IP Check: Next generation of website tracking analysis
The IP check is a free and easy understandable anonymity test. The test shows at a glance which attacks a website may launch on your privacy. Moreover, you get recommendations for possible counter measures. It explains which data your own web browser sends to websites. A website may use this data to create an individual profile of your computer. By misusing such a profile, you may later get identified reliably on this or on another website.
Please note: The recommended values for this test aim, among other reasons, to standardize the values sent by the browser. The reason is that anonymous surfing is only possible if as many browsers as possible send the same values to websites, like JonDoFox does it. In order to increase the security for all web surfers, JonDoFox is free to use and compatible with all anonymization systems. So, anyway which system you prefer, you may use JonDoFox to increase your security and the security of others.
The test is constantly being enhanced for considering newly discovered privacy attacks. Besides the IP check, the site also contains a list with links to many recommendable websites about the topic. You may moreover include your own free IP check as image on your website.
If you like our IP check and would like to earn money, please have a look on our affiliate program. The affiliate program is also open even for other VPN, proxy or web proxy providers.
What is the difference to the Panopticlick project?
What is the difference to Evercookie?
IP location check
The location check uses freely available databases from the company MaxMind in order to explore for which located your IP address is registered. In many cases, it is thereby possible to correctly guess your location. You may let you show the location found on a map, and you may moreover analyse your IP address by clicking on the resprective links nearby.
The test moreover recognizes the use of most proxies and some anonymization systems like JonDonym and Tor, and performs several attacks on them. This may lead to uncovering your true IP address, even if you think it is hidden. The IP address makes it possible to track and trace you on the Intenet, and even to conclude your identity.
Anonymization service providers, please note:
You would like to have this test adapted also to your very own anonymization service? That is: IP address and browser attribute recognition? We can do this for a small fee. Please contact us.
Web proxy de-anonymization
Web proxies like "Anonymouse", "Hide my Ass!" or "Proxify" are not suitable for anonymous surfing - while this fact should already have become general knowledge, still ten thousands of users think they are anonymous on the Internet by using these services. The website "IP Check" now shows their privacy issues clearly to the public: Besides other sophisticated privacy tests, the site is now able to break the security all existing web proxies. (Estate: 2011-08-31)
Please note that JonDonym is NOT a web proxy! The system works differently and is secure against these attacks.
Details of the attacks
If JavaScript is allowed, attacks on web proxies are quite easy: a website may simply override the JavaScript methods that should actually protect the proxy from any attacks. There is no way on how a web proxy may prevent this. After this basic protection has been removed, the proxy may get easily bypassed by loading "unproxified" web resources over a direct IP connection from the user`s browser. This leads to the user`s IP address and browser data being uncovered to the visited website.
Breaking web proxies is moreover possible by introducing invalid or unusal HTML code. As web proxies interpret HTML code differently from a normal web browser, this may confuse their replacement logic: if they omit only one of the original website links, e.g. to an image or style resource, their protection will get bypassed. If moreover JavaScript is enabled, this causes some web proxies, e.g. "Anonymouse" or "Hide my Ass!", to not even reach the real test site without being de-anonymized completely.
Only if all plugins and scripts are filtered by the web proxy or switched off in the browser, a few web proxies are able to resist these attacks. However, this disqualifies web proxies for general web surfing, as sooner or later you will need JavaScript in order to use the sites you want. You might moreover keep in mind that web proxies break the browser`s SSL encryption to secure sites, as their principle is to act as man-in-the-middle site: They can see any data that you transfer, and your browser will not even be able to check the visited site`s SSL certificate. So you should avoid web proxies anyway if you would like to transfer private data.
The following list contains some web proxy providers, whose services are fully or partially broken by the anonymity test. This is only a small selection of the best-known sites. However, all currently existing web proxies are affected. Perform the test completely with one of these services in order to see the respective result.
| Provider | HTML/CSS/FTP | JavaScript | Java |
| Anonymouse | Broken | Broken* | Broken |
| Hide My Ass! | - | Broken* | Broken |
| WebProxy.ca | - | Broken | Broken |
| KProxy | Broken | Broken* | Broken |
| Guardster | - | Broken (if allowed)* | Broken |
| Megaproxy | Broken | (not available for free) | (not available for free) |
| Proxify | - | Broken (if allowed) | Broken (if allowed JavaScript) |
| Ebumna PHProxy | Broken | Broken* | Broken |
| ... | ... | ... | ... |
| Legend: Broken : Your own IP address gets uncovered. Note that your private browser data is uncovered as well... * : The thereby marked service does not even reach the test site if JavaScript is activated. It parses so bad, that the browser just leaves the service silently in some cases... - : not yet broken |
Plugin-Tests (Flash, Java)
Hints:
- Use the Firefox Add-On NoScript in order to block plugins by default, and to activate them only if needed, e.g. if you would like to view videos. NoSript is already contained and correctly configured in JonDoFox.
- Save videos using software like Video Download Helper or Unplug on your computer in order to view them in a media player instead of Flash.
- Deactivate Flash cookies or use a Cookie Manager.
- Use proxifier software in order to force Flash and Java to use your proxy, and thus to secure them against uncovering your IP address.
HTTP/HTML tests
On the page with the test results, you may move your mouse pointer over the underlined fields in order to get detailed information:
"Attribute" shows general information about the evaluated data.
"Value" describes the respective value that has been read and the recommended setting.
"Rating" provides you with information about the security of your setting and precisely which dangers exist.
Green underlined fields or fields rated as "good" show that the respective value complies with the best possible setting. If all fields are green, you are perfectly protected in the scope of this test. Note that the optimal solution would be if all web browsers would behave exactly the same, send exactly the same values and would allow tracking only while you visit the current website. Then, third-party tracking would be technically prevented.
Orange underlined fields or fields rated as "medium" indicate a possible privacy problem. Several of these may, as a whole, lead to your identification.
Red underlined fields or fields rated as "bad" highlight extremely critical privacy problems that may lead to your immediate identification. You should resolve them as soon as possible.
| Attribute | Description | Recommendation |
|---|---|---|
| Cookies | Cookies are small text files. Web sites may cause your browser to store them if you do not prevent it, and may then track you while you are surfing. There are several privacy risks regarding cookies: Advertising and statistics services may misuse so-called third-party cookies in order to track you over several websites. But even if you block third-party cookies, websites may still recognize you using first-party cookies that may be set diretly from the resprectively visited website. In order to track you over a long peroid, providers and VPN services may even set such first-party cookies by themselves and - unnoticedly by you - may read them again using invisible redirect pages in the background. Technologies like this are for example used by the service provider Phorm (http://www.phorm.com) angeboten. Cookies are the perfect method to track web surfers - as far as they are not blocked by you. If this is the case, there are however numerous other methods, as described in this test, how to track you, for example your IP address. |
Use JonDoFox, or generally block Cookies and allow them for single web pages if needed only. The very least thing you should do is to let your browser automatically delete all cookies on closing. |
| Authentication | Many browsers allow web sites to send hidden authentication data to third party sites. Example: <link rel="stylesheet" type="text/css" href="http://Session:638431048@ipcheck.info/auth.css.php"> This may either happen directly on the current page or in an iframe, and does NOT need JavaScript. If additionally iFrames and JavaScript are used, even the currently loaded page may get your ID. This data is deleted when the browser is closed, but, execpt for this, has the same effect as third party cookies. |
Your browser should not send any HTTP authentication data to third party sites. Currently known to be affected are: Chrome, Safari, Firefox. Use JonDoFox in order to protect yourself. |
| Cache (E-Tags) | Websites may mark arbitrary pages on page load. Thereby, so-called e-tags are used. As long as the respective site remains in your browser cache, the mark is sent on any new request to the website again. This is especially critical if the elements in the cache are ressources from third-party sites. This data has the same effect as third party cookies. |
Your browser should not cache any third party content at all, or should at least delete them upon moving to another site. Firefox: Use JonDoFox. Alternatively, you may switch off the cache completely: about:config, browser.cache.disk.enable:false, browser.cache.memory.enable:false |
| HTTP session | An HTTP session is generated, if your Internet or anonymization service provider can link several of your HTTP requests on the network layer. The longer the session lasts, the better this provider may identify you, even if you never transmit personal information. If you are using direct access providers or VPNs, your HTTP session is always unlimited. For proxy providers this is also the case, with only a few exceptions like JonDonym or Tor. |
Use JonDonym or Tor in order to fix this Problem. Tor keeps a session for 10 minutes only. JonDonym is even completely stateless, if you switch off proxy-connection keep-alive in your browser. Firefox: about:config, network.http.proxy.keep-alive:false Please note that for this attribute, among other things, it is tested which service you are using. As there is currently no other service besides Tor and JonDonym which hides your browser session from the service provider itself, this attribute is automatically bad in all other cases. |
| Referer | The referer tells a web site which site you have visited before. This test simulates calling this site from a third-party site. Meanhwile, several web surfers change their referer for privacy reasons. Please note, however, that several of these settings may lead to incompatibilities with various web sites.This test has a unique feature: It recognizes every possible, reasonable way to set a referer that a web browser may use:
|
The referer should be hidden if you move to another website. It should remain unchanged as long as you move within the same website. Firefox: Use JonDoFox. You might also change the referer using the add-on Refcontrol: Block, only for links to other domains only. However, this is not support the optimal setting, as it does not handle sudomains correctly. |
| Signature | The order and the content of the HTTP headers sent by your browser may be used to identify your browser type and to separate you easier from other web surfers. The value shown here is a hash over the browser headers that are relevant for this. |
Unfortunately, current web browsers do not allow to change the order of the headers sent by them. If you would like to reach the default values of JonDoFox, we therefore suggest you to use the Firefox browser. In the following, you see the recommended default values: Generic header signature of Firefox 8ab3a24c55ad99f4e3a6e5c03cad9446 host user-agent accept accept-language accept-encoding connection Individual JonDoFox header signature f568ad2cd09fa9bc88b48d1fb00a3601 host user-agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0 accept accept-language: en-us accept-encoding: gzip, deflate connection |
| User-Agent, Language, Charset, Encoding, Content types | On each access to websites, your browser sends so-called header data, that contains information about your browser, operating system settings and installed applications! Combined with each other, this data may be used to recognize your browser, and thereby YOU, on later visits. | The header values recommended by these tests are compatible to practically all websites. The goal is to standardize them for all users. Firefox: Most of the values are configurable over about:config. We however recommend using JonDoFox, were these values are already configured correctly. |
| Do-Not-Track | "Do-Not-Track" is a technology that enables users to opt out of third-party web tracking, including behavioral advertising. For this purpose, the browser sends a special header, that advertising and statistics services may honor - or not. As such, it is less a technical, but more an organizational protection. We recommend this setting nevertheless, as it does not harm. | Firefox: You may switch on this feature in the privacy settings. |
CSS/JavaScript tests
Using Cascading Style Sheets (CSS) and JavaScript, lots of data may be read out from your browser. The respective tests show which dangers for your privacy you thereby have to expect.
| Attribute | Description | Recommendation |
|---|---|---|
| JavaScript | JavaScript is a language for creating dynamic web content. There are many, many privacy risks that may arise when using JavaScript. You will learn more by studying the tests that are listet below the JavaScript recognition. But be warned that there may be even more sophisticated attacks, such as registering your mouse movements or typing behaviour. | Block JavaScript and activate it only on websites where you need it. Firefox: For this purpose, the add-on NoScript is perfectly suitable. It is already contained in JonDoFox and configured in a way that you have to allow JavaScript for any single page. |
| Plugins | Browser plugins are external applications that are embedded in the browser. Using JavaScript a website may read which plugins you have installed, in which version they are available, their file name and sometimes even their file path on your system. This makes it easier to recognize you computer on later visits, even over different browsers. | Firefox: Block Flash by default with NoScript. Then, go to Firefox, Add-Ons, Plugins. Deactivate all plugins except for: Flash Chrome: Go to Settings, Options, Under the hood, Content settings, Plugins. Deactivate all Plugins except for: Chrome PDF Viewer, Google Update, Flash |
| Mime types | The "Mime Types" describe the file types that your browser can interpret. The more plugins you have installed, the more Mime types will be sent by your browser, and the better identifiable you are. | As few MIME types as possible should be sent. The optimal setting is automatically reached if you configure your plugins correctly. |
| Tab name | Using the attribute "window.name", a website may give the current tab a name. The attribute "window.name" may get misused for marking your current tab. It remains the same over several websites until a site you visit sets a new value. | The name of the current tab should be deleted once you are surfing to a new website domain. Firefox: Use the JonDoFox profile or the Tor Browser Bundle. Chrome: Use the extension "window name eraser". You may delete its value also by closing this browser tab. |
| Tab history | Using the attribute "history.length", this web site can see how many pages you have visited before. | The number of visited pages should be reset to 2 whenever you change to a new domain. Firefox: Update to Version 4 or higher. Open about:config and set browser.sessionhistory.max_entries to 2. |
| Screen | The screen resolution describes the size of your monitor. In combination with other attributes, your computer might be easier identified thereby. | Currently availbale browsers unfortunately do not allow to alter this setting! We are working on that... If such a setting is possible some time, the following values would be recomended: 1800x950, 1350x750, 1150x600 or 600x450 pixels with 32 bit color depth |
| Browser window | These values show the size of your browser window. | Your browser should send the same values as for your screen. Unfortunately, contemporary browsers do not allow to configure this. |
| Browser bars | The browser bars provide relatively harmless information about the presentation options of your browser. | Use the default settings of Firefox: MenuBar PersonalBar StatusBar ToolBar ScrollBars LocationBar |
| Local storage | Using the local storage (sometimes called "web storage" or "DOM storage") it is possible to save up to 5 MB large super-cookies in your browser. This is independent of your cookie management. | Local storage (sometimes called "web storage" or "DOM storage") should be disabled. Firefox: Open about:config and set dom.storage.enabled to "false". |
| Browser type | Under "Browser type", some more information about your browser which is readable with JavaScript was aggregated. | |
| System | Some further system attributes which may be read by JavaScript are summarized here. | |
| Fonts | The number and type of fonts installed on your system may, under certain circumstances, strongly contribute to your de-anonymization. Caution: Your fonts might even be read without JavaScript! This is possible, as a website may force loading web fonts if the respective font is not installed on your local computer. If the site forbids font caching, the fonts will be reloaded on any access. | Prevent that your browser reloads fonts using the @font-face CSS attribute. Firefox: Open about:config and set browser.display.use_document_fonts to 0. For a better font readability, you should moreover set Settings:Content:Default font to Arial, Helvetica or Sans-Serif. |
| Browser history | In your browser history, your browser may store the address of every website that you have visited. Thereby your whole usage profile of the WWW may get stored. | Modern browsers should not be affected by this attack. If you still have an old web browser, please update it as soon as possible! Firefox: Update your browser to version 4 or higher. |
Planned additional testing procedures
- Read default format values over CSS and JavaScript
- Check whether cache is deactivated or really protected.
- Set cache and authentication on third-party website
- Give clear hint (JavaScript generated) on using socksifiers if an IP address has been uncovered by Java or Flash.