BrowserLeaks comments

[MasterInQuestion]

    Gather of my BrowserLeaks comments exported.

    "javascript":
[[
[ JustSomeGuy @ CE 2024-08-22 13:28:45 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-9901353b-8097-4ac8-8715-8d8142e2d859
    Interesting little test you can do.
    I mostly just use this site to make sure my DNS isn't leaking when I use a VPN or DNSCrypt proxy.
    All this fingerprint stuff gets into the weeds of some really weird stuff.

    Unless you're using something like Tor browser, in which case everyone using Tor browser has identical fingerprints:
    Wouldn't it actually make sense to keep a generic fingerprint?

    I'm not saying it would be good for you, because Google collects a shit ton of data.
    But the most generic fingerprint anyone could have, would be to just fire up a stock Chrome browser and be done with it. ]

---- (1)

[ MasterInQuestion @ CE 2024-08-28 01:30:33 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-5342695a-243c-48a0-87bc-801c5c8e7c95
    Chrome has many undesirable aspects security-wise.
    As right demonstrated in the comment list before:
    Too many interfaces providing random features hardly of use and somehow wreak privacy/security havoc...

    I see Firefox is the minority browser, that mere using it tends to make the user stand out.
    But using Chrome wouldn't be anyhow better:
    That may address 1 thing, but break quite many others.

    On the fingerprintability, most users probably don't even use dedicated browsers after all:
    They may stick with leaky random apps...
    And live on, unconsciously become part of botnet.
    With their overzealous high-performance hardware: ideal for cloud computing. ]

----

[ Anonym @ CE 2024-05-19 08:20:47 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-5eb1a460-41ce-4e21-94de-0b7753df1e0a
    Try to spoof "appVersion" successless in:
    Navigator Object:
    |*| userAgent: Mozilla/5.0 (X11; Linux; rv:109.0) Gecko/115.0 Firefox/115.0
    |*| appVersion: 5.0 (Android 1x)
    Any idea?
    ...
    |*| productSub: 20100101
    |*| vendor: empty
    |*| vendorSub: empty
    |*| buildID: 20181001000000
    |*| platform: X11 64bit
    |*| oscpu: 8
    |*| hardwareConcurrency: 8
    |*| deviceMemory: undefined

    Run Fennec F-Droid open source base on Mozilla latest stable. ]

---- (1)

[ MasterInQuestion @ CE 2024-06-02 01:09 UTC:
https://github.com/MasterInQuestion/talk/discussions/30#discussion-6762566
    Doesn't "general.appversion.override" work?
    Version 125.3.0 (1253020)? I doubt it.
    Likely you have made some mistake.

    See also: https://bugzilla.mozilla.org/show_bug.cgi?id=1868415#c3 ]

----

[ fredBrown @ CE 2024-02-16 12:50:26 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-43e92c5c-723e-464a-b3d7-3db0409208ee
    On Firefox is there a way to stop the Internationalization API from leaking the true Locale info? ]

---- (1)

[ Nico Robin @ CE 2024-04-05 05:05:25 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-ea72cca8-9bfd-4134-a712-8f016c29382a
    I had the same problem and finally fixed it.
    Go to "about:config" to change Firefox settings: input "general.useragent.locale" and edit the string to your desired locale. ]

---- (1)

[ James Whitehead @ CE 2024-05-28 10:22:53 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-13a82c02-90a4-4aca-b1a7-56fe36f38aaf
    Thanks for the response, but it's seemingly not working for me.
    Do you have any other settings enabled? ]

---- (1)

[ MasterInQuestion @ CE 2024-06-02 00:04:25 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-9cfb4a3b-46ae-42e5-9580-d01e57825e43
    Changed to "intl.locale.requested" years ago:
    https://github.com/BrowserWorks/Waterfox/issues/505#issuecomment-384644499
    https://groups.google.com/g/firefox-dev/c/_qtfIyuXmYU/m/mZ8sLRdmAQAJ

    However which seems to also influence UI language.
    And probably just configurable without "about:config". ]

----

[ MasterInQuestion @ CE 2023-12-16 22:05:23 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-8668071e-d6ca-488e-ba33-a8302c5e3b5d
    I'm trying to devise a full-scale defense against all types of fingerprinting here and beyond:
    https://github.com/MasterInQuestion/talk/discussions/12

    Feedback appreciated. ]

---- (1)

[ Anon @ CE 2024-05-06 17:03:28 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-2b0992d0-1509-47e7-91a9-bf9ea129effb
    Losing Battle against Global Advisary [ adversary, advisory, ad ] ]

---- (2)

[ bbb @ CE 2024-07-07 12:19:38 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-5d527ef3-60a5-4773-90bd-92bc2215964e
    Too many battles are lost simply because one fighting side loses its spirit.
    Are you nudging people in this direction? ]

---- (1)

[ MasterInQuestion @ CE 2024-06-02 00:06:10 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-ed189db3-ab7b-4eb6-aa3d-32e28d16e689
    https://github.com/MasterInQuestion/talk/discussions/29 ]

----

[ bbb @ CE 2024-07-07 12:16:32 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-a7653c66-675a-4753-9202-74081b4afc69
    1. Just because it's open source doesn't mean it's trustworthy. Reading a code takes time and proficiency.
    2. Conspiracy is precisely the word to describe a money-making and surveillance scheme masquerading as a trendy "private" browser.

    You want better privacy on the internet? Don't use it on your phone. ]

---- (1)

[ MasterInQuestion @ CE 2024-07-17 01:32:27 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-5d642c1b-07e0-4e8a-97b7-cba731c2954e
    Investing in alike technologies mostly looks not for financial gains (e.g. money).
    There are fields that utilization of similar techs is must: and leaving backdoor tends to self-burn.

    Regardless the top-tier technology wouldn't be acquirable by the majority.
    Even if completely open source. ]

----

[ git6578 @ CE 2023-06-07 05:19:28 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/javascript#remark42__comment-677bd573-3469-4a6b-9e77-2a3dd9239c95
    How do pages like "twitter.com" determine to only supply the mobile page?
    Tried User-Agent, Desktop mode, and the shady linked Browser Plugs variant here: no idea why it's not in the Chrome Web Store anymore. ]

---- (1)

[ MasterInQuestion @ CE 2024-06-01:
    Viewport size may be another factor for the "Mobile" determination.
    Channels other than the 2 are typically not bothered for this purpose.

    "Desktop mode" mostly merely changes the User-Agent.
    Browser plug-ins typically do the same, but likely less efficient and effective (due to API limitation). ]
]]

    "ip":
[[
[ Anon @ CE 2024-09-16 20:06:45 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-a78155b6-a472-48ec-8ced-73f62146f7e0
    It honestly looks like Brave on Android gives you more protection than the actual Tor browser on Android.
    Would using Orbot or InviZible Pro with Brave (settings optimized for most security and privacy) actually be the superior choice here?

    Well then again there are different categories between Desktop and Mobile.
    Tor is heavily modified to resist fingerprinting, which beats out Brave.

    I know the consensus would never be to use anything but Tor Official. But let's be honest Mobile Tor is very sub-par.
    Guess this is another "don't go on Tor Network via Mobile" proof??
    However, remember only speaking on Android Mobile.

    Would love to hear any input among experts.
    https://privacytests.org/android ]

---- (1)

[ MasterInQuestion @ CE 2024-09-18 12:05:41 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-72309e7b-a0f7-4923-b913-c2c5d2218f16
    https://github.com/MasterInQuestion/talk/discussions/30#cd4cf30e-aa11-4cf7-bf30-f3409b385888
    And I don't think Desktop, Mobile shall be much different.

    I use a slightly modified Fenix Firefox Nightly, much derived from the main branch.
    More details: https://github.com/MasterInQuestion/talk/discussions/11

    With an AB/ABA structure multi-stage proxy setup.
    Plus some common network utilities to assist debugging, fringe case handling.
Note:
    A = East, B = West
    Or vice-versa. ]

---- (1)

[ Anon @ CE 2024-10-04 06:10:24 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-ae10c6a5-4296-4ba5-ae07-17a08ba9e488
    MiQ,
    Totally OT, but what is your opinion on Psiphon 3 Encrypted Proxy for Android?
    Any experiences with using it? ]

---- (1)

[ MasterInQuestion @ CE 2024-10-05 04:28:25 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-427f0223-724a-41bd-abe3-f5653ec5e238
    Though haven't ever used alike (apps directly):
    I sufficiently understand the technicalities that could base alike applications.

    Proxy services effectively act like a tunnel: essentially like the Swiss Bank.
    Based on technologies that technical-wise could not really improve. (SOCKS alike)

    They tend to yield under authority inquiry. (with pin-point information)
    Though unlikely to directly cooperate mass surveillance.

    Well-control what data each layer may attain is the essence to the problem. ]

----

[ Anon @ CE 2024-09-14 23:42:48 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-b96a6d3e-2ca3-440b-bbb2-14d01bdb4352
    Does anyone know what Spoof SNI means when using Tor?
    (as) Google API, Google Drive etc.
    Specifically the option in InviZible Pro?

    Would it be more secure and/or anonymous to use this feature or less?
    I noticed it is off by default.

    Can anyone who is more knowledgeable please advise me? ]

---- (1)

[ MasterInQuestion @ CE 2024-09-15 00:13:03 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-384d9488-0f3f-4b52-9c85-cdb9b3d6d477
    https://github.com/curl/curl/issues/9160
    https://bugzilla.mozilla.org/show_bug.cgi?id=1783791#c3 ]

---- (1)

[ Anon @ CE 2024-09-16 19:49:27 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-c4564433-4d4b-495b-ab07-3e13dbc4e27d
    MiQ,
    I couldn't really get a straight forward answer reading that.
    You seem pretty technically competent: is enabling "SNI spoof" on InviZible tend to be a plus?
    Or inhibit security and/or anonymity while running DNSCrypt and Tor?

    Thank you for the response and hopefully you can clear this question up.
    Take care. ]

---- (1)

[ MasterInQuestion @ CE 2024-09-18 12:02:00 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-9d844156-3bd0-4f93-8bfb-11c1d51c79ad
    Your query has been received and now in queue.
    Which I shall later process when I find the time opportune.

    Keep watching posts near: https://github.com/MasterInQuestion/talk/discussions/30#b96a6d3e-2ca3-440b-bbb2-14d01bdb4352
    Which I shall put the later updates on.

    Pardon the delay. ]

---- (1)

[ Anon @ CE 2024-09-19 18:59:41 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-bcf422ec-25c4-46b0-ad03-70c5175b1bd0
    Found this reply:
    “SNI spoofing makes Tor traffic less recognisable for the ISP: which improves the use of Tor without bridges, or with vanilla bridges.
    In many cases, enabling SNI spoofing allows using Tor without bridges where it was impossible.” ]

---- (1)

[ MasterInQuestion @ CE 2024-10-05 04:36:22 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-f5c1b9b1-5641-485f-a59d-f3a5157f69ee
    Well... but the destination IP cannot be trivially spoofed.
    And which may be used to back-derive the domain names (somewhat):
    The information regardless unconcealable to capable surveilleurs.

    And spoofing might create an unusual traffic pattern.

    The proper solution would be making all TLS clients dropping SNI field completely, for non-encrypted Client Hello.
    Requiring those do make use of which to enforce ECH (Encrypted Client Hello); similar to the deprecation of 3p cookies.
    [ Dropping SNI would break some sites. And ECH requires server support. ]

    Note unencrypted Client Hello enables the ability for every eavesdropper to trivially do TLS fingerprinting.
    (though what TLS fingerprinting alone could reveal shall be quite limited)
    [ ^ https://github.com/MasterInQuestion/talk/discussions/20 ] ]

---- (1)

[ anon @ CE 2024-10-18 03:32:44 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-db9469d5-5c38-4ae7-a536-51935eb57b2e
    Well it was a reply from the actual dev of the apk "Gedsh".
    Is he trying to make it seem more effective than intended or???

    Maybe you should send him a message using this reply.
    I myself don't fully understand the last reply.
    Anyway you could dumb it down a bit please?

    Here's his documentation on this:
    https://github.com/Gedsh/InviZible/wiki/Spoof-SNI ]

---- (1)

[ MasterInQuestion @ CE 2024-10-19 01:10:10 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-6188d488-5eb5-425f-86d1-7403b17ca2d9
    It appears this option specifically only alters the way it connects to Tor.
    Not altering the afterward connections made with destination servers.
    Thus mostly inapplicable of my explanation before: that targets SNI spoofing in general.

    For Tor specifically: https://github.com/Gedsh/InviZible/wiki/Tor-Bridges ]

----

[ Anna @ CE 2024-08-22 01:01:14 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-c2130692-caff-4723-bde5-d4ea0232a7df
    Who knows why do I have 2 public IP addresses? American and Russian. ]

---- (1)

[ MasterInQuestion @ CE 2024-08-27 07:00:57 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-3c03e7ba-2a45-490f-9242-6b6de9dc9588
    It is possible for the user be assigned different IP based on the ISP's implementation.
    Just like same website may have multiple IP. (notably Google etc.)

    At times the assigned IP may change very drastically:
    E.g.
    [ Quote ﾌΣИI͛ꊼ @ CE 2022-02-16 04:13:51 UTC:
https://support.discord.com/hc/en-us/community/posts/4431785826199-Fix-Discord-Zendesk-Sign-In
    I have a cell phone carrier and my IP address is NEVER the same, it changes ever 5 minutes to every 30 days ] ]

----

[ ddd @ CE 2023-12-17 18:04:21 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-adedbcd0-132d-4b4c-a0de-9933169d5bea
    There is a hostname for my personal PC. Is it OK? ]

---- (1)

[ MasterInQuestion @ CE 2023-12-18 03:02:49 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-2f27f5cb-20e7-4407-aca6-e011a2578ef4
    Ask your ISP (Internet Service Provider), that assigned you the IP.

    Generally, no matter. ]

----

[ ddd @ CE 2023-12-08 19:09:25 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-a68ac56d-a6e1-4211-93ed-32b710dc62ec
    I am a private person, but the type of usage indicated here is corporate/business.
    Who knows what this might be related to? Thank you so much. ]

---- (1)

[ MasterInQuestion @ CE 2023-12-10 17:13:55 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-f4114982-d9a9-4c21-bfaf-45c61d311a82
    IP info merely for reference: at times it may even report the country wrong... ]

---- (1)

[ john @ CE 2023-12-18 19:27:35 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-df445de3-8d04-4a98-a17f-f5ac10733c82
    You talking Cloudflare?
    Well yes they provide security for about 40% the world.
    Using Cloudflare is nothing like a VPN tho. ]

---- (1)

[ NSA @ CE 2023-12-25 01:39:58 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-2e7379b3-f8bb-4e77-9dce-e93043b23387
    You have a public and private IP.
    And if you don't use VPN, Tor etc. it most certainly will not be a wrong country. ]

---- (1)

[ Anon @ CE 2024-05-06 16:59:31 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/ip#remark42__comment-28a98dbb-eaad-4413-9475-f2a787de65ba
    This is what every website sees when you visit. ]
]]

    "http2":
[[
[ MasterInQuestion @ CE 2023-12-18 03:25:16 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/http2#remark42__comment-74713768-3c16-46c5-8ea4-b78201941172
    Disabling HTTP 2 wouldn't make much difference.
    The problem is mostly the fingerprintability of HTTP request header.

    Whatsoever, it's not a significant factor: tends to be much alike across implementations, and not very reliable. ]

----

[ Whoever @ CE 2024-02-17 01:13:01 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/http2#remark42__comment-a2e88089-4bae-470c-8899-25e7ec3d170e
    Use Brave Browser and test with "coveryourtracks.eff.org":
    The fingerprint is unique every time.
    .
    Only Tor does it better:
    Having same fingerprint in 1 out of 7,000 users is more anonymous. ]
]]
    See also: https://github.com/MasterInQuestion/talk/discussions/20

    "tls":
[[
[ MasterInQuestion @ CE 2024-05-31 09:57:15 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-d291a2ba-bb2a-4024-94cb-1eb989e59d0b
    I wonder a question:
    Why doesn't the page display TLS Extensions etc. when JavaScript disabled:
    And return "n/a (no js)" alike that gave false implication?

    Such are apparently not JavaScript dependent:
    https://www.defensive-security.com/images/curl.jpg
    https://www.defensive-security.com/blog/hiding-behind-ja3-hash

    Somewhat similar for the "http2" page. (most JavaScript-irrelevant info gone without JavaScript) ]

----

[ ddd @ CE 2023-12-08 20:45:15 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-9af5ed74-4720-4147-aa37-3e57c0cfdc2c
    Supported Cipher Suites (in order as received) 0xAAAA GREASE
    "supported_versions" 0x0A0A (GREASE)
    "named_groups" 0x0A0A (GREASE)

    Does anyone know what this is? ]

---- (1)

[ MasterInQuestion @ CE 2023-12-09 23:28:05 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-bc136245-b952-4d53-ad5d-5932e0ceee2f
    Generate Random Extensions And Sustain Extensibility (GREASE)
    https://www.rfc-editor.org/rfc/rfc8701.html

    Related with TLS Encrypted Client Hello (ECH). ]

---- (1)

[ ddd @ CE 2023-12-10 13:58:40 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-70a76963-312d-4852-b717-e0a84f879ae4
    Thank you so much
    But where did I get this from? This is my home computer with Chrome, I am not a member of any organization.

    There is another strange thing in my browser: It has only two certificates
    UNTRUSTED DigiNotar Root CA
    UNTRUSTED DigiNotar PKIoverheid CA Organisatie - G2 ]

---- (1)

[ MasterInQuestion @ CE 2023-12-10 16:42:15 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-81464030-4cd3-421c-8a87-77f393c290c9
    It's part of TLS technology.

    It means to forcibly distrust DigiNotar certificates.
    .
    See also:
    https://security.stackexchange.com/questions/174474
    https://support.mozilla.org/en-US/questions/1416142 ]

---- (1)

[ Souheki Yuune @ CE 2023-12-15 02:44:49 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-81a3e509-1da0-4d2f-8f50-90d99c3371f3
    GREASE was added into Chrome way before ECH (formerly ESNI) proposed, it's not related. ]

---- (1)

[ MasterInQuestion @ CE 2023-12-16 21:48:53 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-fb3a7546-2ed2-4257-bc53-b73762936940
    Indeed, sort of:
    https://chromestatus.com/feature/6475903378915328

    Thanks.

    ----

    May be utilized by ECH, but not directly related. ]

----

[ MasterInQuestion @ CE 2023-11-20 05:12:52 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/tls#remark42__comment-b382d12e-269e-49ec-95fe-739aed70109c
    Reposted there: better than hiding in hardly accessible "title" attributes.
https://pastebin.com/raw/rqLSvKF6
(Some hover descriptions on [ https://browserleaks.com/tls ])
[[
    Active content: <script> <link> <iframe> <object data> Fetch/XHR/sendBeacon
    Passive/Display content: <img> <audio> <video> <object subresources>
    JA3n Hash: Normalized JA3 - sort extensions to mitigate TLS ClientHello permutation (random hash in Chrome)

[ "Recommended"
    Recommended by the IETF. ]

[ "CBC"
    Cipher Block Chaining.
    In 2013, researchers demonstrated a timing attack against several TLS implementations using the CBC encryption algorithm.
    Additionally, the CBC mode is vulnerable to plain-text attacks in TLS 1.0, SSL 3.0 and lower.
    A fix has been introduced with TLS 1.2 in form of the GCM mode: which is not vulnerable to the BEAST attack.
    GCM should be preferred over CBC. ]

[ "NO PFS"
    Non-ephemeral Key Exchange.
    This key exchange algorithm does not support the recommended Perfect Forward Secrecy (PFS):
    Where the past encrypted couldn't be trivially decrypted by derivation from a future compromise. ]

[ "SHA1"
    The Secure Hash Algorithm 1 has been proven insecure as of 2017. ]
]]
    Too tricky to directly include.

    For embedding in HTML, refer:
    https://github.com/MasterInQuestion/Markup/blob/main/AAA.htm ]

---- (1)

[ MasterInQuestion:
    Up: https://web.archive.org/web/20220804150558/https://www.highgo.ca/2019/08/08/the-difference-in-five-modes-in-the-aes-encryption-algorithm/#comment-7

    The term "GCM" itself stands for "Galois Counter Mode":
    Which is a variant of "Counter mode" (CTR), with that Galois Authentication being utilized to help ensure message integrity.
    .
    Ignoring the Galois part, this mode would be identical to CTR.

    See also: https://security.stackexchange.com/questions/184305#184307

    Note:
    XOR( XOR( A, B ), A ) = B
    [ ^ Much the basis of cryptography. ]
    More details: https://github.com/MasterInQuestion/talk/discussions/24 ]
]]

    "proxy":
[[
[ Sharaks @ CE 2024-09-10 07:31:20 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-0c36c44e-9e88-4649-a9c1-22c94c1c3545
    A VPN detection feature would be nice.
    Some sites detect VPN. ]

---- (1)

[ MasterInQuestion @ CE 2024-09-12 17:31:56 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-c9ad61bc-1243-4679-8422-f8ff1234a340
    Technically when properly done:
    VPN (or proxies in general) detection is impossible:
    Besides relying on IP blacklist. ]

----

[ lol @ CE 2024-07-12 13:01:25 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-03e45ef8-dd90-4427-8086-c4ff69125000
    uBlock Origin leaks my region how can I fix it? ]

---- (1)

[ MasterInQuestion @ CE 2024-07-17 03:08 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-1640a61f-1528-4fb3-9f52-8aaf74928b5b
    Such fingerprinting tends to be theoretical and lacks applicability.

    To accomplish which, bunch network requests have to be issued to the relevant hosts:
    Which means poor performance.
    Also causes a very obvious pattern: easily had the offending codes added to the uBO's filter list... (for non-testing sites)

    And determining what constitutes the use of certain filter list may not be easy:
    |1| The filters may change. (and rather frequently...)
    |2| There are user filters. (i.e. custom ones)

    Eventually, what revealed by filter lists don't tend to be as much as other channels.

    Note:
    The method may mostly only detect simple network based filters. (e.g. simple connection reject/redirect alike)
    Not applicable to cosmetic, general content manipulation etc. (unless "1p"). ]

----

[ Beyond beacon @ CE 2019-08-16 14:39:07 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-4580603834
    Easy solution to the ad blocker subscription leaking your country: enable every single one of them. ]

---- (1)

[ A @ CE 2020-02-15 21:53:49 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-4797469640
    Great! ]

---- (1)

[ MasterInQuestion @ CE 2023-12-04 03:01:18 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-db663dfa-d507-46da-be87-e61af18e275f
    Such is a horrible practice. Not only for performance cause.
    See also: https://github.com/MasterInQuestion/talk/discussions/9 ]

---- (2)

[ Lucifer @ CE 2024-03-31 04:57:59 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-eb9fefdd-6b0e-4344-8895-96c595287f59
    This is why whitelists have become the preferred method. ]

---- (1)

[ Lucifer @ CE 2024-03-31 05:00:05 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-7ba66451-59ba-4f91-846d-289f7c4d7e53
    In your sarcasm lies some truth. Person who is not me always enables 13 to 14 blocklists all from related regions.
    If you enable them all: one most likely will run into errors. ]

---- (1)

[ Anon @ CE 2024-05-06 17:26:21 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/proxy#remark42__comment-2c05af5b-3d36-4dff-808b-7988280c2cbc
    That's why you use an add-on, called Blocklists: Black and White. ]
]]

[MasterInQuestion]

[[
[ N00b @ CE 2023-12-20 23:54:20 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/geo#remark42__comment-1938b32b-7713-46a1-9461-25790c50d970
    Mobile phones are almost impossible to turn GPS off even when GPS is off:
    https://en.wikipedia.org/wiki/Mobile_broadband
    .
    All Google apps can find you or your mobile provider via IMEI. ]

---- (1)

[ MasterInQuestion:
    The comment lacks logical connection. And much invalid (and somewhat misleading).
    Note:
    IMEI may be somewhat [1] of use for cross-app identification; besides, mostly none.
    Further use of IMEI is likely inapplicable: for the messy management totally.
[ [1]
    There are still many other:
    E.g. file system, device properties based fingerprinting, network etc. ] ]

----

[ s4msung @ CE 2024-01-09 16:26:06 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/geo#remark42__comment-956b85d2-3ff0-4e68-b35a-084ef7349078
    That is why you get a Pixel and install OS such as "GrapheneOS".
    And then you can think twice with saying how it is "almost impossible" to turn GPS off.

    GPS is not what you should be afraid of.
    Apps with access to "Phone" permission and/or "Network" permission:
    Should have the ability to make library call to return cell tower ID information.
    .
    With that an app can certainly work out:
    Not precise location but at least you cannot claim you're in another state/city:
    When the Cell-ID information worked out approx. suburb location you're at.
    .
    Then the WiFi data:
    They allow apps to have access to your WiFi MAC address: to match against a database of known WiFi devices.
    Or apps can scan your nearby base stations, wireless modems and routers around you:
    I.e. neighbours etc. would yield a better and more precise location than GPS.

    Take the Skyscanner app, they were the first to use Cell-ID information to work out: what city/suburb you're located at.
    I know because 4 ~ 5 years back:
    I know a couple of people who seek my help in rooting Samsung phones, without the device knowing that the phone is rooted:
    So that they can have admin permission to provide fake GPS data to apps that seek certain information.

    Skyscanner is only afraid of fraud.
    And for them to cut down high risk buyers is their main goal.
    They usually trust you if you give them full permission to locate you.
    .
    And would not cancel any booking or needing to verify any orders:
    If they don't have any discrepancies with the information you've provided to make the booking/purchases.

    Especially with flight tickets, the general gist is that:
    One can buy tickets for others, and it would be silly rule to have: if they restrict buyers to only allow buying for themselves only.
    What about their girlfriend that has different name, that is to be flying together on the same ticket/flight?
    .
    Hence it's tricky and so fraudster would use owner information to make the booking:
    Which of course would pass security checks, especially if the GPS data shows approx. to the billing address too. ]
]]
    Deployment without careful consideration: bear the fruit.
    Apps may potentially have full access of the system.
    Applies generally: https://github.com/MasterInQuestion/talk/discussions/8#discussioncomment-7609546

    To clear up some:
    Cell-ID (CID) is the wireless (cellular) network access point's identifier. (i.e. ID of the base station, cell tower etc.)
    Which shall be also considered with LAC (Location Area Code): as CID may overlap across locations.
    .
    LAC + CID to unique identify.
    However the same CID (and less likely for LAC) may remap to different locations depending on the ISP's infrastructure change.
    Also note LAC is not guaranteed to be unique across ISP.

    Geo-positioning based on wireless signal is applicable (and long used): in urban cases may reach < 1 m accuracy.
    However such is not that random apps alone may accomplish.

    Using MAC address as device identification is unreliable. (comparable to similar IMEI)
    And being able to make use of less notable wireless devices nearby (home routers alike) is again not random app developers may accomplish.

[MasterInQuestion]

    "dns":
[[
[ MasterInQuestion @ CE 2024-06-02 01:32:01 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-7a4cc6f9-bbed-4575-ad8f-f9ffc6d4d4d8
    Some explanation on this test, for those not familiar enough with the technology.

    DNS resolving is hierarchical:
    E.g.
    https://2v67mhj416g2fp0y.dns4.browserleaks.org/
    "2v67mhj416g2fp0y.dns4.browserleaks.org"
    "org": TLD (Top-Level Domain)
    "browserleaks": 2LD (2nd-Level Domain)
    "2v67mhj416g2fp0y.dns4": Subdomain [ Returned by BrowserLeaks. ]
    [ See also: https://www.semrush.com/blog/top-level-domains/ ]

    It's mostly inapplicable for the DNS server to just contain all possible IP-Domain mapping for every random case.
    Thus the look-up has to be performed alike of multi-stage.

    One may experiment the lookup with:
    https://dns.google/query?name=browserleaks.com
    https://dns.google/query?name=2v67mhj416g2fp0y.dns4.browserleaks.org
    .
    Notice "Comment": "Response from".

    Thus the IP reported here by BrowserLeaks, are those used by the DNS service to query the subdomain:
    That generally cannot be correlated to user, unless malconfigured [1].
[ [1]
    Typically reflects to simple HTTP proxy alike:
    That still perform the DNS resolving unproxied. ] ]

----

[ frances @ CE 2024-07-16 16:24:53 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-8431eb1a-e291-4bed-a3f1-c85fc369d0c8
    Do you see IPv6 or a lot of DNS Servers? Then it means you are leaking. ]

---- (1)

[ MasterInQuestion @ CE 2024-07-17 00:09:10 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-21e5c3a5-093c-48b8-ab4d-2f9048501bae
    Not necessarily.
    Check the technical details: #remark42__comment-7a4cc6f9-bbed-4575-ad8f-f9ffc6d4d4d8 ]

----

[ KGB @ CE 2024-06-04 23:14:50 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-f941711b-4c55-41f3-bdec-b4636bfca03e
    One word: Invizible Pro
    (Ok Two Words) ]

---- (1)

[ MasterInQuestion @ CE 2024-06-08 05:19:52 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-cd4cf30e-aa11-4cf7-bf30-f3409b385888
    ViZible N00b behind InviZible Pro cannot somehow miraculously Go Pro.

    “Security doesn't itself come by following random security advices or blindly deploying "security-enhanced" setup:
    Well realizing the underlying implementation is the essence to guarantee effectiveness and security.” ]
]]

    "webrtc":
[[
[ Confused @ CE 2024-09-13 06:51:31 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/webrtc#remark42__comment-7532e67b-0630-4ed9-bfa8-9f552a64ad67
    If I've been using Proton VPN with moderate NAT on while streaming videos:
    Am I exposing my real IP to the websites I'm connecting to?
    I did the WebRTC leak test and it said no leak. But is that the same thing? ]

----

[ MasterInQuestion @ CE 2024-09-15 00:42:42 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/webrtc#remark42__comment-68000c44-7ae1-4de3-be11-955c1801486f
    |1| Streaming videos does not necessarily involve WebRTC. (not the only means)
    |2| There're other channels of potential leak: not necessarily WebRTC. ]

----

[ MasterInQuestion @ CE 2024-10-09 23:40:36 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/webrtc#remark42__comment-b8e6c651-b47e-424d-b284-38de8f622b69
    SOCKS5 does support UDP. Nor does WebRTC necessarily involve UDP. ]
]]

[MasterInQuestion]

    Misc:
[[
[ annoyed @ CE 2024-05-29 08:13:15 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/canvas#remark42__comment-37c5a3a0-584d-4d35-9559-ab88913b73f1
    These comments sound like an Indian bot arguing with itself. Christ. ]

---- (1)

[ MasterInQuestion @ CE 2024-08-26 16:52:23 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/canvas#remark42__comment-e6d75126-deda-4fc3-b57b-092fccbb0b0d
    Ieſvs Kryſtvs!

    Had mine there outcry in Ænnglyßhe:
    https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/webrtc#remark42__comment-ac3d01e5-fd7d-4f54-ba6f-86c652e5f8b1 ]

---- (1)

[ MasterInQuestion @ CE 2024-06-01 17:52:29 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/webrtc#remark42__comment-5cd7d3dc-0d5d-49df-87b3-eaf6e81aa1a9
    Since when NSA began to hire alike Indian-bot like agents?
    No wonder why the US is falling... ]

----

[ MasterInQuestion @ CE 2024-09-10 06:46:51 UTC:
https://remark42.browserleaks.com/web/iframe.html?site_id=browserleaks&url=https://browserleaks.com/dns#remark42__comment-1713880b-edae-47a8-9b92-ebf6f902b67b
    Anti-spam help:
    After CE 2024-07-16 16:24:53 UTC (8431eb1a-e291-4bed-a3f1-c85fc369d0c8)
    Rendered text:
    /(?<![^\W_])frances\.mape\d*@gmail\.com(?![^\W_])/i
    + "Do you see IPv6"

    Hold suspicious for admin review.
    Reject consecutive if content repetitive.
    Apply PoW (Proof of Work) based authentication for posting.

    I guess you may as well fingerprint the offender and try some exploits. ]
]]