Site > News
MEMBER SECURITY RISK AT VESPIARY
WizardX:
--- Quote from: hamsterbob on May 16, 2020, 09:41:04 AM ---Payed RDP to VPN simple.
--- End quote ---
Incorrect! If javascript is disabled the same message...
--- Quote ---Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO
--- End quote ---
...javascript RUNS client side (on your browser's PC side), so your vulnerable.
iknowjt:
--- Quote from: Wizard X on June 02, 2020, 04:39:37 AM ---
--- Quote from: hamsterbob on May 16, 2020, 09:41:04 AM ---Payed RDP to VPN simple.
--- End quote ---
Incorrect! If javascript is disabled the same message...
--- Quote ---Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO
--- End quote ---
...javascript RUNS client side (on your browser's PC side), so your vulnerable.
--- End quote ---
Connected via TAILS, forced to solve several CAPCHA's.
If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?
Hooloovoo:
--- Quote from: iknowjt on June 12, 2020, 01:38:30 PM ---If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?
--- End quote ---
Browser fingerprinting, maybe?
I dunno - just spitballing.
WizardX:
--- Quote from: Hooloovoo on June 12, 2020, 02:33:09 PM ---
--- Quote from: iknowjt on June 12, 2020, 01:38:30 PM ---If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?
--- End quote ---
Browser fingerprinting, maybe?
--- End quote ---
Browser fingerprinting, and much more.
Go to this site https://www.whatismybrowser.com/ with javascript disabled and then enabled. See the info it can gather.
Another is, https://panopticlick.eff.org/
iknowjt:
--- Quote from: Wizard X on June 15, 2020, 12:03:27 AM ---
--- Quote from: Hooloovoo on June 12, 2020, 02:33:09 PM ---
--- Quote from: iknowjt on June 12, 2020, 01:38:30 PM ---If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?
--- End quote ---
Browser fingerprinting, maybe?
--- End quote ---
Browser fingerprinting, and much more.
Go to this site https://www.whatismybrowser.com/ with javascript disabled and then enabled. See the info it can gather.
Another is, https://panopticlick.eff.org/
--- End quote ---
WizardX, by the way I am in 100X agreement with all of the concerns you raise and have admired you as a leader in our community for over 10 years.
And to be clear, I never questioned anyone or any site warning me that I must disable JS. I learned C++, exclusively console programming intended for a career in matters closer to the bare metal. Of course I know basic HTML, and have a grasp of the big picture. I was just wondering if you could elaborate.
Browser fingerprinting usually involves cookies, client side js code executing dynamic content, or server side - all the other languages - .
But on TAILS even if all this data starts getting collected, it's perfectly generic, or near perfectly. Since TAILS makes it almost impossible to customize anything.
I mean I understand the there could be a plethora of JS 0day exploits floating around, and sites built by 'the good guys' won't even allow you to proceed if they detect your JS is enabled.
My 'manifesto is at the bottom of this thread:'
https://www.thevespiary.org/talk/index.php?topic=15181.0
Please Note, if you get the chance, the call to action proposal that I conclude my rant with. It would be a win-win solution. I see you are fighting for a just cause, and I want to help.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version