Javascript and anonymity

[retyop]

Does javascript install any sort of "cookies" that allows a site to
uniquely identify you every time you visit, regardless of wether or not
you disable normal web browser cookies?

An anonymous web browsing utility I use states that you are not truly
anonymous unless you turn off things such as java, javascript, and some
other applications. This being because they somehow have the ability to
find their way back to the originating site without using your web
browser and thus can reveal to the originating site the real IP of your
browser that requested the page, bypassing the hops through my fellow
servers that helped me request the page without revealing my IP
address. Any truth to this? Links? FAQs?

 

[Dr. Doktur]

Does javascript install any sort of "cookies" that allows a site to
uniquely identify you every time you visit, regardless of wether or not
you disable normal web browser cookies?

An anonymous web browsing utility I use states that you are not truly
anonymous unless you turn off things such as java, javascript, and some
other applications. This being because they somehow have the ability to
find their way back to the originating site without using your web
browser and thus can reveal to the originating site the real IP of your
browser that requested the page, bypassing the hops through my fellow
servers that helped me request the page without revealing my IP
address. Any truth to this? Links? FAQs?

true, it is out there, keep a googling

 

[amadeus]

Does javascript install any sort of "cookies" that allows a site to
uniquely identify you every time you visit, regardless of wether or not
you disable normal web browser cookies?

An anonymous web browsing utility I use states that you are not truly
anonymous unless you turn off things such as java, javascript, and some
other applications. This being because they somehow have the ability to
find their way back to the originating site without using your web
browser and thus can reveal to the originating site the real IP of your
browser that requested the page, bypassing the hops through my fellow
servers that helped me request the page without revealing my IP
address. Any truth to this? Links? FAQs?

They're right, use a search engine and find out all about it

 

[VK]

Does javascript install any sort of "cookies" that allows a site to
uniquely identify you every time you visit, regardless of wether or not
you disable normal web browser cookies?

An anonymous web browsing utility I use states that you are not truly
anonymous unless you turn off things such as java, javascript, and some
other applications. This being because they somehow have the ability to
find their way back to the originating site without using your web
browser and thus can reveal to the originating site the real IP of your
browser that requested the page, bypassing the hops through my fellow
servers that helped me request the page without revealing my IP
address. Any truth to this?

Yeah... we are living in the terrible world. Did you hear about the
last javascript program: it makes the content invisibly blink with the
frequency affecting alpha-rhythms of user's brain. In less then a few
minutes the affected person has an internal voice telling her to buy a
Microsoft product - and she cannot fight with this voice.



:-|
JavaScript can set/read cookies over document.cookie : but it is
exactly the same as any server can do. Whatever your cookie policies
are on the browser: they are applicable to either case. For Internet
Explorer for instance check Tools > Internet Options > Privacy.

my fellow servers that helped me request the page
without revealing my IP address

You mean services like
<http://www.anonymizer.com/consumer/products/anonymous_surfing/> ?
(just naming the oldest one of this kind).
JavaScript is not allowed to read IP of the client machine.
I am using an IP anonymizer regularly while posting here, so my post IP
originating sometimes from London sometimes from Moscow (in case if let
them jump on Od' Lady Europe first or die surrounded by snow and bears
)

As a conclusion: you are one of many seeking an easy solution for a
complicated problem. "Just press one button and my security/privacy is
set". Alas neither JavaScript nor cookie is not that magic button - and
this button doesn't exist at all.

1) Make sure you have all updates for your OS recommended by producer.
2) Use the latest version of your preferred browser. Firefox 2.0 has
times lesser security exploits than Internet Explorer 7.0: so if you
are using IE, you may consider try Firefox 2.0.
3) Have reputable anti-virus software installed with paid subscription
(so it updates virus database regularly).
4) Take more fresh air and physical exercises so nightmares of a
worldwide conspiracy against your privacy would leave you.

 

[retyop]

JavaScript can set/read cookies over document.cookie : but it is
exactly the same as any server can do. Whatever your cookie policies
are on the browser: they are applicable to either case. For Internet
Explorer for instance check Tools > Internet Options > Privacy.

Is this in a different folder than the typical folder for cookies
[c:\documents and settings\user name\cookies\*.*] ? In the case of
Firefox, do you know where to check for cookies? It clearly doesn't
store them in the default folder I noted above.

You mean services like
<http://www.anonymizer.com/consumer/products/anonymous_surfing/> ?
(just naming the oldest one of this kind).
JavaScript is not allowed to read IP of the client machine.

That's great news. But I think the problem noted by the sites I read is
that the javascript routine may try to "phone home", thus indirectly
revealing the origin of the real requester of the web page. Can you
tell me about this?

 

[VK]

Is this in a different folder than the typical folder for cookies
[c:\documents and settings\user name\cookies\*.*] ? In the case of
Firefox, do you know where to check for cookies? It clearly doesn't
store them in the default folder I noted above.

Tools > Options > Privacy > Cookies > Clear Cookies Now
Tools > Options > Privacy > Cookies > Settings > Clear private data
when closing Firefox

TweakUI for Windows XP:
<http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx>
TweakUI for older Windows:
<http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp>

Install, go to Control Panel
Tweak UI > Paranoia tab > raise all checkboxes; restart Windows.

Your Web browsing will be a real torture now, but you are well prepared
for a surprise FBI visit.

But I think the problem noted by the sites I read is
that the javascript routine may try to "phone home", thus indirectly
revealing the origin of the real requester of the web page. Can you
tell me about this?

Most of the sites stating that you are all unsecure "until install X
software" are spyware destributors. Go to your OS producer site and
read what *they* have to say. Also go to your browser producer site and
read what *they* have to say.

And no: JavaScript programs exists only on the page where loaded and
disappear when you leave the page. They don't reside in the memory.
That is why it may be good idea before going to check you bank account:
simply close all open browser windows, then open one and go right to
the back page.

 

[Goldy]

I would recommend JanusVM.
http://janusvm.peertech.org

It uses Tor to hide your IP. Privoxy and Squid to filter web crap
(ads, cookies, etc.) and spoofs your web browsers UserAgent.
Now about the JavaScript/Java/Flash issue of getting your real
IP...don't worry about it. JanusVM routes ALL TCP traffic through Tor,
so the proxy bypass tricks in Java and Flash don't work (which is good
for you). As for Cookies, just have firefox clean them every time you
close your browser. UDP and ICMP traffic are not passed through when
you use JanusVM, because those can leak your REAL IP address.

I would recommend you check out JanusVM. At least 50,000 people are
using it now.
It works well with just about every application I use.

 

[retyop]

I would recommend JanusVM.
http://janusvm.peertech.org

It uses Tor to hide your IP. Privoxy and Squid to filter web crap
(ads, cookies, etc.) and spoofs your web browsers UserAgent.
Now about the JavaScript/Java/Flash issue of getting your real
IP...don't worry about it. JanusVM routes ALL TCP traffic through Tor,
so the proxy bypass tricks in Java and Flash don't work (which is good
for you). As for Cookies, just have firefox clean them every time you
close your browser. UDP and ICMP traffic are not passed through when
you use JanusVM, because those can leak your REAL IP address.

I would recommend you check out JanusVM. At least 50,000 people are
using it now.
It works well with just about every application I use.

At last. Whew, thanks Goldy, I was going crazy with all these wise
crack remarks about paranoia, FBI, etc. I wonder which of the
newsgroups the previous jerk off posters come from.

You addressed my issue directly, by pointing out that there exists a
"proxy bypass trick in Java and Flash". Thank you very much. That was
my basic concern. I'm going to check out all that stuff. Thanks!

 

[VK]

I was going crazy with all these wise
crack remarks about paranoia, FBI, etc. I wonder which of the
newsgroups the previous jerk off posters come from.

"Paranoia" is not my term - it is official name of the tab in Tweak UI
interface officially distributed by Microsoft, Inc (see the links I
provided). If you feel yourself offended: please address it to
Microsoft.

If you felt some humor behind my post - it is presented, but only in
the style. All technical details are strictly correct and serious.

A bit humorist style of my posts - and sorry if seemed offensive - is
because it is really funny to read such vague questions as "I'm going
to the Internet. THEY told me that I can be recognized there. Is it
true?"

What exactly do you want to hide? The fact of visiting
"CrackesSerials.foo" or "HotBabes.bar"? Then IP forging and cookie
clean up helps to some extend. If you did something so bad that the
government went on you then the exact traffic is kept for the law
defined time on your provider's server and can be requested at any time
(USA. EU, Russia, China)

If you want to hide the fact of buying online "How to make a bomb in 15
minutes: Definitibe guide" than it is even more funny because
everything is attached to your credit card/ PenPal account etc and it
gets known to all credit companies around the world in 15sec after the
fact of buying.

For sake of it look at your wallet (unless your are from a 3rd word
country): 99% is discount cards and credit cards. Your preferred store
is Safeway? Well, some news for you: Albertson's knows exactly the
amount of beer you drunk last year, your preferred mark of chewing gum
(don't want to use cigarettes as the sample) and Target knows the
preferred color of clothes you want to wear.

In the Internet the only thing one may hide (up to some extent) is the
fact of reading something or saying something at the given moment of
time. The rest of your a** remains uncovered.

This way: what exactly did you want to hide from us? ;-)

 

[Debra Lee Logan]

You add a Newsgroups header like this to your email:

Newsgroups: alt.privacy.anon-server

Then you post it to one of the mail2news gateways, e.g.:

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

(You must have an email client that lets you add your own custom
headers, though.)

Do you know a decent email client that allows the addition of custom
headers?

I can telnet to the SMTP server and type the headers in manually but
that gets really old after a while.

 

[Tim Slattery]

Do you know a decent email client that allows the addition of custom
headers?

Pegasus Mail (www.pmail.com). Very full featured, Bayesian filtering,
custom headers, on and on and on. And free.

 

[Macarro]

true, it is out there, keep a googling

Alternatively, http://www.blackboxsearch.com

 

[asdf]

I tried to create stats from google groups, pulling their former dejavu info
and post numbers.

After 5 or so queries ( while they contact my server several times during a
day),
they disconnected me for a month and sent me a cease and resist note.

-------------------------------------------------------

Then I switched to an anonymizer, using queries only every few seconds or
so.
I never finished the project. After a month google restored searched for my
ip.


I am glad I did not 'mess up' the anonymizer account.

------------------.

Google belongs to the evil doers. basta.

We are just to stupid to realize.

A $ market evaluation in the thousands of millions for a search utility that
can be created by anyone. ARE WE STUPID ?

Most of us are.

 

[Anon]

Google is the world's biggest enemy of privacy

I use scroogle.org whenever possible

idiots think that google is a cool bunch of hippies, because they
have "bring your pet to work" and other cosmetic claptrap

the masses are idiots who say "google it"

 

[Randy Webb]

Anon said the following on 2/14/2007 11:53 AM:

Google is the world's biggest enemy of privacy

And you are one of the world's biggest idiots.

[follow-up set to alt.privacy.anon]