Test your anonymity

[Renk]

that's about the definition of "security". you got a good point but letting the "don't stand out is good" policy behind for a moment not sending any referer data at all is still the best.

Here I disagree. Because it's more a question of anonymity than security. If you walk in the street with a spiderman mask, you can't be immediately recognized, but you are easily traceable until your home (exceppt if you are really spiderman). If on the contrary you have almost the same face as 1000 average joe, you will be very hard to be distinguished and traced until your home.

extras like refcontrol are nice but in this case i'd rather turn referers off completely instead of trusting some plugin. imagine you upgrade the browser and the addon is not compatible and you don't know about that and go from here to what.cd

Ok, you've got a point. But in doing that you set a red flag. What if in browsing inside what.cd, you never send any referer ? What.CD's admins, who certainly are reading SBI with great attention, will think: "this guy probably has read Instab on f... SBI -> forvever ban all his IP range".

[anon]

Ok, you've got a point. But in doing that you set a red flag. What if in browsing inside what.cd, you never send any referer ? What.CD's admins, who certainly are reading SBI with great attention, will think: "this guy probably has read Instab on f... SBI -> forvever ban all his IP range".

That'd be the epitome of unprofessionalism. Many people browse with referers turned off, but that doesn't mean they've read Instab's post. Or even know about SB-I.

[Resurrection]

Here's how to disable referrer in Firefox in case some of us don't know...

How to disable referrer info in Firefox | eHow.com

Open Firefox and type the following in the address bar: about:config

When asked if you'd like to continue, select "Yes".

To find this setting type the following in the filter bar: network.http.sendRefererHeader

Double-click this setting to change its value to "0".

Restart Firefox to allow the change to take affect.

That's it!

[Renk]

My results, in doing my best:



How to make my fonts unreadable ? How to get recommanded values for browser window size (600x450 pixels, 1150x600 etc with 32 bits color depth) ???

That'd be the epitome of unprofessionalism. Many people browse with referers turned off, but that doesn't mean they've read Instab's post. Or even know about SB-I.

Hmmmm... Right in some sense I mean, but it's a question of probability. Given a tracker T, let me name S the number of tracker's member reading an advice on SBI, and A the number of tracker's members adopting a behaviour corresponding to this advice (readers of SBI or not). If a tracker's admin observe that some member adopt this behaviour, he is interessed by the probability that this member is a reader of SBI, ie he wants to evaluate P(S/A) .

Suppose that 10% of trackers members are SBI readers, to, and that 1% of tracker's members aradoptig the behaviour. THe probability P(A/S) is surely greater, says 5%.

Then after having reopened my old baysians courses: P(S/A) = 5%*10%/1% = 50%.......

[Instab]

Hmmmm... Right in some sense I mean, but it's a qüstion of probability. Given a tracker T, let me name S the number of tracker's member reading an advice on SBI, and A the number of tracker's members adopting a behaviour corresponding to this advice (readers of SBI or not). If a tracker's admin observe that some member adopt this behaviour, he is interessed by the probability that this member is a reader of SBI, ie he wants to evaluate P(S/A) .

Suppose that 10% of trackers members are SBI readers, to, and that 1% of tracker's members aradoptig the behaviour. THe probability P(A/S) is surely greater, says 5%.

Then after having reopened my old baysians courses: P(S/A) = 5%*10%/1% = 50%.......

turning referers off is a common security advice and not related to SB-I in any way

[Renk]

My results, in doing my best:

(...)

How to make my fonts unreadable ? How to get recommanded values for browser window size (600x450 pixels, 1150x600 etc with 32 bits color depth) ???

I did the test with several vpn.
Surprisingly (for me) the browser window results (number of pixels) depends on the vpn server I use. Is it normal ? Any explanation ?

************

About the referer debate, here is the point of view of the jondo team:

Referer-Management

The Referer is one of those HTTP features that allow to distinguish different users while surfing the web and therefore, to reduce their anonymity. But that can be avoided activating our Referer management:


With it, the Referer is not simply deleted as some webservices are not available without it. Rather, the Referer will or will not be set depending on the context of a particular request. E.g. it will be set as long as a user is surfing within the same domain and will not be set if a bookmark is used to request a particular web page. This context dependent behavior ensures that no web pages will break while at the same time the Referer cannot be used to gather information to identify users.

https://anonymous-proxy-servers.net/...ondofox2a.html

[anon]

These are the results I get using a hardened Firefox:



Authentication could be fixed by using RequestPolicy or CsFire, but cross-request prevention addons are extremely cumbersome. It's a shame that the only selective caching addon I found for Firefox (JohnnyCache) is a blacklist, and doesn't work on the newer versions, even after editing the XPI, since otherwise that could fix the ETag. I've tried setting network.http.keep-alive=false in about:config to disable persistent connections, but it always gave red.

[anon]

I installed JondoFox today to test how well it scored. Everything was green, obviously. I noticed functionality was provided by an addon, so I copied its files, edited some things a bit, and reassembled it into an XPI file. It's attached.

Known problems and fixes:

• the addon overrides some Firefox settings every time it is started. However, you can go to about:config, type extensions.jondofox. and change those to what you want.
  ^ One of those settings is "clear history on exit". After installing, turn that off, or else all your cache and cookies will be deleted.
  ^ My hacked addon forces extensions.jondofox.use_document_fonts to be 1, as the default value of 0 severely alters the appearance of most sites.
• a JondoFox logo is added to error pages. My hack uses the original netError.xhtml file, but the logo will probably come back with updates.
• the menu to choose between no proxy/custom/Jondo/Tor reappears at the bottom every time you start Firefox, and cannot be moved. Couldn't find a fix for this, but you can close the addon bar.
• in order for the User-Agent override to work, you must use the custom proxy option, and leave all fields blank.

I did away with RefControl and UAControl (in fact, JondoFox automatically uninstalls the former) since this fulfills my needs. It also includes working SafeCache. Test results here...



"HTTP session" can only be fixed using JonDo or Tor, and "Browser window" has no known fix right now.

[MGustav]

These are good sites too for testing anonymity;

http://decloak.net
http://www.ip-score.com
&
http://www.anonymitychecker.com
http://www.stayinvisible.com
http://tools-on.net/privacy.shtml

[kabster]

I installed JondoFox today to test how well it scored. Everything was green, obviously. I noticed functionality was provided by an addon, so I copied its files, edited some things a bit, and reassembled it into an XPI file. It's attached.

Known problems and fixes:

• the addon overrides some Firefox settings every time it is started. However, you can go to about:config, type extensions.jondofox. and change those to what you want.
  ^ One of those settings is "clear history on exit". After installing, turn that off, or else all your cache and cookies will be deleted.
  ^ My hacked addon forces extensions.jondofox.use_document_fonts to be 1, as the default value of 0 severely alters the appearance of most sites.
• a JondoFox logo is added to error pages. My hack uses the original netError.xhtml file, but the logo will probably come back with updates.
• the menu to choose between no proxy/custom/Jondo/Tor reappears at the bottom every time you start Firefox, and cannot be moved. Couldn't find a fix for this, but you can close the addon bar.
• in order for the User-Agent override to work, you must use the custom proxy option, and leave all fields blank.

I did away with RefControl and UAControl (in fact, JondoFox automatically uninstalls the former) since this fulfills my needs. It also includes working SafeCache. Test results here...

image

"HTTP session" can only be fixed using JonDo or Tor, and "Browser window" has no known fix right now.

Errr... that ↑ addon seems to be corrupt according to my yet Up to date Firefox !!???

MIre likely incompatible than corrupt iam sure off ..

Thanks for the efforts though.


cheers

[Instab]

Errr... that ↑ addon seems to be corrupt according to my yet Up to date Firefox !!???

so it dös for me i'm afraid

[anon]

I think it will work if you close Firefox, place it manually under the "extensions" folder in your profile, then restart.

Note a new version of JondoFox has been released since I wrote that post. You can autoupdate as with any other addon but that will overwrite my hacks, obviously.

[SpartakusMd]

Someone, tell me why so much atention to anonymity?

[anon]

Someone, tell me why so much atention to anonymity?

For me, it all boils down to: I want my Internet to be a wonderful place to explore, not a data collection source for someone else to keep a record on my preferences.

[SpartakusMd]

I thought so. I will think about my anonymity :)