/d/OpSec icon

/d/OpSec

16,634 subscribers

Must read: https://anonymousplanet-ng.org/guide.html

Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.

Vendors, please use /d/vendor_handbook.

While the focus of this community's OpSec discussions may center around Dark Net (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec that extend beyond the bounds of the DN.

Harden Your OPSec: What's Your Browser is Giving Away (Pinned post)

by /u/vekocy · 34 votes · 1 month ago

Other posts that I have written. You may not agree with me, that's fine. I am here to share information of what I think.

TS TIMESTAMP(TsOps Flag) in Network Packets.

/post/a54cf2c23c1f4fb59e19 - Tails is not designed to run in VM!

Steganography - A digital fingerprint that can be sent to you without you knowing.

/post/ff706472983a59d8106f

VPN wrapping over TOR makes you invincible. You are so WRONG!

/post/9a0b1b17d37127e88399

I am writing this article in my free time to educate the DN users of how to safeguard yourself against digital fingerprinting. I worked my whole life in cybersecurity and helping many to harden their servers against hackers. I offer my skills in fiver for many years to help my clients to harden the security of their servers and also network packet analysis.

Be it you are a vendor, a marketplace owner or just a casual DN shopper. I hope what I am writing here will benefit the DN community.

I believe some of you have read my previous post in OPSec regarding ditching Tails and go for Whonix instead, and I hope you do take that article that I wrote seriously because I did a lot of analysis comparing Tails and Whonix in my sandbox VM and I said it for a reason and that reason is I spend quite some time looking at every expect of tails and Whonix.

Ok, let’s get to the point, enough of that.

First and foremost, before I begin, I would like to say this out.

IF YOU THINK YOU ARE GOOD IN OPSEC, YOU ARE NOT ANYWHERE GOOD, ONE DAY YOU WILL GET BUSTED. IF YOU THINK YOU ARE NOT GOOD IN OPSEC, YOU HAVE STILL HAVE A HOPE OF NOT GETTING BUSTED.

Technology always evolves and it is constantly evolving, everyday there will be new technology introduced and with new things introduced, there will be new flaw and more digital fingerprint leakage.

If you think you are too good, you stop there and one day new technology will make your OPSec totally obsolete. If you think you are not good always, you always find ways to constantly improve hence strengthening your OPSec.

Let’s start. I want to introduce you to this site.

https://browserleaks(dot)com/

I am pretty sure many will already know of this site if you keep your OPSec to the highest level but if you have not heard of this website. It is time you take a pause of what you are doing right now and take your time to read what I have to say.

This site has all the necessary tools you need, to tell whether you are leaking any digital fingerprint.

I am not going into deep detail what each test does, the site has very detailed explanation what each test does. I am just going to briefly go through.

1. IP Address Test (https://browserleaks(dot)com/ip)

This is basic, if you are already using torbrowser in tails you are pretty much covered as most of your surfing be it clearnet or darknet, your data are relayed around the network through Guard, Relay and Nodes to your destination website. The server will not know where you are from. There is one little exception here, if you are going straight to onion site directly you do not leak any IP data. BUT, if you were to browse to a clearnet site like tor.taxi. You might leak DNS data, because before the browser is able to connect to tor.taxi, it needs to know the IP address of the server, where will it be getting from? Your ISP DNS server unless you set it manually to Google 8.8.8.8 or Cloudflare. This test will tell you which DNS server it is using. (https://browserleaks(dot)com/dns). If it says, your ISP DNS then it is a leak. Firefox now allows DNS over HTTPS (DOH), do some search how to set that, at least your ISP will not know which site you’re browsing.

2. The Javascript CURSE. (https://browserleaks(dot)com/javascript)

TURN THIS DAMN THING OFF!!!

It is a curse, if this is enabled all of the following test which I will go through below will FAIL!. How to turn it off, please read the DN Bible or do some research how to turn it off entirely. I am not going to spoonfeed you, you need to learn as I said earlier if you learn you have a big chance of not getting busted.

There are so many digital fingerprints leaked to the server when javascript is enabled. I can’t mention all, just run the test it will tell you all.

3. WEBRTC Leak Test (https://browserleaks(dot)com/webrtc)

Most modern browser allows the use of webcam and microphone attached to your computer to do video conferencing via browser. Video Conferencing like Zoom through web browser uses this. What information is there? Well, this will give out your webcam device ID, what model of webcam you are using, which brand it is. When LE bust your door, they already have all the information with them, they already know what webcam brand you are using, once they are in your house and sees your webcam, that already matches one digital fingerprint. Below settings will disable WEBRTC of the browser in about:config.

media.navigator.enabled = false

media.peerconnection.enabled = false

This is particularly important for notebook users or mobile users as these devices have built in camera and microphone.

4. Canvas Fingerprint (https://browserleaks(dot)com/canvas)

If you are using modern browsers and supports HTML5 most probably there is canvas fingerprint. Some websites display an empty PNG picture, and you can get the canvas signature and PNG hash and PNG headers of that empty PNG picture. If you disable your javascript, this will be turned off.

5. WebGL Fingerprint (https://browserleaks(dot)com/webgl)

This is for video rendering and your graphic card. It will expose your graphic card vendor, renderer, WebGL Image Hash. If the LE has this digital fingerprint, they can look at your hardware and match against your graphic card.

6. Font Fingerprint (https://browserleaks(dot)com/fonts)

This depends on the locale when you set up your operating system, if you are in Russia and your operating language is set to Russian, you will have russian fonts. If you are in Netherlands and you need to browse Dutch sites with Dutch language you will have Dutch font as well.

7. Geolocation API (https://browserleaks(dot)com/geo)

This is also available if your browser has HTML5 capability. I am pretty sure everyone has visited Google Maps, the map canvas is in HTML5 and it is geolocation API capable. Together with your IP address and many other information, google maps able to pinpoint your exact location. You will come across that when you visit some sites, your browser will pop up asking you if you want to share your location. This is Geolocation API of the browser.

I do not want to go to number 8 and so on, there are many tests you can perform using browserleaks.

I strongly suggest everyone to perform all of these tests on the browser you are using, be it on the PC or on the MOBILE !!! PERIODICALLY!! AT LEAST ONCE A WEEK, software updates may alter your configuration.

For those who passes all the test but would like to see what information are being leaked, use your NON tail/whonix/tor browser. Just the usual Chrome, it will show you all the digital fingerprint exposed.

Finally, for those who thinks you are good at the beginning of this article, if you fail any of these tests above. YOU ARE NOT GOOD. Time to rethink your OPSec.

For those who passes all, this is just the tip of the iceberg, this is what your browser leaking. I have not even touch about network packet data leaking such as VPN leaking. Maybe, maybe when I have the time, I will write about it.

So long, stay safe and have a great day.

Other Browser Leak Test

https://coveryourtracks.eff(dot)org/

https://deviceinfo(dot)me

Thanks to /u/socat2me

Browser About:Config to Turn Off

/post/9d9dbd14d3735e03b688 - /u/HeadJanitor

More Guides Here

/d/Guides

Comments (23)
/u/Duncan_Idaho P · 3 votes · 1 month ago · Link

I am the mod for ASAP here on Dread, I am on Qubes-Whonix. The isolation offered by the sandbox is real opsec security, I love this combo.

Great post btw, keep this type of work up.

Duncan

/u/vekocy OP · 2 votes · 1 month ago · Link

Yes that's the best of the best, because Qubes is designed for isolation.Great to hear you are using that!

/u/hp_617 · 1 votes · 1 month ago · Link

Qubes is such an amazing OS for our OpSec.

/u/Duncan_Idaho P · 2 votes · 1 month ago · Link

Yes it is. It was worth learning.

/u/tearex · 2 votes · 1 month ago · Link

good write up .. Thanks.

/u/We_Are_9000 Paranoia Level · 2 votes · 1 month ago · Link

Triple Baaqqwqweerreeewwwqqqaaqqwwee!!!!! Been telling all you fools!!!!!

Isolation is freaking KING!!!!

Tails is a false religion that can not protect your real IP address, does nothing to prevent the man in the middle attack!!!!

Tails can kiss my 9K arse!!!!

I Am IMMORTAL!!!!

/u/vekocy OP · 2 votes · 1 month ago · Link

Tails and Torbrowser only is good enough, but some of us installed custom Firefox for clearnet browsing together, that's where it fails. I did that because I hit a Javascript site.

/u/socat2me · 2 votes · 1 month ago · Link

Also it seem like every time TAILS has a security vulnerability found it's like a soul-crushing remote code execution 0-day lol

/u/HeadJanitor Moderator · 2 votes · 1 month ago · Link

/post/9d9dbd14d3735e03b688

Overlap.

It all starts with JavaScript.

/u/Hungry_Eyes O_O · 2 votes · 1 month ago · Link

Thank you for sharing that again. I hadn't saved the link the first time I saw it, and couldn't find the bloody thing again to save my life. You rock!

/u/HeadJanitor Moderator · 1 votes · 1 month ago · Link

You are crushing it!

/u/dontlaugh Shaman of the DarkNet · 1 votes · 1 month ago · Link

i read this and was thinking, tl;dr turn off JS.

/u/HeadJanitor Moderator · 1 votes · 1 month ago · Link

That's all it boils down to -- turning off JavaScript. Then the games begin.

/u/Pygmalion Vendor Opsec · 1 votes · 1 month ago · Link

SELinux is the answer.

That feeling of adrenaline when you turn JS on and enter a honeypot.

May technology guide me.

/u/hp_617 · 1 votes · 1 month ago · Link

Some well said words, thanks for informing us <3 much love

/u/AntiguaPete · 1 votes · 1 month ago · Link

This was a great write up, thank you

/u/socat2me · 1 votes · 1 month ago · Link

Now if I can just learn how to harden my cock!

Check out these two resources as well:

https://coveryourtracks.eff.org/ - Run by the electronic frontier foundation. Tests how protected your browser is from tracking, but also the uniqueness of your browser's fingerprint. It gives you a very in-depth explanation of some of the variables used to track you and how unique your value is. For example, I ran it in my normal browser and here are just two of the many items in fingerprint metrics:

System Fonts

CENSORED

What is this?

To determine your system fonts, tracking sites commonly display some text in an HTML <span> tag. Trackers then rapidly change the style for that span, rendering it in hundreds or thousands of known fonts. For each of these fonts, the site determines whether the width of the span has changed from the default width when rendered in that particular font. If it has, the tracker knows that font is installed.

How is this used in your fingerprint?

The list of fonts you have installed on your machine is generally consistent and linked to a particular operating system. If you install just one font which is unusual for your particular browser, this can be a highly identifying metric.

Bits of identifying information: 17.73

One in x browsers have this value: 217473.0

----

Screen Size and Color Depth

CENSORED

What is this?

The dimensions of your current browser window, and its color depth.

How is this used in your fingerprint?

While this metric can supplement other information, it’s often too ‘brittle’ to be usable by trackers because users can easily change their browser window dimensions.

Bits of identifying information: 8.81

One in x browsers have this value: 449.32

The flip side of increasing privacy is that often by improving your tracking protection, you can actually make your browser become more unique. With a normal browser there are less ways around this trade-off. One of the great things about Tor browser is that it's designed in such a way so that it attempts to make every user look the same.

https://deviceinfo.me - shows you most of the query-able information associated with your browser. Cool site I highly recommend checking it out. Also good for double-checking that you have things properly disabled as well.

/u/vekocy OP · 1 votes · 1 month ago · Link

This is real good test one click test all. It says I have strong protection against tracking.

Thanks for sharing the sites.

/u/savchapo · 1 votes · 1 month ago · Link

appreciate the info. you saved me from a raid

/u/anon64583551 · 1 votes · 1 month ago · Link

Is there a way to have javascript turned off on about:config and settings page automatically or saved in persistence when you boot up on Tails 5.1.1? Also, my homepage is always set to tails. I'd like to set it to a blank page but I don't see anyway of storing that setting. Anybody can help with this or let me know if it's possible?

/u/vekocy OP · 1 votes · 1 month ago · Link

Thanks mod for pinning this. I hope to write more there are much to write.

I do not like to write it in clearnet. I dont know why.

Just like to write anonymously.

Thanks.

/u/HugBunter

/u/MunMunMun

/u/HeadJanitor

/u/Pygmalion

/u/brokeboineverrich · 1 votes · 4 days ago · Link

as far as i can tell js is the main root of the problem and it has a very long rat tail. Imo the best option overall is to run vms on your base system, for most people at least. One with js and all that other shit dissabled and another one for normal browsing(youtube, twitter etc) sites that need js to work obviously. and don't use Windows unless you like built in spyware.If your just starting out and have no experience with linux you don't need to start with qubes as a Base system you can start with arch or mint even(to get familiar with the whole linux thing). Plus a "good" vpn and you should be good. Use the leak test sites and use your brain.

This is "advice" for the "average" user thats just staring out. But hey, do a bit of you own research since I'm just a random on dread.

correct me if i wrote something retarded!

/u/deadstar0101001 · -3 votes · 1 month ago · Link

Yawn..