IP Check: Next generation of website tracking analysis

The IP check is a free and easy understandable anonymity test. The test shows at a glance which attacks a website may launch on your privacy. Moreover, you get recommendations for possible counter measures. It explains which data your own web browser sends to websites. A website may use this data to create an individual profile. By misusing such a profile, you may later get identified reliably on this or on another website.

Please note: The recommended values for this test aim, among other reasons, to standardize the values sent by the browser. The reason is that anonymous surfing is only possible if as many browsers as possible send the same values to websites, like JonDoFox does it.

The test is constantly being enhanced for considering newly discovered privacy attacks. Besides the IP check, the site also contains a list with links to many recommendable websites about the topic. You may moreover include your own free IP check as image on your website. If you like our IP check and would like to earn money, please have a look on our affiliate program.

What is the difference to the Panopticlick project?

Panopticlick is just a demonstration on how web browser data may be aggregated to profiles. In contrast, IP check analyzes thoroughly each chance to read data from the user`s browser, and intentionally circumvents various security mechanisms. In case of proxy servers, web proxies or VPNs, the test may even uncover the real IP address in many cases. This knowledge helps web surfers who strive for anonymous surfing to close "data leaks" in their browsers. If you are using the Tor or JonDonym anonymizer service, the IP check moreover shows you in detail whether the browser settings comply with the recommendations of the Tor project, or with the recommendations for JonDonym, respectively.

What is the difference to Evercookie?

Evercookie tries to show some active tracking mechanisms that contemporary tracking services might use to rediscover the same visitor. Evercookie currently fails to recognize the effect of advanced security mechanisms against tracking that are implemented regarding the current domain or tab. The IP Check, in contrast, shows both all known active tracking techniques and every further information that a visitor`s browser sends to websites. You will see that a combination of this data might be used for various passive kinds of tracking. The IP Check also recognizes advanced security mechanisms by a thorough browser analysis and gives recommendations for optimization.

IP location check

The location check uses freely available databases from the company MaxMind in order to explore for which located your IP address is registered. In many cases, it is thereby possible to correctly guess your location. You may let you show the location found on a map, and you may moreover analyse your IP address by clicking on the resprective links nearby.

The test moreover recognizes the use of most proxies and some anonymization systems like JonDonym and Tor, and performs several attacks on them. This may lead to uncovering your true IP address, even if you think it is hidden. The IP address makes it possible to track and trace you on the Intenet, and even to conclude your identity.

Anonymization service providers, please note: You would like to have this test adapted also to your very own anonymization service? That is: IP address and browser attribute recognition? We can do this for a small fee. Please contact us.

Web proxy de-anonymization 

Web proxies like "Anonymouse", "Hide my Ass!" or "Proxify" are not suitable for anonymous surfing - while this fact should already have become general knowledge, still ten thousands of users think they are anonymous on the Internet by using these services. The IP Check now shows their privacy issues clearly to the public: Besides other sophisticated privacy tests, the site is now able to break the security all existing web proxies. (Estate: 2011-08-31)

Please note that JonDonym is NOT a web proxy! The system works differently and is secure against these attacks.

Details of the attacks

If JavaScript is allowed, attacks on web proxies are quite easy: a website may simply override the JavaScript methods that should actually protect the proxy from any attacks. There is no way on how a web proxy may prevent this. After this basic protection has been removed, the proxy may get easily bypassed by loading unproxified web resources over a direct IP connection from the user`s browser. This leads to the user`s IP address and browser data being uncovered to the visited website.

Breaking web proxies is moreover possible by introducing invalid or unusal HTML code. As web proxies interpret HTML code differently from a normal web browser, this may confuse their replacement logic: if they omit only one of the original website links, e.g. to an image or style resource, their protection will get bypassed. If moreover JavaScript is enabled, this causes some web proxies, e.g. "Anonymouse" or "Hide my Ass!", to not even reach the real test site without being de-anonymized completely.

Only if all plugins and scripts are filtered by the web proxy or switched off in the browser, a few web proxies are able to resist these attacks. However, this disqualifies web proxies for general web surfing, as sooner or later you will need JavaScript in order to use the sites you want.

You might moreover keep in mind that web proxies break the browser`s SSL encryption to secure sites, as their principle is to act as man-in-the-middle site: They can see any data that you transfer, and your browser will not even be able to check the visited site`s SSL certificate. So you should avoid web proxies anyway if you would like to transfer private data.

The following list contains some web proxy providers, whose services are fully or partially broken by the anonymity test. This is only a small selection of the best-known sites. However, all currently existing web proxies are affected. Perform the test completely with one of these services in order to see the respective result.

Provider HTML/CSS/FTP JavaScript Java
Anonymouse Broken Broken* Broken
Cyberghost Web - Broken Broken
Hide My Ass! - Broken* Broken
WebProxy.ca - Broken Broken
KProxy Broken Broken* Broken
Guardster - Broken (if allowed)* Broken
Megaproxy Broken (not available for free) (not available for free)
Proxify - Broken (if allowed) Broken (if allowed JavaScript)
Ebumna PHProxy Broken Broken* Broken
... ... ... ...

 Broken  : Your own IP address gets uncovered. Note that your private browser data is uncovered as well...

 *  : The thereby marked service does not even reach the test site if JavaScript is activated. It parses so bad, that the browser just leaves the service silently in some cases...

Plugin-Tests (Flash, Java)

While Java may get executed on the desktop without problems, for example to start the IP anonymization software JonDo, browser plugins like Flash and Java are a great danger while you surf the web: besides JavaScript, they are the most hacked browser functions. In the scope of the IP Check, the plugins Java and Flash are moreover used to read numerous data from your computer. In particular, the test tries to circumvent the IP address protection of proxy servers. This succeeds in almost any case. You therefore should deactivate all plugins in your browser.

If you see the following image on the test site, your have Flash, but also NoScript, installed. Flash applications are often used to present videos. You may enable the application by clicking on the respective image. This image below is only a non-clickable demo, however

HTTP/HTML tests

On the page with the test results, you may move your mouse pointer over the underlined fields in order to get detailed information:

 Green underlined  fields or fields rated as "good" show that the respective value complies with the best possible setting. If all fields are green, you are perfectly protected in the scope of this test. Note that the optimal solution would be if all web browsers would behave exactly the same, send exactly the same values and would allow tracking only while you visit the current website. Then, third-party tracking would be technically prevented.

 Orange underlined  fields rated as "medium" indicate a possible privacy problem. Several of these may, as a whole, lead to your identification.

 Red underlined  fields rated as "bad" highlight extremely critical privacy problems that may lead to your immediate identification. You should resolve them as soon as possible.

Attribute Description Recommendation
Cookies

Cookies are small text files. Web sites may cause your browser to store them if you do not prevent it, and may then track you while you are surfing.

There are several privacy risks regarding cookies: Advertising and statistics services may misuse so-called third-party cookies in order to track you over several websites. But even if you block third-party cookies, websites may still recognize you using first-party cookies that may be set diretly from the resprectively visited website. In order to track you over a long peroid, providers and VPN services may even set such first-party cookies by themselves and - unnoticedly by you - may read them again using invisible redirect pages in the background. Technologies like this are for example used by the service provider Phorm (http://www.phorm.com) angeboten.

Cookies are the perfect method to track web surfers - as far as they are not blocked by you. If this is the case, there are however numerous other methods, as described in this test, how to track you, for example your IP address.

Use JonDoFox, or generally block Cookies and allow them for single web pages if needed only.

The very least thing you should do is to let your browser automatically delete all cookies on closing.

Authentication Many browsers allow web sites to send hidden authentication data to third party sites. Example:

<link rel="stylesheet" type="text/css" href="http://Session:638431048@ipcheck.info/auth.css.php">

This may either happen directly on the current page or in an iframe, and does NOT need JavaScript. If additionally iFrames and JavaScript are used, even the currently loaded page may get your ID. This data is deleted when the browser is closed, but, execpt for this, has the same effect as third party cookies.
Your browser should not send any HTTP authentication data to third party sites.

Currently known to be affected are: Chrome, Safari, Firefox.

Use JonDoFox in order to protect yourself.
Cache (E-Tags) Websites may mark arbitrary pages on page load. Thereby, so-called e-tags are used. As long as the respective site remains in your browser cache, the mark is sent on any new request to the website again.

This is especially critical if the elements in the cache are ressources from third-party sites. This data has the same effect as third party cookies.
Your browser should not cache any third party content at all, or should at least delete them upon moving to another site.

Firefox: Use JonDoFox. Alternatively, you may switch off the cache completely: about:config, browser.cache.disk.enable:false, browser.cache.memory.enable:false
HTTP session An HTTP session is generated, if your Internet or anonymization service provider can link several of your HTTP requests on the network layer. The longer the session lasts, the better this provider may identify you, even if you never transmit personal information.

If you are using direct access providers or VPNs, your HTTP session is always unlimited. For proxy providers this is also the case, with only a few exceptions like JonDonym or Tor.
Use JonDonym or Tor in order to fix this Problem. Tor keeps a session for 10 minutes only. JonDonym is even completely stateless, if you switch off proxy-connection keep-alive in your browser.

Firefox: about:config, network.http.proxy.keep-alive:false

Please note that for this attribute, among other things, it is tested which service you are using. As there is currently no other service besides Tor and JonDonym which hides your browser session from the service provider itself, this attribute is automatically bad in all other cases.
Referer

The referer tells a web site which site you have visited before. This test simulates calling this site from a third-party site.

Meanhwile, several web surfers change their referer for privacy reasons. Please note, however, that several of these settings may lead to incompatibilities with various web sites.

This test has a unique feature: It recognizes every possible, reasonable way to set a referer that a web browser may use:

  • Default
  • hidden
  • fantasy value
  • hidden after leaving a domain
  • hidden after leaving a sub domain
  • changed to the current domain
  • changed to the current domain after leaving a domain
  • changed to the current domain after leaving a sub domain
  • changed to the current URL
  • changed to the current URL after leaving a domain
  • etc...
The referer should be hidden if you move to another website. It should remain unchanged as long as you move within the same website.

Firefox: Use JonDoFox.
You might also change the referer using the add-on Refcontrol: Block, only for links to other domains only. However, this is not support the optimal setting, as it does not handle sudomains correctly.
Signature The order and the content of the HTTP headers sent by your browser may be used to identify your browser type and to separate you easier from other web surfers. The value shown here is a hash over the browser headers that are relevant for this. Unfortunately, current web browsers do not allow to change the order of the headers sent by them. If you would like to reach the default values of JonDoFox, we therefore suggest you to use the Firefox browser. In the following, you see the recommended default values:

Generic header signature of Firefox
8ab3a24c55ad99f4e3a6e5c03cad9446
host
user-agent
accept
accept-language
accept-encoding
connection

Individual JonDoFox header signature
f568ad2cd09fa9bc88b48d1fb00a3601
host
user-agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0
accept
accept-language: en-us
accept-encoding: gzip, deflate
connection

User-Agent, Language, Charset, Encoding, Content types On each access to websites, your browser sends so-called header data, that contains information about your browser, operating system settings and installed applications! Combined with each other, this data may be used to recognize your browser, and thereby YOU, on later visits. The header values recommended by these tests are compatible to practically all websites. The goal is to standardize them for all users.

Firefox: Most of the values are configurable over about:config. We however recommend using JonDoFox, were these values are already configured correctly.
Do-Not-Track "Do-Not-Track" is a technology that enables users to opt out of third-party web tracking, including behavioral advertising. For this purpose, the browser sends a special header, that advertising and statistics services may honor - or not. As such, it is less a technical, but more an organizational protection. We recommend this setting nevertheless, as it does not harm. Firefox: You may switch on this feature in the privacy settings.

CSS/JavaScript tests

Using Cascading Style Sheets (CSS) and JavaScript, lots of data may be read out from your browser. The respective tests show which dangers for your privacy you thereby have to expect.

Attribute Description Recommendation
JavaScript JavaScript is a language for creating dynamic web content. There are many, many privacy risks that may arise when using JavaScript. You will learn more by studying the tests that are listet below the JavaScript recognition. But be warned that there may be even more sophisticated attacks, such as registering your mouse movements or typing behaviour. Block JavaScript and activate it only on websites where you need it.

Firefox: For this purpose, the add-on NoScript is perfectly suitable. It is already contained in JonDoFox and configured in a way that you have to allow JavaScript for any single page.
Plugins Browser plugins are external applications that are embedded in the browser. Using JavaScript a website may read which plugins you have installed, in which version they are available, their file name and sometimes even their file path on your system. This makes it easier to recognize you computer on later visits, even over different browsers. Firefox: Block Flash by default with NoScript. Then, go to Firefox, Add-Ons, Plugins. Deactivate all plugins except for: Flash

Chrome: Go to Settings, Options, Under the hood, Content settings, Plugins. Deactivate all Plugins except for: Chrome PDF Viewer, Google Update, Flash
Mime types The "Mime Types" describe the file types that your browser can interpret. The more plugins you have installed, the more Mime types will be sent by your browser, and the better identifiable you are. As few MIME types as possible should be sent. The optimal setting is automatically reached if you configure your plugins correctly.
Tab name Using the attribute "window.name", a website may give the current tab a name. The attribute "window.name" may get misused for marking your current tab. It remains the same over several websites until a site you visit sets a new value. The name of the current tab should be deleted once you are surfing to a new website domain.

Firefox: Use the JonDoFox profile or the Tor Browser Bundle.
Chrome: Use the extension "window name eraser".

You may delete its value also by closing this browser tab.
Tab history Using the attribute "history.length", this web site can see how many pages you have visited before. The number of visited pages should be reset to 2 whenever you change to a new domain.

Firefox: Update to Version 4 or higher. Open about:config and set "browser.sessionhistory.max_entries" to 2.
Local storage Using the local storage (sometimes called "web storage" or "DOM storage") it is possible to save up to 5 MB large super-cookies in your browser. This is independent of your cookie management. Local storage (sometimes called "web storage" or "DOM storage") should be disabled.

Firefox: Open about:config and set "dom.storage.enabled" to "false".
Screen The screen resolution describes the size of your monitor. In combination with other attributes, your computer might be easier identified thereby. Currently availbale browsers unfortunately do not allow to alter this setting! We are working on that...

If such a setting is possible some time, the following values would be recomended: 1800x950, 1350x750, 1150x600 or 600x450 pixels with 32 bit color depth
Browser window These values show the size of your browser window. Your browser should send the same values as for your screen.

Unfortunately, contemporary browsers do not allow to configure this.
Browser bars The browser bars provide relatively harmless information about the presentation options of your browser. Use the default settings of Firefox: MenuBar PersonalBar StatusBar ToolBar ScrollBars LocationBar
WebGL WebGL provides a Javascript API for rendering 3D graphics in a canvas element. It may be used to fingerprint the performance of your computer graphics. Disable WebGL for your browser.

Firrefox: Open about:config and set "webgl.disabled" to "true".
Browser type Under "Browser type", some more information about your browser which is readable with JavaScript was aggregated.
System Some further system attributes which may be read by JavaScript are summarized here.
Fonts The number and type of fonts installed on your system may, under certain circumstances, strongly contribute to your de-anonymization. Caution: Your fonts might even be read without JavaScript! This is possible, as a website may force loading web fonts if the respective font is not installed on your local computer. If the site forbids font caching, the fonts will be reloaded on any access. Prevent that your browser reloads fonts using the @font-face CSS attribute.

Firefox: Open about:config and set "browser.display.use_document_fonts" to 0. For a better font readability, you should moreover set Settings:Content:Default font to Arial, Helvetica or Sans-Serif.
Browser history In your browser history, your browser may store the address of every website that you have visited. Thereby your whole usage profile of the WWW may get stored. Modern browsers should not be affected by this attack. If you still have an old web browser, please update it as soon as possible!

Firefox: Update your browser to version 4 or higher.