Web Browser Security — BrowserLeaks.com άλφα

Since the ancient times it is considered that the IP Address and the HTTP Cookies is the only reliable digital fingerprints which affects the online privacy and web browser identity. After a while, the privacy invaders began to looking for the ways to increase the user-tracking reliability to identify users from the general flow, they started to collect more and more additional user sensitive information.

Today the situation is more disappointing. Modern web browsers has not been architected to assure personal web privacy. Developers of major anonymity networks like TOR have no choice to edit the source code of a web browsers to somehow smooth over the situation, but this is sometimes not enough.

BrowserLeaks.com — It's all about Web Browser Fingerprinting. Here you will find the gallery of web browser security testing tools, that tell you what exactly personal identity data may be leaked without any permissions when you surf the Internet.

All features are separated into sections according to the used technology:

IP Address

Main tool that illustrates server-side abilities to expose the user identity. It contains a basic features, such as Showing Your IP Address and HTTP Request Headers. As well as Proxy Detection in all possible XFF headers. GeoIP Data Acquisition about the general IP Address and all of a Proxy IP's (Country, State, City, ISP/ASN, Local Time, Latitude/Longitude), and put all IP places to the Google Maps. In addition, here is a very beautiful feature — Passive TCP/IP stack OS Fingerprinting.

JavaScript

A lot of user data can be obtained using common JavaScript functionality. DOM Window Object disclose much of sensitive information about the web browser: User-Agent, Architecture, OS Language, System Time, Screen Resolution. There is a listing of the NPAPI Plug-ins and Windows Explorer Components. Also there is already implemented: detection and obtaining data through a brand new HTML5 API's, such as the Battery Status API and the Network Information API.

Java Applet

What kind of permissions JVM has, when it run a usual unsigned Java Applet? It can be the extended Java Machine description, OS Detection: Name, Version, Arch, User Locale, and some file system related information. JRE produce the CPU Cores counting, amount of Dedicated Memory, JVM instance Uptime. Network Interfaces Enumerator discovers the description of each Network Adapter.

Flash Player

Describes the Operating System and Flash Player Runtime properties that can be provided through the use of Action Script 3 System Capabilities class. Such as Flash Version, Plugin Type, Operating System, Manufacturer, System Language, Web Browser Architecture, Screen Resolution, and many other properties that describe the hardware and multimedia capabilities of the system.

WebGL

The dump of a static WebGL Context parameters more or less related to a web browser identity. Such as Vendor Name, Renderer Engine, and other figures like Shaders Amount, Buffer and Textures Size. Also this page contains the How-To about WebGL in a modern web browsers.

Geolocation API

The live demo example about what the HTML5 Geolocation API is. Also it provide the Google Maps Reverse Geocoding with fancy Markers and on-the-map Accuracy Indicator. It should work both with W3C Geolocation API, and with third-party solutions like Google Gears too.

Content Filters

The set of demos that try to determine Content Filters usage, is the type of applications that operate between the browser and the web page, and are designed to manipulate the connection and content of a visited web pages. Among them are OpenDNS, TOR, Privixy, Adblock Detectors.

Canvas Fingerprinting

Browser Fingerprinting without any of user agent identifiers, only through HTML5 Canvas element. The method is based on the fact that the same canvas-code can produce different pixels on a different web browsers, depending on the system on which it was executed.

Do Not Track

This tool detects support in your web browser the brand new super-duper security privacy tracking protection feature — Do-Not-Track.

System Fonts

In addition to the Flash Player tool, this one use Flash to detect System Fonts. Besides here you can test any text phrase on all amount of founded fonts.

Experemental/Temporary/Deprecated Web Tools

Privacy Policy

No information is collected, only usual httpd access log. All cookies is browser-based, and there are no sessions. But some embedded stuff: requests to Google Analytics, Maps, and CDN. You can forbid all of it via Privacy Settings.

About

This site was made under impression many years ago of the famous website «Leader Investigation Report», and long time I had desire to make that some similar, but much more modern. And I hope you found here something that did not see before.

The source code is not friendly to copy-paste. But please feel free to contact if you have any questions about implementation.