we navigate the web, our browser leaves a channel “open”, allowing any site to
get the following information:
-
Resolution, color depth
-
Active plug-ins and the related versions
-
Current
time and Timezone
-
WebGL Fingerprint
-
List of fonts in the Operating System
-
Current language
-
Operating System and version
-
User Agent, namely the browser and the underlying technology, and its
version
-
External devices, like a Touchpad
-
Use of AdBlock
-
... and all what we have already discussed of.
You will be amazed by knowing the amounts of information we release over
the websites we visit. If you wish, you can run a test
on the Panopticlick site
[78]
,
developed by EFF. Using Opera on a freshly formatted OSX 10.11.5, the result
shows that the browser is unique across more than 139,000 tests (Figure 23).
6.10.2 Defending yourself from Browser Fingerprinting
If you accurately followed each single recommendation from the previous
topics, your browser is probably quite secure. You can do more, however. The
trick is changing the game, handling the aforementioned resources. Each
browser allows some “covering-up”, such as changing the font list, disabling
plug-ins, etc. However, this topic would require more than a single book! You
can use some extensions/add-ons, though, for example:
-
FireGloves
[79]
, available for
Mozilla Firefox
-
StopFingerprinting
[80]
, available for
Google Chrome
6.11 File Downloading
This category includes all the files that are downloaded but, once opened,
may reveal information about your online data. When you need to open any
files, you should use tools like a
Virtual Machine on a host computer not
connected to Internet. Files downloaded from the Internet may contain
executable code capable of communicating outside the anonymous network: for
example, with the proper knowledge, some arbitrary scripting code can be
inserted into
Word or
PDF files,
not mentioning, of course, the classic
executables available for your operating system (.exe, .dmg, .sh and so on).
6.12 Browser Security Test
Browser Security is a very complex and ever changing topic, and requires an
extensive knowledge from multiple fields. Currently, the most complete and
reliable tool to test your browser and its security is offered by BrowserSPY
[81]
,
allowing to verify the existence,
or rather the exposition, of any technology in
the browser.
Using this tool is quite simple: each item on the left side of the screen will
open a technology summary tab, and a list of values exposed to the network. You
must ensure that all the items that may somehow compromise your anonymity
are properly hidden, possibly exploring the ones that have not been covered in
this document.
7. Data Security
If, despite all precautions, somebody is accused of a crime – something I
would not want anybody to go through – all IT devices
potentially leading to a
crime may be confiscated.
Computer forensics is the IT branch that studies methods and approaches to
find any data inside an IT device. Such field has been quite successful in recent
years: just think about the number of cases solved thanks a phone call, a picture
taken by a smartphone or recovered files from a criminal’s computer.
Furthermore, it has deeply changed and evolved: until a couple of years ago,
everything was confiscated together with the computers: keyboards, monitors
and mouse mats, and for no good reason!
Nowadays, labs and highly trained personnel are involved and results are
often excellent. The forensic research practices may
be used by law enforcement
bodies – their actions are subject to the applicable laws – as well as by anyone
skilled enough to perform them. As we will see, some of these skills can be
easily learned and, except in rare cases, won’t require any particular tool. In this
Do'stlaringiz bilan baham: