short period of time. I did that, and the report was that I was unique twice relative to HTTP_ACCEPT Headers. Also, the Monitor Contrast Level was not the same for two consecutive visits.
I get this result by installing the Secret Agent extension from https://www.dephormation.org.u.... Panopticlick has similar problems characterizing my browser. And various Web sites that attempt geolocation have me all over the globe.
-
Minimizing Tracking
The short answer to the original question is "Yes, they can and will track you."
However, you can making tracking very difficult. The following is what I do. This for those who use Firefox or SeaMonkey as their browser on a Windows system. NOTE WELL the exception.
1. Mark the file cookies.sqlite as read-only. For "smooth" Web browsing, I do want some cookies. To set or update them, I terminate my browser, mark cookies read-write, launch my browser to visit ONLY the Web site for which I want cookies, terminate my browser to eliminate session-only cookies, and restore the read-only setting for cookies.sqlite. Web site might act as if they were setting cookies, but those cookies are lost when I terminate my browser.
2. Disable geolocation. For all of my profiles, I insert the following into file user.js:
user_pref("geo.enabled", false);
The semi-colon (;) at the end of the line is mandatory. You can insert an adjacent comment line indicating why you did this; just begin the comment with two virgules (//).3. Install the Secret Agent extension from https://www.dephormation.org.u.... Each time I request a Web page, my outgoing Internet headers are different. Some sites that try to use those headers to determine my location have me bouncing all over the world. Every time I go to Panopticlick at https://panopticlick.eff.org/, I get a different result. Two NOTES: (1) Because some Web sites require consistent user agents as you navigate through them, I disabled the extension's capability to vary my user agent string. (2) Because Firefox now requires extensions to be signed by Mozilla and the developer of Secret Agent refuses to submit his extension for signature, this cannot be installed in Firefox. Unsigned extensions can still be installed in SeaMonkey.
-
Re:interesting
2 interesting things about panopticlick: first, they report on browser fingerprinting, which is notoriously hard to defeat.
Would it help to add some randomisation into the properties? Quick googling suggests it might be a solution, and there are some plugins: https://addons.mozilla.org/en-... https://www.dephormation.org.u... https://addons.mozilla.org/en-...
You would have to not only change the random agent though (which may hide the fact you are running Linux or 64bi-vs-32bit). The plugin string is also pretty damning -- which version of Flash you have (and additional plugins, etc). For any GNOME user, the gnome Firefox plugin is a give-away.
It would be useful if there was a extension that shows plugins to a site only on request (the gnome plugin is only important for extensions.gnome.org), Flash may be only important for a few websites of your choosing. That does not exist at the moment. -
Users Can Make Tracking Difficult
I use the Mozilla-based browser, SeaMonkey. Anyone using Firefox should also be able to do the following:
1. On my PC, I marked cookies.sqlite as read only. Web sites might think they are setting cookies, but those cookies disappear as soon as I terminate my browser. For sites where I want to keep cookies, I terminate my browser, change cookies.sqlite to read-write, start a new browser session, visit only the one site, use the Cookie Manager to delete unwanted cookies, terminate my browser, and change cookies.sqlite back to read-only.
2. I installed the AdBlock Plus extension for my browser. I do not use any of the subscription sets of filters. Instead, I create my own filters.
3. I installed the Secret Agent extension from https://www.dephormation.org.u... for my browser. This sends ever-changing request headers when I request a Web page. Each time I request a new Web page or reload the current page, the Web server thinks I am a different user. This often makes Web sites respond as if I were in a different nation.
4. I occasionally capture the response headers when I request a Web page. If I see responses from unrelated domains, I check the Web site's privacy policy. I successfully made a bank and a credit union remove hidden responses to Facebook that violated their privacy policies. For the credit union, I had to file a formal complaint with their federal regulatory agency to get a satisfactory response.
5. I often use anti-malware applications to scan for tracking cookies, deleting any that are found.
-
Broken Geolocation Is Good
I use a browser extension called Secret Agent from https://www.dephormation.org.u.... This works with Gecko-based browsers (e.g., Firefox, SeaMonkey) on Windows, Mac, and Linux systems. It sends fake HTTP headers to confuse Web servers that are trying to track my browsing activities. This causes many geolocation routines to give wrong results. I have Secret Agent set to change its faked headers on every HTTP request sent from my browser.
While composing this comment, I tested a few sites. One had me on the coast of Argentina and then (same Web site) in eastern Michigan. GeoIP thinks I am in Indonesia. Although I am indeed in southern California, JustMyIP thinks I am two counties further south. Appspot thinks I am in Palo Alto, about 350 miles north of my home. IP Address Geolocation was the closest, thinking I am in Los Angeles. I am about a five-minute walk from the Los Angeles County line but about 8 miles from the Los Angeles City limits.
Between Secret Agent and setting my cookies file to "read only", I have some limited protection from tracking.
-
Use SecretAgent
If you are using Firefox or SeaMonkey as your browser (both Mozilla-based), get the SecretAgent extension from https://www.dephormation.org.uk/SecretAgent/. Since I installed it in SeaMonkey, not only do many sites have trouble locating where I am, some sites cannot even determine on which continent I am located.
-
Re:duh..
I run Secret Agent in FF. Doesn't that accomplish basically the same thing?
-
Re: Interesting
Check out SecretAgent (for Firefox). It automatically rotates the user agent string the browser reports through a list of about 50 possibilities. Happens every time you restart the browser. Your browser may be unique today, it may be unique tomorrow, but it won't be identified as the same unique browser both times..
Actually, SecretAgent seems to rotate with every page load. And not just the user agent, but some other headers, too. I find it works best if you edit the list of possibilities to remove the ones that often display screwy (few websites are optimized for Mosaic anymore).
-
Re:Doesn't matter
That's a good point. Browser fingerprinting can definitely improve the value of whatever other information they think that they have. However, even that can be defended against if one installs the proper extensions. My personal favorites, in addition to the usual trifecta of AdBlock, NoScript and Ghostery are FireGloves (randomizes information that could otherwise be used to generate a browser fingerprint) and Secret Agent (rotates your user agent string randomly using a customizable list ala the rotating license plates on the bond cars).
-
md5sum and sha1sum not matching
Has anyone noticed that the xpi file downloaded from the Dephormation website does not agree with the values published on that website?
From my PC:
26-Aug-13 01:40 PM 497,689 SecretAgent.xpiF:\downloads>sha1sum SecretAgent.xpi
294673877b38e6044248cfd51f91542886297090 SecretAgent.xpiF:\downloads>md5sum SecretAgent.xpi
d60880a495465aa0df69c4bb3312799e *SecretAgent.xpiFrom: https://www.dephormation.org.uk/?page=2 website:
Latest version 5.21 (released 2013-04-14).
Please follow the installation instructions below carefully. Protect your right to communication privacy, security, and integrity. Stop Phorm.
MD5 Checksum: 7458753a7f54aac38e56f802fa7eb731
SHA1 Checksum: 9f12928d15eccf92bd376638097d3451f2141f09 -
Can't talk to trackers?
You're ok via custom hosts files courtesy:
---
APK Hosts File Engine 9.0++ 32/64-bit:
(Details +benefits hosts files provide are in link above)
I.E.-> Hosts do FAR more w/ less (1 file) @ a FAR faster level (ring 0/rpl0) vs redundant browser addons that slow up already slower ring 3/rpl 3 browsers as a filter for the IP stack (coded in C & load w/ OS + 1st net request & 1st resolver queried w\ 45++ yrs.of optimization): Especially cached in RAM (w/ large hosts via kernelmode diskcache subsystem or w\ small ones via native faulty w\ larger hosts files dns OS cache service (usermode slower) - saves CPU & I/O (bonus)). Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious hosts-domains serving mal-content + block spam/phish links), reliability (vs. downed DNS http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 or vs. Kaminsky vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* "Less is more" = GOOD engineering, UNLIKE Request Policy http://yro.slashdot.org/comments.pl?sid=4127345&cid=44669753 OR Secret Agent https://dephormation.org.uk/?page=81 that changes user-agent dynamically - Except hosts do it with less + via faster levels from the IP stack itself w/ less parts + ANY BROWSER (& doesn't slow your browser down but speeds it up)
APK
P.S.=> Bottom-Line: "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
.... apk
-
Re:Need someone to write a program...
There is also the anti-dephormation league
-
Re:Just a thought...
For info on countermeasures for webmasters, visit Dephormationor PhormCheck or Deny Phorm. There's a lot of material out there if you look for it, this is an issue that most of those in the know are not keen to let lie.
-
Re:Opt out a whole site?
In theory, you can opt out your site by banning *all* spidering in robots.txt (*rolls eyes*), or by emailing them and asking to be put on a black list. But you should be aware that when asking to be put on the blacklist, it seems clients from various IP addresses immediately come and spider your entire site - presumably to enable offline profiling of your visitors anyway. Most people deprecate use of site opt-out in this way - it shouldn't be your responsibility to notify Phorm that they don't have a license to use your copyright content in this way, and cooperating with them on this point will just encourage them. However, see PhormCheck or Dephormation for methods to implement a dynamic robots.txt that will just block Phorm, and no other spiders - plus various other countermeasures.
-
Firefox add-in to block Phorm
-
Re:Old Skool - Static
There is already a Firefox extension named Dephormation. It doesn't fake browsing habits it just automatically sets the Phorm 'opt-out' cookie for each page view.
-
Re:Easy Fix
I haven't had a chance to look into it properly but there appears to be a Firefox extenstion called Dephormation. The site states "But Dephormation is not a solution. It's a fig leaf for your privacy."
If you, dear reader, live in the U.K. and are with an ISP that's thinking of dealing with Phorm then take a look at Bad Phorm to see what you can do about it.