Part I Anonymous Browsing: The experiment

By André Faust

There are many stories about the information that you give when you are online, some of the stories are accurate and others are exaggerations.

To separate fact from fiction, I created a web page located on my site to collect any information from anyone landing on the page. The page does not keep any of the information that it displays. Once the user closes their browser the information is lost forever.

Using the page three tests were performed, the first test was with Firefox, the second with the browser TOR and the final test was with a VPN (Virtual Personal Network).

The first two test were strictly browser tests. The VPN tests was a hybrid test, it tested both the browser, information that is sent from the user computer online when they are not using a browser.

Two computers located on the same network were used to conduct this experiment/test. Computer A has geolocation software installed while computer B hasn’t.

Most computers don’t have geolocation software or hardware installed so for those, accurate geolocation is highly unlikely. The test will show the difference in accuracy between the both computers.

However, the tests did show that it is possible to get a person’s location under the right conditions.

What the experiment revealed is that when you are using a standard browser that has geolocation API (Application Program Interface )the browser will ask the user for permission.

Not to create any confusion, there is a difference between geolocation software and hardware and a browser geolocation API. The difference is that the software and hardware can give your exact location if your computer is communicating to the internet through a browser or not whereas the browser geolocation API detects if a request is made from the website for your geolocation.

Not all browsers have geolocation API built into them, Chrome is an example of a browser that doesn’t have the API included. When a browser does not support a geolocation API, the user’s location is not given.

The Result of the experiment/test is that you can browse with anonymity with TOR, with Firefox, Your IP address is given, The IP address that is given is the IP address that your internet service provider assigns to your router. While the IP address will identify the Internet Service Provider and the Internet Service Providers Address the IP Address will not give your location. The only way that that could be found is if someone has the legal authority to request to request that information.

Outside of geolocation, the results did show that when you visit a site, you give your IP address, you’re the browser that you are using, some of the plugins your using, your screen resolution and your operating system.

If the site requests your Geolocation, the user’s browser will ask permission to proceed, if the user declines then no information is broadcasted.

The VPN tests were successful at spoofing the IP but failed at providing any of the other information, like browser brand, plugins, screen resolution and operating system. The VPN to spoof the IP address is independent of the browser.

Outside for someone to do statistical analysis, one can browser without giving out information that can Identify the user.

Most of the personal information that a user gives is when the user fills out online forms. That is where the majority of the personal information is given, so you really have to trust the site that they will not sell or give that information out.

The focus is on information that is broadcasted while online. Cookies and browser cache was not looked at as part of the experiment/test. That is another topic. A quick word on cookies, most of the cookies are downloaded to your browser’s cache are helpful to the user and when cookies are disabled the user will lose some of the advantages of cookies.

The page that was used for this video can be found at http://jafaust.com/whoami/ It is a good tool to use because it does all three finds the users IP address, the location of the Internet Provider as well as a whois to identify the Internet Service Provider and location of the Internet Service provider


Advertisements

One thought on “Part I Anonymous Browsing: The experiment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s