Actions

Browser Tests

From Whonix

(Redirected from Ip-check.info)


Amiunique.png

Interpreting Test Results[edit]

Sites like whoer.net or ip-check.info are unable to adequately assess and demonstrate the threat of fingerprinting techniques with respect to Tor Browser. These sites generally check for various browser characteristics as well as enabled functionality to reveal specific identifiers. Many of these identifiers require JavaScript, but reports commonly include elements like HTTP headers and attributes, the User Agent, numerous JavaScript attributes, IP address, operating system indicators, browser plugins, cookies, cache, browser window dimensions, fonts and so on. If these elements are enabled/activated, then the browser test sites provide more fine-grained results -- although the Tor Browser design [archive] has already taken many into account.

Tor Browser developers have carefully considered Cross-Origin Identifier Unlinkability [archive] and Cross-Origin Fingerprinting Unlinkability [archive] defenses in their anonymity design. Efforts are focused upon:

  • First party isolation of all browser identifier sources (such as cookies, cache etc.) by browser tab. These are deleted after closing the browser, but are saved temporarily while the browser is open so most sites are accessible.
  • Specific fingerprinting defenses such as disabling browser plugins, preventing HTML5 data extraction, preventing access to the local host and WebRTC API, resizing browser windows to specific dimensions, and many more.

A fundamental principle adopted to improve Tor Browser anonymity is to make all users appear as uniform (similar) as possible, thereby greatly reducing the effectiveness of tracking efforts by various websites and network observers who rely on identifiers. To learn more about how The Tor Project is preparing to defend against future fingerprinting threats, refer to this recent (2019) blog post: Browser Fingerprinting: An Introduction and the Challenges Ahead [archive].

Making Browsers Safer[edit]

Browser fingerprinting defenses are imperfect and most probably always will be. [1] However, steady improvements are being made over time despite the emergence of novel tracking threats identified by researchers and developers alike. There are certainly too few volunteers who are seriously focused on testing browsers and defeating browser fingerprinting methods.

If you are reading this page, then it is safe to assume being anonymous (less unique), and remaining so is of great interest. Users with a serious intention to research these issues are encouraged to assist in accordance with their skills. Testing, bug reporting or even bug fixing are laudable endeavors. If this process is unfamiliar, understand that about thirty minutes is required per message / identifier to ascertain if the discovered result [2] is a false positive, regression, known or unknown issue.

To date, none of the various leak testing websites running inside Whonix-Workstation ™ were ever able to discover the real (external), clearnet IP address of a user during tests. This held true even when plugins, Flash Player and/or Java were activated, despite the known fingerprinting risks. Messages such as "Something Went Wrong! Tor is not working in this browser." [3] (from about:tor) or "Sorry. You are not using Tor." (from check.torproject.org) are in most cases non-issues. If the real, external IP address can be revealed from inside Whonix-Workstation ™, then this would constitute a serious and heretofore unknown issue (otherwise not).

It is unhelpful to ask questions in forums, issue trackers and on various mailing lists with concerns that have already been discussed, or which are known issues / false positives. In all cases, please first search thoroughly for the result that was found. Otherwise, the noise to signal ratio increases and Whonix development is hindered. Users valuing anonymity don't want this, otherwise this would violate the aforementioned assumption.

If something is identified that appears to be a Whonix ™-specific issue, please first read the Whonix Free Support Principle before making a notification.

Browser Test Sites[edit]

AmIUnique[edit]

Figure: AmIUnique Test in Whonix ™

Amiunique.png

Doileak.com[edit]

  • https://www.doileak.com [archive] -- This is another site testing the most common leaks such as IP address, operating system, browser, connection type, timezone difference, WebGL support and so on. However, it includes some uncommon tests such as UDP and torrent leak tests.

Figure: Doileak.com Test in Whonix ™

Doileak.png

Fingerprint Central[edit]

Fingerprint Central [archive] is the successor to the https://fpcentral.irisa.fr [archive] website which now appears defunct. The original code is still found on GitHub [archive] and can be run locally to help Tor Browser developers rapidly create prototype defenses. [4] The same researchers run Fingerprint Central and have designed the test to differ from Panopticlick so it is dedicated to testing discrepancies between Tor Browser instances only. This assists Tor Browser developers test before releases.

Figure: Fingerprint Central Test in Whonix ™

Fpcentral.png

ip-check.info[edit]

https://ip-check.info [archive] -- This site is associated with the JonDonym anonymizing software and includes common fingerprinting vectors such as IP address, cookies, user agent, browser window dimensions, fonts and so on.

In past forum discussions, users were confused by some false values that were reported by the test; see footnote. [5] Complete faith cannot be placed in the browser test, since ip-check.info is not free/Libre/open source software (source [archive]), which means it is unlikely others can fix the test code. Further, since the test service is hosted by an alternative anonymizing network (JonDonym [archive]) with an associated JonDoFox [archive] anonymous browser -- a potential alternative to Tor / Tor Browser -- it is impossible to rule out biased results related to financial incentives (premium accounts).

Figure: ip-check.info Test in Whonix ™

Ipcheckinfo.png

Panopticlick[edit]

Panopticlick was first launched in 2010. It is designed to gather information about common identifiers such as operating system version, browser, plugins and so on and compare it against a central database of many other Internet users' configurations. In addition, it tests tracker blocker effectiveness including tools like AdBlock, Disconnect and Ghostery. [6]

To learn more about EFF's panopticlick test [archive] and what it signifies for Tor Browser, refer to the following blog post by The Tor Project: EFF's Panopticlick and Torbutton [archive].

Figure: Panopticlick v3 Test in Whonix ™

Panopticlickv3.png

The Tor Project[edit]

Info Note: For information concerning the about:tor message, refer to the following forum [archive] [3] discussions [archive].

https://check.torproject.org [archive]

User are requested not to post any "Sorry. You are not using Tor." questions in the Whonix ™ forums unless certain it is not a false positive. If this message appears, it is unnecessary to be concerned since:

  • Whonix ™ is designed to tunnel everything over Tor.
  • https://check.torproject.org [archive] (check.tpo) sometimes fails to detect Tor exit relays. This is a bug in check.tpo, which only The Tor Project can fix.
  • Previous reports were IP addresses unassociated with the user's real, external, clearnet IP address. To discover your clearnet (non-Whonix) IP address, visit one of the sites on this page from the host or a non-Tor virtual machine.
  • ExoneraTor can be accessed with Tor Browser on the host. ExoneraTor is a website [archive] hosted by The Tor Project [archive] that indicates whether a given IP address was a Tor relay on a specified date.

Figure: Successful Tor Network Check in Whonix ™

Checktorproject.png

WhatIsMyBrowser.com[edit]

  • https://whatismybrowser.com/ [archive] -- This is a general fingerprinting site that tests for common leaks including web browser settings, screen resolution, IP address, use of the Tor network and so on.

Figure: WhatIsMyBrowser.com Test in Whonix ™

Whatismybrowser.png

Whoer.net[edit]

https://whoer.net/ [archive] -- This is another site relying on common fingerprinting methods, including browser attributes, IP address, language localization, time, WebRTC, plugins, cookies and so on.

Figure: Whoer.net Test in Whonix ™

Whoernet.png

Other Services[edit]

Interested readers are encouraged to try the browser test sites below, as well as researching and adding further resources here:

Miscellaneous[edit]

See Also[edit]

Footnotes[edit]



text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.