598
submitted 1 year ago* (last edited 1 year ago) by TriLinder@lemmy.ml to c/privacy@lemmy.ml

Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

you are viewing a single comment's thread
view the rest of the comments
[-] Drinvictus@discuss.tchncs.de 5 points 1 year ago

Holy shit. How do we avoid this? VPN?

[-] Slotos@feddit.nl 48 points 1 year ago* (last edited 1 year ago)

By not using internet. No, seriously, if you access something over the internet, you will leave tracks. This here post is nothing new or inherently scary on its own. I used to have forum signatures that would tell people what browser they were using or from what IP they were coming.

What you really want to do is disable third party cookies on everything you own. That (and things like hsts super cookies) is what tracks you.

If you’re using an app to browse Lemmy, you might ask for their implementation to reject cookies and fingerprinting attempts when displaying images and other embeddables.

a minute later edit: And yeah, if you don’t like web services to know the IP address given to you by your ISP, VPN is a decent option.

[-] ReversalHatchery@beehaw.org -3 points 1 year ago* (last edited 1 year ago)

No, seriously, if you access something over the internet, you will leave tracks.

It's quite the difference between leaving tracks on only one provider's servers (where your account is hosted), and leaving tracks all over the internet.

There were a few comments under this post about how (easily!) this could be used to find out the IP address and though it the rough location of a commenter.

[-] Slotos@feddit.nl 2 points 1 year ago

Lemmy proxying image loads won’t fix this issue at all. Unless you only ever access resources through it, which you won’t. It will even make the problem worse by exposing a single attack surface.

Don’t trust the collection of random internet services to protect interests they are not set out to protect. You wanna hide your IP? Use VPN or Tor.

I mean, Stallman has a point here.

[-] Erika2rsis@lemmy.blahaj.zone 10 points 1 year ago* (last edited 1 year ago)

I would say a user agent spoofer would be more useful for this particular image. The Mozilla team recommends User-Agent Switcher and Manager for Firefox users.

[-] ForestOrca@kbin.social 4 points 1 year ago* (last edited 1 year ago)

Where can I learn more about using this Firefox extension? I've installed it, but it hasn't changed the results of (https://trilinder.pythonanywhere.com/image.jpg).

I see I am able to black list pythonanywhere.com.

[-] Erika2rsis@lemmy.blahaj.zone 2 points 1 year ago

Here's a six-minute YouTube video explaining how to use it

TL;DW: Click on the extension icon, use the drop-down lists to find a browser and OS, select a pre-configured user-agent string from the list, and click "apply (container)" or "apply (all windows)". Having your user-agent string change randomly with each request is possible but requires writing a bit of JSON in the options.

[-] ForestOrca@kbin.social 3 points 1 year ago

TY!! That link works on Invidious, Yay! I'll check it when I get a break.

[-] TriLinder@lemmy.ml 2 points 1 year ago

That's weird. The extension should definitely work with the image, as that's what I used when building this quick demo. Does the content of a site like this update?

[-] ricecake@beehaw.org 9 points 1 year ago

It's not nearly as nefarious as people seem to think. Effectively all applications that access web resources send along what they are and basic platform information.
This is part of how the application asks for content in a way that it can handle
It does a little to let you be tracked, but there are other techniques that are far more reliable for that purpose.

[-] PoliticalAgitator@lemm.ee 5 points 1 year ago

I posted this further up, but I think it's worth pasting here too:

I suspect with a coordinated pool of posts or multiple comments on the same post, you could narrow that IP address down to an actual user account.

When a new comment is posted by a user, store, against their username, all IP addresses that visited since the last comment in that thread (by anyone). When a second comment is posted by a user, remove any IP addresses that don't appear in both lists.

I suspect you would have a very short list after two comments, and a single address after 3. It would also be extremely easy to both lure someone into viewing an image and bait them into multiple replies. Geolocate that IP and you know know vaguely where that user lives.

Time to make sure you're always on a VPN I guess.

[-] CookieJarObserver@sh.itjust.works 4 points 1 year ago* (last edited 1 year ago)

Next DNS Blocks it apparently.

[-] Fissionami@lemmy.ml 1 points 1 year ago

Wow! But mine didn't. Which filter lists are you using?

Well... Basically all...

[-] Hamartiogonic@sopuli.xyz 1 points 1 year ago

I’m using a VPN, and the picture knows everything about me regardless.

this post was submitted on 11 Aug 2023
598 points (96.6% liked)

Privacy

32177 readers
658 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS