Test the anonymity and the stealth of your browser here (http://what-is-my-ip-address.anonymous-proxy-servers.net/) (click on your IP address).

PS: How to delete a wrong post ??

Looks like I'm doing pretty well, besides using my real IP(?) and User-Agent, as well as accepting cookies.

Concerning the IP: it's a Jondo service. So even behind a triple offsore vpn, your IP will be flagged as red except if you use Jondo application (or Tor, wich is flagged as orange if I remember well).

I see.


PS: How to delete a wrong post ??

You can't, but you can report it so that one of us deletes it. :gsmile:

You can't, but you can report it so that one of us deletes it. :gsmile:

I wanted to lighten your work :smile:



Looks like I'm doing pretty well, besides using my real IP(?) and User-Agent, as well as accepting cookies.

Unlike the red flagged IP, a red flagged U.A. has some sense: All jondofox (a FF Jondo profile profile) users are sharing the same U.A., and the more your browser has the same characteristics as many others, the less your are identifiable.

they coouldn't get a referer from me and i only get "medium"?

I suppose you get a "good" when only sending referers within the site's domain. Never sending them (at all) can cause problems with sites' anti-leech protection at times.

I suppose you get a "good" when only sending referers within the site's domain. Never sending them (at all) can cause problems with sites' anti-leech protection at times.

this is supposed to be an anonymity test and not sending any referer is the best you can do in this case. no referer has to get a "good" :P

Horrible results...

Red and orange everywhere...

I have too many security holes it seems...

Atleast the jondonym software is free...Might give it a try...

Damn ! I have many bads , i will try noscript .

3 red
i guess im not protected as well :(

this is supposed to be an anonymity test and not sending any referer is the best you can do in this case. no referer has to get a "good" :P

If you go from site A to site A and send to A no referer, A is able to guess that something is wrong. Moreover, you have an anormal behavior through wich you can be distingished from other normal people. In other words, your entropy is low. To be as anonym as possible, you have to mimic the average behavior, without giving some extra information about you. Imo the best is then, with refcontrol addon, to choose block third party.



Horrible results...

Red and orange everywhere...

I have too many security holes it seems...

Atleast the jondonym software is free...Might give it a try...

Free version of Jondonym is almost as slow as Tor.

But you can try JondonFox profile: Your results will be far better, without slowing your browsing.


Notice that with Jondonym beta, you can connect to first Jondo Cascade through Tor. The data flow through Tor exit node is encrypted by your jondonym appplication, and the first Jondo cascade only know the last tor node... Very good if you are really paranoid, and really patient.

If you go from site A to site A and send to A no referer, A is able to güss that something is wrong. Moreover, you have an anormal behavior through wich you can be distingished from other normal people. In other words, your entropy is low. To be as anonym as possible, you have to mimic the average behavior, without giving some extra information about you. Imo the best is then, with refcontrol addon, to choose block third party.

that's about the definition of "security". you got a good point but letting the "don't stand out is good" policy behind for a moment not sending any referer data at all is still the best.
extras like refcontrol are nice but in this case i'd rather turn referers off completely instead of trusting some plugin. imagine you upgrade the browser and the addon is not compatible and you don't know about that and go from here to what.cd :P

Just 2 green, rest all are mostly red colored and some orange:wfrown:

What if we use aol proxy:wthink:

RefControl works great. You can set it to block all 3rd party requests, while still allowing referrers from within a site, which will give you a green on that anonymity test.

https://addons.mozilla.org/en-us/firefox/addon/refcontrol/

that's about the definition of "security". you got a good point but letting the "don't stand out is good" policy behind for a moment not sending any referer data at all is still the best.


Here I disagree. Because it's more a question of anonymity than security. If you walk in the street with a spiderman mask, you can't be immediately recognized, but you are easily traceable until your home (exceppt if you are really spiderman). If on the contrary you have almost the same face as 1000 average joe, you will be very hard to be distinguished and traced until your home.



extras like refcontrol are nice but in this case i'd rather turn referers off completely instead of trusting some plugin. imagine you upgrade the browser and the addon is not compatible and you don't know about that and go from here to what.cd :P

Ok, you've got a point. But in doing that you set a red flag. What if in browsing inside what.cd, you never send any referer ? What.CD's admins, who certainly are reading SBI with great attention, will think: "this guy probably has read Instab on f... SBI -> forvever ban all his IP range".

Ok, you've got a point. But in doing that you set a red flag. What if in browsing inside what.cd, you never send any referer ? What.CD's admins, who certainly are reading SBI with great attention, will think: "this guy probably has read Instab on f... SBI -> forvever ban all his IP range".

That'd be the epitome of unprofessionalism. Many people browse with referers turned off, but that doesn't mean they've read Instab's post. Or even know about SB-I. :unsure:

Here's how to disable referrer in Firefox in case some of us don't know...

How to disable referrer info in Firefox | eHow.com (http://www.ehow.com/how_5134571_disable-referrer-info-firefox.html)




Open Firefox and type the following in the address bar: about:config

When asked if you'd like to continue, select "Yes".

To find this setting type the following in the filter bar: network.http.sendRefererHeader

Double-click this setting to change its value to "0".

Restart Firefox to allow the change to take affect.

That's it!

My results, in doing my best:

http://image.bayimg.com/iadonaadp.jpg

How to make my fonts unreadable ? How to get recommanded values for browser window size (600x450 pixels, 1150x600 etc with 32 bits color depth) ???




That'd be the epitome of unprofessionalism. Many people browse with referers turned off, but that doesn't mean they've read Instab's post. Or even know about SB-I. :unsure:

Hmmmm... Right in some sense I mean, but it's a question of probability. Given a tracker T, let me name S the number of tracker's member reading an advice on SBI, and A the number of tracker's members adopting a behaviour corresponding to this advice (readers of SBI or not). If a tracker's admin observe that some member adopt this behaviour, he is interessed by the probability that this member is a reader of SBI, ie he wants to evaluate P(S/A) .

Suppose that 10% of trackers members are SBI readers, to, and that 1% of tracker's members aradoptig the behaviour. THe probability P(A/S) is surely greater, says 5%.

Then after having reopened my old baysians courses: P(S/A) = 5%*10%/1% = 50%.......

Hmmmm... Right in some sense I mean, but it's a qüstion of probability. Given a tracker T, let me name S the number of tracker's member reading an advice on SBI, and A the number of tracker's members adopting a behaviour corresponding to this advice (readers of SBI or not). If a tracker's admin observe that some member adopt this behaviour, he is interessed by the probability that this member is a reader of SBI, ie he wants to evaluate P(S/A) .

Suppose that 10% of trackers members are SBI readers, to, and that 1% of tracker's members aradoptig the behaviour. THe probability P(A/S) is surely greater, says 5%.

Then after having reopened my old baysians courses: P(S/A) = 5%*10%/1% = 50%.......

turning referers off is a common security advice and not related to SB-I in any way

My results, in doing my best:

(...)

How to make my fonts unreadable ? How to get recommanded values for browser window size (600x450 pixels, 1150x600 etc with 32 bits color depth) ???

I did the test with several vpn.
Surprisingly (for me) the browser window results (number of pixels) depends on the vpn server I use. Is it normal ? Any explanation ?

************

About the referer debate, here is the point of view of the jondo team:


Referer-Management

The Referer is one of those HTTP features that allow to distinguish different users while surfing the web and therefore, to reduce their anonymity. But that can be avoided activating our Referer management:


With it, the Referer is not simply deleted as some webservices are not available without it. Rather, the Referer will or will not be set depending on the context of a particular request. E.g. it will be set as long as a user is surfing within the same domain and will not be set if a bookmark is used to request a particular web page. This context dependent behavior ensures that no web pages will break while at the same time the Referer cannot be used to gather information to identify users.

https://anonymous-proxy-servers.net/en/help/jondofox2a.html

These are the results I get using a hardened (http://www.sb-innovation.de/f69/good-firerfox-addons-2761/index2.html#post293980) Firefox:

http://www.sb-innovation.de/attachment.php?attachmentid=12989

Authentication could be fixed by using RequestPolicy or CsFire, but cross-request prevention addons are extremely cumbersome. It's a shame that the only selective caching addon I found for Firefox (JohnnyCache) is a blacklist, and doesn't work on the newer versions, even after editing the XPI, since otherwise that could fix the ETag. I've tried setting network.http.keep-alive=false in about:config to disable persistent connections, but it always gave red.

I installed JondoFox today to test how well it scored. Everything was green, obviously. I noticed functionality was provided by an addon, so I copied its files, edited some things a bit, and reassembled it into an XPI file. It's attached.

Known problems and fixes:

the addon overrides some Firefox settings every time it is started. However, you can go to about:config, type extensions.jondofox. and change those to what you want.
^ One of those settings is "clear history on exit". After installing, turn that off, or else all your cache and cookies will be deleted.
^ My hacked addon forces extensions.jondofox.use_document_fonts to be 1, as the default value of 0 severely alters the appearance of most sites.
a JondoFox logo is added to error pages. My hack uses the original netError.xhtml file, but the logo will probably come back with updates.
the menu to choose between no proxy/custom/Jondo/Tor reappears at the bottom every time you start Firefox, and cannot be moved. Couldn't find a fix for this, but you can close the addon bar.
in order for the User-Agent override to work, you must use the custom proxy option, and leave all fields blank.


I did away with RefControl and UAControl (in fact, JondoFox automatically uninstalls the former) since this fulfills my needs. It also includes working SafeCache. Test results here...

http://www.sb-innovation.de/attachment.php?attachmentid=12996

"HTTP session" can only be fixed using JonDo or Tor, and "Browser window" has no known fix right now.

These are good sites too for testing anonymity;

http://decloak.net
http://www.ip-score.com
&
http://www.anonymitychecker.com
http://www.stayinvisible.com
http://tools-on.net/privacy.shtml

I installed JondoFox today to test how well it scored. Everything was green, obviously. I noticed functionality was provided by an addon, so I copied its files, edited some things a bit, and reassembled it into an XPI file. It's attached.

Known problems and fixes:

the addon overrides some Firefox settings every time it is started. However, you can go to about:config, type extensions.jondofox. and change those to what you want.
^ One of those settings is "clear history on exit". After installing, turn that off, or else all your cache and cookies will be deleted.
^ My hacked addon forces extensions.jondofox.use_document_fonts to be 1, as the default value of 0 severely alters the appearance of most sites.
a JondoFox logo is added to error pages. My hack uses the original netError.xhtml file, but the logo will probably come back with updates.
the menu to choose between no proxy/custom/Jondo/Tor reappears at the bottom every time you start Firefox, and cannot be moved. Couldn't find a fix for this, but you can close the addon bar.
in order for the User-Agent override to work, you must use the custom proxy option, and leave all fields blank.


I did away with RefControl and UAControl (in fact, JondoFox automatically uninstalls the former) since this fulfills my needs. It also includes working SafeCache. Test results here...

image (http://www.sb-innovation.de/members/anon-albums-album-name-here-picture12996-full-protect.gif)

"HTTP session" can only be fixed using JonDo or Tor, and "Browser window" has no known fix right now.

Errr... that ↑ addon seems to be corrupt according to my yet Up to date Firefox !!???

MIre likely incompatible than corrupt iam sure off ..

Thanks for the efforts though.


cheers

Errr... that ↑ addon seems to be corrupt according to my yet Up to date Firefox !!???
so it dös for me i'm afraid

I think it will work if you close Firefox, place it manually under the "extensions" folder in your profile, then restart.

Note a new version of JondoFox has been released since I wrote that post. You can autoupdate as with any other addon but that will overwrite my hacks, obviously.

Someone, tell me why so much atention to anonymity?

Someone, tell me why so much atention to anonymity?

For me, it all boils down to: I want my Internet to be a wonderful place to explore, not a data collection source for someone else to keep a record on my preferences.

I thought so. I will think about my anonymity :)

Googel already has our info, I don't do anything stupid on the net and I already blocked most of the telemarketers. No need to be paranoid now.

Googel already has our info, I don't do anything stupid on the net and I already blocked most of the telemarketers. No need to be paranoid now.
google have what we give them. that gös for every company like that

In my country piracy has no laws!

Here (http://www.ip-score.com/) is an other unanonymizer site. The site claims to test the anonymity through Java TCP, Java UDP, SilverLight, Adobe Flash Playser and and Windows Media Player. Hope that it will replace the powerful (but now offline) unanonymizer engine decloak.net.

Somewhere on SBI I read one day a way to fake the number of fonts to zero. Does someone remember the method ???

Which one of the tests in this thread checked the number of fonts? If you have a link to that I'll probably remember what the method was.

Which one of the tests in this thread checked the number of fonts? If you have a link to that I'll probably remember what the method was.

The test site is hxxp://ip-check.info/

But I have remember the method:

On Windows go to %Windir%\System32\Macromed\Flash In this directory, open (or create) a text file named mms.cfg . Open this file with your text editor, and write the following line: DisableDeviceFontEnumeration=1 Save, close, and then perform the Jondonym test, javascript enabled: The test will reveal you have only 0 fonts.

In the same file, you can set DisableSockets to 1. If I understand well, this setting will prevent the possibility of flash to connect to websites without using the proxy of the browser.

More info here (http://www.ghacks.net/2010/09/07/enforce-global-flash-player-security-and-privacy-settings/)

Yes and yes. I thought you might be referring to the @font-face CSS attribute (which NoScript deals with beautifully, and disabling WebFonts in Opera also fixes). Forcing Firefox to use your specified fonts only to render documents and leaving the default choices passes the test too, but sites won't look as intended.

mms.cfg is a pretty unknown but useful resource to control Flash behavior, mine looks like this:


AutoUpdateDisable=1
#DisableSockets=1
SilentAutoUpdateEnable=0
DisableDeviceFontEnumeration=1
OverrideGPUValidation=1
ProtectedMode=0
AVHardwareDisable=1

Grooveshark needs sockets to play music, so I had to comment that line out. Took me a pretty long time to find out why it kept saying I had a Flash blocker running when I whitelisted everything for that site...

AutoUpdateDisable=1
#DisableSockets=1
SilentAutoUpdateEnable=0
DisableDeviceFontEnumeration=1
OverrideGPUValidation=1
ProtectedMode=0
AVHardwareDisable=1[/CODE]

Grooveshark needs sockets to play music, so I had to comment that line out. Took me a pretty long time to find out why it kept saying I had a Flash blocker running when I whitelisted everything for that site...

Apart from Grooveshark, could you summarily explain your choices ?

AutoUpdateDisable=1
SilentAutoUpdateEnable=0

I don't like updates behind my back, nor nags to get the latest version. This turns both off.

DisableDeviceFontEnumeration=1

Anti-font profiling.

OverrideGPUValidation=1

Flash (and many other programs) keeps a list of video card models and driver versions that have been verified to work correctly with regards to hardware acceleration. If you have a very new card, driver or both, or just hardware it doesn't recognize, it'll say "no" and turn GFX acceleration off even if you're capable of using it. This setting overrides the check and always returns "yes". This helps prevent lag with video playback and games on non-recognized cards, unless you have integrated or very low-end hardware.

ProtectedMode=0

This creates a separate process for each instance of the plugin to prevent crashes from taking down the whole browser. I applied it when I was using Firefox, because plugin-container already did the exact same job and this protected mode prevented YouTube from working. Now I'm on Opera, I might actually need to turn it on...

AVHardwareDisable=1

Disables access to microphones and webcams, a feature completely unnecessary for me.

A very informative thread. There is another website that does some kind of test as well. I will edit this post when I find it.

www.whoer.net/ext