Tests and other Media topics

[polonus]

NoScript and Request Policy in Firefox can help get better results.

polonus

P.S. There is another way to go quite quite stealth in firefox with SecretAgent add-on: https://www.dephormation.org.uk/index.php?page=81
What Secret Agent Does... -> https://addons.mozilla.org/en-US/firefox/user/SecretAgent/
With every web request (or page load, or browser session), Secret Agent does the following things;
Compares the web site host to a white list
If the host isn't on the white list,
Request Headers;
Overrides your browser's 'User Agent' with a random alternative selected from a customizable list
Overrides your browser's 'Accept' header with a random alternative selected from a customizable list
Javascript;
Overrides your brower's Javascript navigator.oscpu value using a random alternative selected from a customizable list
Proxy Headers;
Sets an HTTP X-Forwarded-For header with a random IP address
Sets an HTTP Via header with a random IP address
Cache Headers;
Sets a spoof ETag header with a random string of characters
If the optional 'If-Modified-Since' spoofing feature is enabled, overrides incoming 'Last-Modified' headers with a random time offset
If the host is on the white list
Request Headers;
Presents your browser's default 'User Agent' (or overrides with a user configurable value)
Presents your browser's default 'Accept' header (or overrides with a user configurable value)
Javascript;
Presents your browser's default Javascript naivator.oscpu value (or overrides with a user configurable value)
Proxy Headers;
Unaffected
Cache Headers;
Unaffected
N.B.
Mind you to whitelist the pages you want to use, because in stealth mode you are no longer being able for instance to post in the forums,
in that case disable the add-on or whitelist forum dot avast dot com in the extension.

polonus

[polonus]

I checked with Panopticlick and indeed these results changed per request:
user agent one time like xxxxxx Gecko, next time it was xxxxx Galeon 1.3.21
HTTP accept headers also changed text/etc   and  next time application/application/
No Plug-in details, No time-zone, No Screen Size, No System fonts, just cookies enabled (first domain)
Limited supercookie test failed. Just have to test the webshields with this in action.
I tested it out and yes WebShield is normally detecting in a SecretAgent's Stealth mode enabled browser.
Read a review here: http://www.wilderssecurity.com/threads/firefox-top-security-privacy-extension.329939/page-2
We haveto update secret agents useragent list in the PHP script to be actual.

polonus

[polonus]

For what it is worth, automatic firewall check: http://www.shieldcheck.com/auto/

For me all green, my firewall is working!

pol

[TerraX]

Hi,

with me everything is green ... i have avast! Firewall.
Thanks for the test page.

TerraX

[Callender]

Another "interesting" Firefox Add On.

User Agent Cleaner.

Warning. Page is in Russian and requires translation: http://fxprivacy.8vs.ru/

Translated: http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http%3A%2F%2Ffxprivacy.8vs.ru%2F

Note: A better bet is to visit this page using Firefox: https://addons.mozilla.org/en-US/firefox/addon/http-useragent-cleaner/?src=userprofile

Like SecretAgent it increases privacy and will also prevent logins working on most sites. The add on can be disabled with a single click. It's pretty advanced and I haven't really got to grips with it just yet - particularly with enabling or disabling specific settings on a per site basis.

[polonus]

Hi Callender,

Thanks for your contribution to the discussion. Interesting and will give it a look,

polonus

[polonus]

Do a proxy test: http://www.lagado.com/proxy-test
and a cache test: http://www.lagado.com/tools/cache-test
Also check your accurate time: http://www.lagado.com/tools/time
you can sync with: http://www.worldtimeserver.com/atomic-clock/atomic.exe  (891 KB)

polonus

[polonus]

Whenever you installed SecretAgent 1.26 you can renewed check the User Agent Spoofing here: http://whatsmyuseragent.com/
# You!! Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417
next Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1. Gecko/20060206 Songbird/0.1
then Mozilla/5.0 (compatible; Konqueror/3.5; Linux; X11; i686; en_US) KHTML/3.5.3 (like Gecko)
then Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7) Gecko/20070606
etc. etc.
With stealth mode active  I get an error going to
http://browserspy.dk/os.php e.g. Fatal error: Multiple access type modifiers are not allowed in /home2/gemal/public_html/inc/gsite.php on line 1788

This check worked fine: https://browsercheck.qualys.com/  and also this one: http://www.healthstream.com/browsercheck/?bhcp=1
retested in stealth mode. Strange that a pop-up blocker should be disabled: Popup blocking disabled is recommended.

pol

[polonus]

Another Free SSL Web Server Tester: https://www.wormly.com/test_ssl/h/www.security.nl/i/213.156.0.246/p/443
(with an random example search query)
nice to use next to this one for comparison: https://www.ssllabs.com/ssltest/index.html

enjoy,

polonus

[polonus]

A commercial site integrity checker:
example: http://www.sitetruth.com/fcgi/ratingdetails.fcgi?url=bufferapp.com&details=true
Scan will produce identifying info data,
also a link going here (example) http://validator.w3.org/check?uri=http%3A%2F%2Fforum.avast.com%2Findex.php%3F

enjoy,

pol

[polonus]

Content Security Policy Test.

Take it here: https://isc.sans.edu/tools/csptest.html?csp=N

test is brought to us by Johannes Ullrich

polonus

In Google Chrome all four pop-up alerts were neatly blocked by CSP.

[polonus]

Now test your browsers adblocker: http://ads-blocker.com/testing

and top it off with this one: http://thepcspy.com/blockadblock/

and a completely other one: http://pseudo-flaw.net/content/adblock/  (checking to circumvent an adblocker - they are anti-adblocking and firefox)

pol

[polonus]

Please, avast! friends, test your browser with Device Fingerprint here: http://noc.to/

Great tools, great info...what information my/your  browser is leaking to websites, be aware.
Every user of Ghostery will like like this site.

Damian

[REDACTED]

Etag Tracking - apparently not a method used or detected by Panopticlick.

 I've also known about tracking users via the use of Etags for some time now and when using any browser I tend to try to find ways to stop this from happening. That's not because it's a huge concern but just because if it's possible to block it then I see no disadvantage.

I found a site that can be used to test if your browser is trackable via the Etag method.

https://ochronus.com/tracking-without-cookies/

 There's some interesting info. With Etags blocked in my browser each visit or page refresh results in the site visit counter remaining at 1.

 If I unblock Etags it records each subsequent visit.

[polonus]

Time to test your pop-up blocking here: http://www.popuptest.com/
Coutesy of WebAttack

pol