To whomever reads this message:
I am writing an article about how people are successfully identified and tracked on the Web, even when connecting through a VPN like RiseUp, due to people being careless and disregarding unique "metadata" that's provided by their computer to a router or to a web server. The ultimate goal of my article will be to:
1. Show people how a VPN is NOT the "be all, end all" of Internet privacy
2. Teach people how to implement the proper countermeasures to not divulge (or spoof) metadata and thus avoid being identified and tracked
3. Even so, encourage people to sign up for a VPN (ideally one with multiple hops and extra-jurisdictional separations of concerns)
Although the actual content of the article is much more in-depth, I would like to share the following items with the RiseUp crowd, since among the people that read this message I consider there to be some digital privacy experts. As the basis for my article, I am citing the following as the current methods by which you can be identified and thus possibly tracked OUTSIDE of a VPN tunnel.
1. MAC address
2. IP address and IP-based Geocoding (supposedly masked by the VPN)
3. HTML5 Geolocation API
4. User Agent and other Browser information
5. Date and Time (e.g. computer's date format and time zone, as well as the calculated difference between the web server's time and the computer's time)
6. JavaScript special properties (e.g. Battery Status API):
7. HTTP Headers and System Languages
8. Screen Resolution and other properties (e.g. PixelDepth and ColorDepth)
9. Canvas Fingerprinting
10. WebRTC (Web Real-Time Communication) API
11. Operating System detection (via JavaScript or TCP/IP stack OS Fingerprinting)
12. Behavioral tracking
13. Network topology traffic analysis
In addition to the above types of metadata, do you know of any other types of data OR just WAYS that a person/computer can be uniquely identified and/or tracked by browsing the Internet, even while connected through a VPN?
Thanks in advance for your time and expertise.
I’m no expert, a simple experimental user but if you use a VPN, make your Firefox secure. No cookies, No Javascript, no Frames. Use uMatrix, disable WebRTC, use CanvasBlocker. Use a firewall too, yet I’m not sure how to configure it. So I left ufw unchanged.
If you use Riseup as a VPN provider for Bitmask VPN, your IP is always the same for a given server (for ex. Riseup.net server in the US), So a lot of people share the same IP.
Bitmask is still beta, Riseup.net authentification is deprecated, and we often get TLS unsync. So, Bitmask is unsafe but I use it because I’ve got nothing to hide, just want to learn how to use a VPN.
Ultimately, you need to trust Riseup.net as a provider and Bitmask/Leap servers which provide their own DNS, so Bitmask is like your ISP, they can see all your connections. Maybe that’s something people may forget. We have no information as to whether the Bitmask servers are properly configured and the Bitmask people have a no-log policy.
If you use Riseup as a VPN provider for Bitmask VPN, your IP is always the same for a given server (for ex. Riseup.net server in the US), So a lot of people share the same IP.
Bitmask is still beta, Riseup.net authentification is deprecated, and we often get TLS unsync. So, Bitmask is unsafe but I use it because I’ve got nothing to hide, just want to learn how to use a VPN.
Ultimately, you need to trust Riseup.net as a provider and Bitmask/Leap servers which provide their own DNS, so Bitmask is like your ISP, they can see all your connections. Maybe that’s something people may forget. We have no information as to whether the Bitmask servers are properly configured and the Bitmask people have a no-log policy.
Can't wait to see this article once it's complete! Certainly sounds like something that could be added to the help pages.
@Gnulux,
Realising the year old date of your post, I would still appreciate posing a simple response. While this reply is to your post, it is also to all those who at some point in their lives may state the same belief in any sort of context, that is “I’ve got nothing to hide...”. To those people I say this: Let me watch & listen to you whatever you’re doing whenever I feel like it. Moreover, let my friends help out by watching the rest of everything you do whenever they want by watching unlimited, around the clock recordings of every single thing you do and say during your entire lifetime.
Peace brothers and sisters!
Realising the year old date of your post, I would still appreciate posing a simple response. While this reply is to your post, it is also to all those who at some point in their lives may state the same belief in any sort of context, that is “I’ve got nothing to hide...”. To those people I say this: Let me watch & listen to you whatever you’re doing whenever I feel like it. Moreover, let my friends help out by watching the rest of everything you do whenever they want by watching unlimited, around the clock recordings of every single thing you do and say during your entire lifetime.
Peace brothers and sisters!
Thanks to share such information with us. I am really happy with the same and got what i was looking.
--
Web Owner At http://xplormedia.com/web-development-services-company/
--
Web Owner At http://xplormedia.com/web-development-services-company/
Source - http://manchesterwebdesigncompany.co.uk/