What data my computers gives away on internet boards?
Hi! Are there any linux tool to monitor what data my computer gives away when, for example, posting something on a public webpage? I-m concerned about ip, e-mail, mac-addresses, etc. Can i somehow see how a webpage sees me - an user?
|
tcpdump (part of slackware) and perhaps wireshark (part of slackbuilds.org).
|
hope these two can be useful
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields http://pgl.yoyo.org/http/browser-headers.php |
How much information you provide is controllable only to a certain point. For example, unless you use something like TOR you can't hide your IP address from destination servers.
Most of the information you provide is done through browser cookies, Flash cookies, JavaScript, and Java. You can eliminate 90% of what anybody can learn about you by disabling JavaScript and Java. Using white lists to control JavaScript, Java, and cookies is a smart policy to control information flow. Any time you enter data in an online form then you are providing information. Only you can control what you provide. MAC addresses are not routable across subnets. Once your data packet goes past your home router or ISP modem, the MAC address is no longer discoverable. That can be bypassed by enabling JavaScript or Java, which allows scripts to snoop your system. Therefore only allow JavaScript and Java at trusted sites. You can send data to a destination site encrypted if that site supports SSL/https. Email passwords typically are sent in clear text. A packet sniffer like Wireshark will show as much. Using email security such as SSL/TLS will hide passwords, but your mail provider must support that. Emails that are sent without encryption are viewable and readable by anyone who intercepts the packets. If you want to see what information your web browser is revealing, try these two sites: http://ipinfo.info/html/privacy-check.php http://www.whattheinternetknowsaboutyou.com/ Try using those sites with and without JavaScript or Java enabled and you'll see the difference. Flash cookies are not controlled by web browsers but there are tools and methods to prevent data collection through those. If you don't use flash cookies at all then the simplest way to stop them dead is to create two zero-byte files in your home directory named $HOME/.adobe and $HOME/.macromedia. If you need to enable flash cookies for specific web sites then you'll need to investigate other methods of house-keeping and control. Web browsing history can be tracked through the browser's history cache. There are ways to control that too. Others can add more information. I'm just touching the tip of the iceberg but hopefully you are now fully paranoid. :D |
Actually, email itself is sent in clear text unless you encrypt it yourself. Even if the various email servers encrypt it on the wire, the text will be sitting on a machine somewhere until it is delivered to the destination inbox.
|
So, if i have two computers behind the same router and i post a comment on a public website, then go over to another computer and post a comment from there, can a website tell that i've been posting from different computers.
The reason i'm asking is because my post about legitimacy of bank loans system(you know, the conspiracy talk :)) got banned on a news site and i received warning about it on one computer, but not on another. It got me thinking what this website sees about my computer and is there a way to review the data to be send, before actually sending it. Thanks for all the links! Edit: Quote:
Edit2: :) whattheinternetknowsaboutyou.com: Congratulations, we did not find anything in this category in your browser history. - With slackware and opera. 'tcpdump' is maybe too techie for me, i guess it's the same kind of app as netwatch. I like how all these lines of text roll, but understand just a little. Edit3: I'm checking wireshark too, maybe i'll learn something, at least it helps to proceed in paranoia. :) |
Using Firefox (or SeaMonkey)?
Get the [I]NoScript/I] add-on. While you're at it, get the AdBlock+ add-on, too. Not using Firefox or SeaMonkey? Start. Hope this helps some. |
The only thing that you cannot stop websites from viewing is your IP, but tor can help here.
Since you are from Estonia, I hear they have a national internet e-ID: http://www.activistpost.com/2011/09/...tronic-id.html I'll bet you that is another thing that gives you away. |
Quote:
If you move to a different house and use a different computer there, then the IP address will be different and people downstream in the internet will not see that as the same connection. If you move to a different house but use the same computer then you can be identified if you do not clear cookies or fail to use a different login ID at forums. If you have JavaScript or Java enabled in a web browser then the game changes because scripts can identify the computer and user. That is why I recommended testing those privacy sites with both enabled and disabled. Then you can see the difference in information transmitted. That is why white lists are important. For Firefox, the NoScript add-on will help create white lists for trusted sites. Most discussion forum software looks at cookies and IP addresses to identify the user. If you are trying to circumvent that then use two different login IDs at different IP addresses. You can set up different user profiles if you are using Firefox. Disabling JavaScript and Java prevents a significant majority of privacy concerns. That is the way I have Firefox configured. I never allow Java in my normal surfing sessions and I allow JavaScript through NoScript only for a few trusted sites. I likewise use a white list for cookies and except for a few discussion forums only allow session cookies. I explicitly prohibit cookies from known tracking sites such as Google. I use dnsmasq with a second hosts file to block undesirable IP addresses and advertisements. With that said, discussion forums are the property of other people. Asking to be a member of a forum means accepting their policies for usage. Moderators have standing to warn users about violations. If you visit a friend and the friend asks you to remove your shoes you comply because that house does not belong to you. :) Quote:
Quote:
To be in cognito requires significant discipline. Most people are horrible at being transparent. :) |
You can set up a Privoxy proxy server on your home computer. There's a SlackBuild and the default configuration is a good starting point.
|
Quote:
Thanks, Woodsman, for advices, i keep them in mind next time when ranting, unfortunately, websites block commenting without cookies and javascript enabled. Thanks for all the tips and programs mentioned! I'll plan to investigate into this proxy and tor thing. |
Quote:
http://panopticlick.eff.org/ Even without Javascript and Java you leave a fairly unique fingerprint with every HTTP request. With Javascript or Java you can be safely recognized. |
All times are GMT -5. The time now is 01:56 PM. |