23

Do anonymous browsers work? What principles do they use? Can I use them to test access to my web site? Can I detect if a visitor is using one? What is the different between traditional and anonymous browsing?

While I am getting answers I have found something new:

kalina
  • 3,374
  • 5
  • 21
  • 36
garik
  • 1,292
  • 15
  • 24

3 Answers3

13

There are a lot of ways how to identify who you are, here are some of them:

  • get information about user from HTTP headers (not reliable, can be modified);
  • detect browser by CSS/JS specifics by using hacks;
  • get information by using JavaScript (can be switched off);
  • by detecting and using plugins;
  • possibly other methods I forgot;

As a proof of all above, you can check Metasploit Decloaking Engine: http://decloak.net/. Some basic information and further links you can get here: http://0x416d73.name/ws and this one: http://panopticlick.eff.org/. Also, a lot of information you can get by Googling "browser sniffing".

It is important for yourself to understand which level of anonymity you want to get. This is relied upon other question - why do you need it? I believe that it is nearly impossible to hide yourself in internet, at least, if you are connecting from your PC.

  • +1 Thank you for links. We need to know our enemy. Right? There is one of ways to attack is framing someone's computer, because it's impossible to hide all information about attacker or visitor (or it is very difficult), right? – garik Nov 29 '10 at 14:03
  • @igor - what do you mean with "framing someone's computer"? –  Nov 29 '10 at 14:15
  • I meant: using(controlling) someone's computer to attack other ones (sorry for my english). is it "framing"? could you confirm this term? – garik Nov 29 '10 at 14:22
  • Frankly speaking, never saw using "framing" in such context, but I do not deny it could be called so. "Framing" is overloaded term today, maybe others could confirm. –  Nov 29 '10 at 14:55
  • @garik: There is a site for that question: [english.stackexchange.com](english.stackexchange.com) – 700 Software Aug 09 '11 at 01:54
10

I am going to assume you are talking about web browsers' private browsing feature. If that's not what you meant, please elaborate.

Be warned that private browsing does not protect your anonymity. This is counter-intuitive, so let me explain.

  • What private browsing does provide: Private browsing is designed to protect you against so-called "browser betrayal": in other words, it prevents information about your past browsing from leaking to other people who may later be looking over your shoulder as you use your browser. For instance, it refrains from keeping logs or updating the browser history.

  • Example scenario: I regularly visit a breast cancer survivor's forum to help me deal with my breast cancer. Then one day, I'm giving a presentation, with my laptop hooked up to the projector, and I open up my browser and start typing in the address bar to go to some mundane site. If I'm unlucky, the breast cancer survivor's forum might show up as one of the URL suggestions, revealing my cancer status to an audience who I didn't want to know that about me. If I had used private browsing mode when visiting the breast cancer survivor's forum, that wouldn't have happened. Private browsing mode is designed to prevent this kind of embarassing scenario.

  • What private browsing does not do: Private browsing does not prevent web sites from learning your identity or tracking you. Private browsing does not provide anonymity.

I realize this is counter-intuitive; the name "private browsing" is perhaps unfortunate.

Additional reading: An analysis of private browsing modes in modern browsers.

D.W.
  • 98,860
  • 33
  • 271
  • 588
3

If you are also referring to browser builtin "privacy" functions - e.g.

  • IE InPrivate
  • FF PrivateBrowsing
  • GC incognito
  • etc

Then it works differently:
Not so much anonymous, but really just seperates between that and your regular browsing.
I.e. no history, no caching files, no stored cookies - also, "private" browsing will not use your existing cookies and such.
This creates a sort of "sandbox" (weak though it is) around your "private" browsing, of which no trace should be left afterwards. (should be is the operative word...).

AviD
  • 72,708
  • 22
  • 137
  • 218
  • +1 at least, css hack does not work (tested)... :) thanks. I will try them on my favorites browsers. – garik Nov 30 '10 at 23:37
  • 2
    @igor, Glad to hear its good for something :). Note that these only (except the CSS hack) protect your privacy on your own machine. Other than cookies and such, there is very little effect on the servers you browse *to*. It would be cool if this feature did tie in with Tor and the like... – AviD Nov 30 '10 at 23:49