LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-10-2020, 12:33 AM   #1
JASlinux
Member
 
Registered: Oct 2020
Posts: 348

Rep: Reputation: Disabled
Do social networks know which os we're running?


I can see Facebook guestimates the browser (hypothetical example, Epiphany-Web showing as Safari, other times accurate), and it knows we're running Linux vs. Redmond, but does it know our Linux distro/kernel/desktop environment?
 
Old 11-10-2020, 01:35 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
At the very least, it knows your user agent. With the help of javascript, it can know much more.
 
Old 11-10-2020, 06:10 AM   #3
teckk
LQ Guru
 
Registered: Oct 2004
Distribution: Arch
Posts: 5,103
Blog Entries: 6

Rep: Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822
Yes, a web page/site can os/browser fingerprint you.

https://www.washingtonpost.com/techn...rprinting-you/
https://www.comparitech.com/blog/vpn...tect-yourself/
https://amiunique.org/
https://pixelprivacy.com/resources/b...ingerprinting/
 
Old 11-10-2020, 06:19 AM   #4
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,512

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
Unless you obfuscate or fake your signature (available to any HTTP protocol server to which you connect) the basic information about your browser and operating system is available. One of my Linux machines presents as running Mozilla on WinNT4. I run a utility on another so that my signature changes ever hour. Such obfuscation can cause some poorly crafted sites to display improperly or break, so I do nothing of the kind on my working machines.

I also do not bother on my Pinebook Pro, since nothing out there really understands what the heck that is anyway.
 
Old 11-10-2020, 07:11 AM   #5
tinfoil3d
Member
 
Registered: Apr 2020
Location: Japan/RJCC
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268

Rep: Reputation: 75
What's more important to you, the fact that social network knows all your connections to people or the fact that social network knows which distro you use?
 
Old 11-10-2020, 12:12 PM   #6
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,200

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Yes.

https://www.whatismybrowser.com/dete...-my-user-agent
 
1 members found this post helpful.
Old 11-11-2020, 04:07 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,461

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
There are also forensic differences in certain parts of a TCP packet that provide good clues to the originating OS and at a lower level than the easily changed "user agent" in the browser.
 
1 members found this post helpful.
Old 11-11-2020, 10:35 AM   #8
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,200

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Quote:
Originally Posted by TenTenths View Post
There are also forensic differences in certain parts of a TCP packet that provide good clues to the originating OS and at a lower level than the easily changed "user agent" in the browser.
Say more?
 
Old 11-11-2020, 10:48 AM   #9
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,258
Blog Entries: 3

Rep: Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713
Try nmap or zenmap for fingerprinting of operating systems:

https://nmap.org/book/osdetect.html

There is also a passive option in tcpdump, but the documentation seems not to mention the source for the lookups.
 
1 members found this post helpful.
Old 11-11-2020, 10:50 AM   #10
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,461

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
Quote:
Originally Posted by dugan View Post
Say more?
https://en.m.wikipedia.org/wiki/TCP/...fingerprinting
 
3 members found this post helpful.
Old 11-11-2020, 11:20 AM   #11
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
The OS and browser being used provide far less useful information than the contacts of the user. Facebook, Instagram, Twitter, et al all know every person you are or have been connected to. That is valuable information, and you give it to them freely by running their software. You can easily change devices, with different OS and browser, so that information is of little use to anyone. But knowing everyone you follow, or follows you, and every site you visit, is of considerable value, in multiple ways.
 
2 members found this post helpful.
Old 11-12-2020, 03:41 AM   #12
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,461

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
Quote:
Originally Posted by sgosnell View Post
The OS and browser being used provide far less useful information than the contacts of the user.
Agreed.

Quote:
Originally Posted by sgosnell View Post
You can easily change devices, with different OS and browser, so that information is of little use to anyone.
Disagree.

Knowing the use scenarios of the userbase is important. A few simplistic examples;
  • Are users using predominantly mobile devices?
  • Are they using the web interface on their mobile device in preference to any APP that's available?
  • Do we have legacy users that are using OLD devices / browsers?
This information allows companies to tailor and enhance their experiences accordingly to increase engagement which increases views / userbase / revenue / data.
 
Old 11-12-2020, 03:49 AM   #13
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,258
Blog Entries: 3

Rep: Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713
Lots of big sites scan the computers connecting to them. Here's one:

https://securityboulevard.com/2020/0...r-pc-probably/
 
1 members found this post helpful.
Old 11-12-2020, 09:20 AM   #14
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
Certainly knowing the OS and browser can be valuable to the site owner, and Google Analytics collects that. My point is, that information is of less use for attacks against the site visitors, and is not so easily connected to a specific person. All they get is an IP, the OS, browser, etc, but not necessarily the specific person using the computer. With a VPN they don't even get the IP. However, once the user logs in to the social media site, they know much, much more, and more use gives more connections. Generally, they know your name, your address, phone number, family member names, occupation, almost everything. That's why law enforcement and government security agencies go to them for information. Nobody knows more about you than Facebook, if you go there. Nobody. Except maybe Instagram which is a Facebook subdivision, and others very like it. I joined Facebook when it first started up at the behest of my daughter, for playing Scrabble online. After a short time I got suspicious and deleted my account and information. But I'm pretty certain it all still exists, and will forever, and has been sold millions of times. Knowing the browsing habits of the average customer is one thing, knowing almost everything about specific users is something else.

Last edited by sgosnell; 11-12-2020 at 09:22 AM.
 
1 members found this post helpful.
Old 11-12-2020, 12:49 PM   #15
teckk
LQ Guru
 
Registered: Oct 2004
Distribution: Arch
Posts: 5,103
Blog Entries: 6

Rep: Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822Reputation: 1822
Lots of sites report to facebook.

Code:
tcpdump net 69.171.224.0/19 -qtni any
Code:
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
 
1 members found this post helpful.
  


Reply

Tags
browsers, facebook, security, social networking, twitter


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which academic social networks would you recommend? Existentialist Cafe General 4 02-04-2020 05:37 AM
How social are social groups here at LQ? alan_ri General 33 05-24-2011 02:17 AM
LXer: Social networking platform eXo Social released LXer Syndicated Linux News 0 05-17-2010 07:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration