Are you really anonymous?


#1

Do you think that switching to your browser’s private browsing mode or incognito mode will make you anonymous? Then click:

https://www.nothingprivate.ml/

Don’t actually use your real name :slight_smile:
A cool little proof of concept, awareness-raising project


(Fox Mulder) #2

18%20PM Yep I am anoymous. :slight_smile:


#3

@RYUZ4KI @foxmulderx
Cool Project! Also in addition to whatever service/VPN you use to go anonymous, you can also use different search engines while inside private browsing (incognito) mode, for example: https://duckduckgo.com/ or any type of search engine that allows additional security measures to be taken (while staying anonymous and secure).

-Archangel


(Security Architect & Founder) #4

I just used a VPN + Changed my User agent and that was enough to fool it.


#6

Interesting and cool project!
Reminds me of https://amiunique.org/ but with actually showing the tracking in action.

I would argue though that normally there isn’t any claim for Incognito mode to make you anonymous

Where Chrome only says what it’s meant for on their help page
“When you browse privately, other people who use the device won’t see your activity.”
(https://support.google.com/chrome/answer/7440301)

Firefox even declares that it’s not in the slightest meant for that
“Important: Private Browsing doesn’t make you anonymous on the Internet. Your Internet service provider, employer, or the sites themselves can still track what pages you visit. Private Browsing also doesn’t protect you from keyloggers or spyware that may be installed on your computer.”
(https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history)

Although it would be interesting to test how Brave competes considering its ability for incognito/private mode to use tor.
(https://brave.com/tor-tabs-beta)


#7

Slightly off-topic, but isn’t anonymity less binary than it was in the past? Say, dependent on the resources of your attacker? I think past busts of hackers who did many things to be anonymous illustrate the ability of dedicated state-level actors. After learning about time-based attacks (identifying users based off of the times they access resources tied with their identity), I wondered if there is a way to achieve “true” anonymity, or even sufficient anonymity to dissuade attackers that fit an “average” threat model. It seems to me that as humans we cannot be so thorough as to never overlook a crucial factor.


(← ∨ ↑ = ␀) #8

Well anonymity, as with many things in life, is a spectrum. Short of not having a birth cert and ever having held gainful employment, someone knows who you are and what you’re doing.

I was reading a book a few weeks back about anonymity and a comparison was made that for the regular Joe Schmoe in the street, full state-level anonymity shouldn’t matter just add to the noise. However if you’re trying to evade Mossad, no level of browser extensions and browsing safety is gonna help. They gon’ gitcha,… and probably kill ya.

I might do a post on threat models, shit fascinates me.


(Zain) #9

To answer the question in the title… no. XD


#10

I’d like that. I was just speaking about how important it is to understand your threat model when securing a system (physical or digital).


(fxbg) #11

I always thought that the incognito mode was just to keep your gf from seeing your porn history.


(Zain) #13

Or other questionable activities… and we all know what I mean… xD


(Security Architect & Founder) #14

Watching Doja cat on YouTube? @REal0day


#15

Huh, I thought DuckDuckGo running through Firefox would be safe, suppose I will have to start running a VPN on my browser.


#16

Uses this Javascript tool to obtain your browsers finger print


(Alex) #17

i didnt know that lol, i’d better watch out next time


(Zain) #18

Interesting share. I looked at it briefly and it looks well done. Thank you for sharing!

~Cheers!

–Techno Forg–


(Pylot) #19

I have addons that ban tracking, im safe! :stuck_out_tongue:


(bin shift) #20

I know you are being funny. :sunglasses: Check out https://panopticlick.eff.org/ I have most of EFF tools installed. I even tried noscript, but that kills everything, even JS in 0x00Sec site. But nice test. This tests for tracking, and fingerprinting, pretty nice results


#21

What a well-named service! I approve.