StormOneOnly
Established Contributor
Regular Member
- Joined
- Jun 5, 2022
- Threads
- 13
- Post Replies
- 163
- Status
- online
- Last seen
I am writing this article in my free time to educate the DN users of how to safeguard yourself against digital fingerprinting. I worked my whole life in cybersecurity and helping many to harden their servers against hackers. I offer my skills in fiver for many years to help my clients to harden the security of their servers and also network packet analysis.
Be it you are a vendor, a marketplace owner or just a casual DN shopper. I hope what I am writing here will benefit the DN community.
I believe some of you have read my previous post in OPSec regarding ditching Tails and go for Whonix instead, and I hope you do take that article that I wrote seriously because I did a lot of analysis comparing Tails and Whonix in my sandbox VM and I said it for a reason and that reason is I spend quite some time looking at every expect of tails and Whonix.
Ok, let’s get to the point, enough of that.
First and foremost, before I begin, I would like to say this out.
IF YOU THINK YOU ARE GOOD IN OPSEC, YOU ARE NOT ANYWHERE GOOD, ONE DAY YOU WILL GET BUSTED.
IF YOU THINK YOU ARE NOT GOOD IN OPSEC, YOU HAVE STILL HAVE A HOPE OF NOT GETTING BUSTED.
Technology always evolves and it is constantly evolving, everyday there will be new technology introduced and with new things introduced, there will be new flaw and more digital fingerprint leakage.
If you think you are too good, you stop there and one day new technology will make your OPSec totally obsolete. If you think you are not good always, you always find ways to constantly improve hence strengthening your OPSec.
Let’s start. I want to introduce you to this site.
https://browserleaks.com/
I am pretty sure many will already know of this site if you keep your OPSec to the highest level but if you have not heard of this website. It is time you take a pause of what you are doing right now and take your time to read what I have to say.
This site has all the necessary tools you need, to tell whether you are leaking any digital fingerprint.
I am not going into deep detail what each test does, the site has very detailed explanation what each test does. I am just going to briefly go through.
1. IP Address Test (https://browserleaks.com/ip)
This is basic, if you are already using torbrowser in tails you are pretty much covered as most of your surfing be it clearnet or darknet, your data are relayed around the network through Guard, Relay and Nodes to your destination website. The server will not know where you are from. There is one little exception here, if you are going straight to onion site directly you do not leak any IP data. BUT, if you were to browse to a clearnet site like tor.taxi. You might leak DNS data, because before the browser is able to connect to tor.taxi, it needs to know the IP address of the server, where will it be getting from? Your ISP DNS server unless you set it manually to Google 8.8.8.8 or Cloudflare. This test will tell you which DNS server it is using. (https://browserleaks.com/dns). If it says, your ISP DNS then it is a leak. Firefox now allows DNS over HTTPS (DOH), do some search how to set that, at least your ISP will not know which site you’re browsing.
2. The Javascript CURSE. (https://browserleaks.com/javascript)
TURN THIS DAMN THING OFF!!!
It is a curse, if this is enabled all of the following test which I will go through below will FAIL!. How to turn it off, please read the DN Bible or do some research how to turn it off entirely. I am not going to spoonfeed you, you need to learn as I said earlier if you learn you have a big chance of not getting busted.
There are so many digital fingerprints leaked to the server when javascript is enabled. I can’t mention all, just run the test it will tell you all.
3. WEBRTC Leak Test (https://browserleaks.com/webrtc)
Most modern browser allows the use of webcam and microphone attached to your computer to do video conferencing via browser. Video Conferencing like Zoom through web browser uses this. What information is there? Well, this will give out your webcam device ID, what model of webcam you are using, which brand it is. When LE bust your door, they already have all the information with them, they already know what webcam brand you are using, once they are in your house and sees your webcam, that already matches one digital fingerprint. Below settings will disable WEBRTC of the browser in about:config.
media.navigator.enabled = false
media.peerconnection.enabled = false
This is particularly important for notebook users or mobile users as these devices have built in camera and microphone.
4. Canvas Fingerprint (https://browserleaks.com/canvas)
If you are using modern browsers and supports HTML5 most probably there is canvas fingerprint. Some websites display an empty PNG picture, and you can get the canvas signature and PNG hash and PNG headers of that empty PNG picture. If you disable your javascript, this will be turned off.
5. WebGL Fingerprint (https://browserleaks.com/webgl)
This is for video rendering and your graphic card. It will expose your graphic card vendor, renderer, WebGL Image Hash. If the LE has this digital fingerprint, they can look at your hardware and match against your graphic card.
6. Font Fingerprint (https://browserleaks.com/fonts)
This depends on the locale when you set up your operating system, if you are in Russia and your operating language is set to Russian, you will have russian fonts. If you are in Netherlands and you need to browse Dutch sites with Dutch language you will have Dutch font as well.
7. Geolocation API (https://browserleaks.com/geo)
This is also available if your browser has HTML5 capability. I am pretty sure everyone has visited Google Maps, the map canvas is in HTML5 and it is geolocation API capable. Together with your IP address and many other information, google maps able to pinpoint your exact location. You will come across that when you visit some sites, your browser will pop up asking you if you want to share your location. This is Geolocation API of the browser.
I do not want to go to number 8 and so on, there are many tests you can perform using browserleaks.com.
I strongly suggest everyone to perform all of these tests on the browser you are using, be it on the PC or on the MOBILE !!! PERIODICALLY!! AT LEAST ONCE A WEEK, software updates may alter your configuration.
For those who passes all the test but would like to see what information are being leaked, use your NON tail/whonix/tor browser. Just the usual Chrome, it will show you all the digital fingerprint exposed.
Finally, for those who thinks you are good at the beginning of this article, if you fail any of these tests above. YOU ARE NOT GOOD. Time to rethink your OPSec.
For those who passes all, this is just the tip of the iceberg, this is what your browser leaking. I have not even touch about network packet data leaking such as VPN leaking. Maybe, maybe when I have the time, I will write about it.
So long, stay safe and have a great day.
Other Browser Leak Test
Be it you are a vendor, a marketplace owner or just a casual DN shopper. I hope what I am writing here will benefit the DN community.
I believe some of you have read my previous post in OPSec regarding ditching Tails and go for Whonix instead, and I hope you do take that article that I wrote seriously because I did a lot of analysis comparing Tails and Whonix in my sandbox VM and I said it for a reason and that reason is I spend quite some time looking at every expect of tails and Whonix.
Ok, let’s get to the point, enough of that.
First and foremost, before I begin, I would like to say this out.
IF YOU THINK YOU ARE GOOD IN OPSEC, YOU ARE NOT ANYWHERE GOOD, ONE DAY YOU WILL GET BUSTED.
IF YOU THINK YOU ARE NOT GOOD IN OPSEC, YOU HAVE STILL HAVE A HOPE OF NOT GETTING BUSTED.
Technology always evolves and it is constantly evolving, everyday there will be new technology introduced and with new things introduced, there will be new flaw and more digital fingerprint leakage.
If you think you are too good, you stop there and one day new technology will make your OPSec totally obsolete. If you think you are not good always, you always find ways to constantly improve hence strengthening your OPSec.
Let’s start. I want to introduce you to this site.
https://browserleaks.com/
I am pretty sure many will already know of this site if you keep your OPSec to the highest level but if you have not heard of this website. It is time you take a pause of what you are doing right now and take your time to read what I have to say.
This site has all the necessary tools you need, to tell whether you are leaking any digital fingerprint.
I am not going into deep detail what each test does, the site has very detailed explanation what each test does. I am just going to briefly go through.
1. IP Address Test (https://browserleaks.com/ip)
This is basic, if you are already using torbrowser in tails you are pretty much covered as most of your surfing be it clearnet or darknet, your data are relayed around the network through Guard, Relay and Nodes to your destination website. The server will not know where you are from. There is one little exception here, if you are going straight to onion site directly you do not leak any IP data. BUT, if you were to browse to a clearnet site like tor.taxi. You might leak DNS data, because before the browser is able to connect to tor.taxi, it needs to know the IP address of the server, where will it be getting from? Your ISP DNS server unless you set it manually to Google 8.8.8.8 or Cloudflare. This test will tell you which DNS server it is using. (https://browserleaks.com/dns). If it says, your ISP DNS then it is a leak. Firefox now allows DNS over HTTPS (DOH), do some search how to set that, at least your ISP will not know which site you’re browsing.
2. The Javascript CURSE. (https://browserleaks.com/javascript)
TURN THIS DAMN THING OFF!!!
It is a curse, if this is enabled all of the following test which I will go through below will FAIL!. How to turn it off, please read the DN Bible or do some research how to turn it off entirely. I am not going to spoonfeed you, you need to learn as I said earlier if you learn you have a big chance of not getting busted.
There are so many digital fingerprints leaked to the server when javascript is enabled. I can’t mention all, just run the test it will tell you all.
3. WEBRTC Leak Test (https://browserleaks.com/webrtc)
Most modern browser allows the use of webcam and microphone attached to your computer to do video conferencing via browser. Video Conferencing like Zoom through web browser uses this. What information is there? Well, this will give out your webcam device ID, what model of webcam you are using, which brand it is. When LE bust your door, they already have all the information with them, they already know what webcam brand you are using, once they are in your house and sees your webcam, that already matches one digital fingerprint. Below settings will disable WEBRTC of the browser in about:config.
media.navigator.enabled = false
media.peerconnection.enabled = false
This is particularly important for notebook users or mobile users as these devices have built in camera and microphone.
4. Canvas Fingerprint (https://browserleaks.com/canvas)
If you are using modern browsers and supports HTML5 most probably there is canvas fingerprint. Some websites display an empty PNG picture, and you can get the canvas signature and PNG hash and PNG headers of that empty PNG picture. If you disable your javascript, this will be turned off.
5. WebGL Fingerprint (https://browserleaks.com/webgl)
This is for video rendering and your graphic card. It will expose your graphic card vendor, renderer, WebGL Image Hash. If the LE has this digital fingerprint, they can look at your hardware and match against your graphic card.
6. Font Fingerprint (https://browserleaks.com/fonts)
This depends on the locale when you set up your operating system, if you are in Russia and your operating language is set to Russian, you will have russian fonts. If you are in Netherlands and you need to browse Dutch sites with Dutch language you will have Dutch font as well.
7. Geolocation API (https://browserleaks.com/geo)
This is also available if your browser has HTML5 capability. I am pretty sure everyone has visited Google Maps, the map canvas is in HTML5 and it is geolocation API capable. Together with your IP address and many other information, google maps able to pinpoint your exact location. You will come across that when you visit some sites, your browser will pop up asking you if you want to share your location. This is Geolocation API of the browser.
I do not want to go to number 8 and so on, there are many tests you can perform using browserleaks.com.
I strongly suggest everyone to perform all of these tests on the browser you are using, be it on the PC or on the MOBILE !!! PERIODICALLY!! AT LEAST ONCE A WEEK, software updates may alter your configuration.
For those who passes all the test but would like to see what information are being leaked, use your NON tail/whonix/tor browser. Just the usual Chrome, it will show you all the digital fingerprint exposed.
Finally, for those who thinks you are good at the beginning of this article, if you fail any of these tests above. YOU ARE NOT GOOD. Time to rethink your OPSec.
For those who passes all, this is just the tip of the iceberg, this is what your browser leaking. I have not even touch about network packet data leaking such as VPN leaking. Maybe, maybe when I have the time, I will write about it.
So long, stay safe and have a great day.
Other Browser Leak Test