|
5150
phantom

Registered: 09/01/06
Posts: 5,437
Last seen: 2 years, 6 months
|
what can websites tell about your visit
#8762991 - 08/12/08 04:02 PM (13 years, 9 months ago) |
|
|
can they only get your I P or also your mac I D etc.
-------------------- "the way of the warrior is the resolute acceptance of death"
Miyamoto Musashi
|
supra
computerEnthusiast
Registered: 10/26/03
Posts: 6,446
Loc: TEXAS
Last seen: 11 years, 1 month
|
Re: what can websites tell about your visit [Re: 5150]
#8764632 - 08/12/08 09:24 PM (13 years, 9 months ago) |
|
|
what browser you are using, the speed of your connection, what plugins you have installed, what version of many things, like flash, quicktime, etc. that you are running, who your ISP is.
some of this can be stopped, but not all of it.
peace
|
zouden
Neuroscientist


Registered: 11/12/07
Posts: 7,091
Loc: Australia
Last seen: 12 years, 7 months
|
Re: what can websites tell about your visit [Re: supra]
#8766449 - 08/13/08 05:24 AM (13 years, 9 months ago) |
|
|
That's right. But they can't get your MAC address because that isn't carried beyond the router.
-------------------- I know... that just the smallest
part of the world belongs to me You know... I'm not a blind man
but truth is the hardest thing to see
|
delta9
Active Ingredient


Registered: 10/29/04
Posts: 5,390
Loc: California
Last seen: 11 years, 7 months
|
Re: what can websites tell about your visit [Re: zouden]
#8766605 - 08/13/08 08:17 AM (13 years, 9 months ago) |
|
|
Quote:
zouden said: That's right. But they can't get your MAC address because that isn't carried beyond the router.
Quite right.
The webserver through TCP/IP inherently knows your IP address (and therefore can produce your host name, ISP, etc). Also, through TCP/IP it can guess your connection speed based on how quickly the transaction completes, but it can't really know (you might be doing a bunch of things at once or really attenuated from them).
As a virtue of your browser sending it information it can get a user agent string (something that identifies your browser and components). Your browser also passes along any appropriate cookies it has stored that are accessable by the domain. Your browser may also send a referer string of the URL that preceded the current request. All of these browser-based pieces of information are completely under your control.
-------------------- delta9
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 4 months, 3 days
|
Re: what can websites tell about your visit [Re: supra]
#8766612 - 08/13/08 08:20 AM (13 years, 9 months ago) |
|
|
Quote:
what browser you are using, the speed of your connection, what plugins you have installed, what version of many things, like flash, quicktime, etc. that you are running, who your ISP is.
The only one I agree with you on is what browser you are using; and even that can be faked.
They cannot tell your connection speed. They can time how fast your connection to their site is, but not more. If you are sharing your connection with others, have QOS, are downloading other stuff in the background, or there is a lot of traffic to the remote site, then their timing will be a guess at best.
They cannot tell what plugins you have installed. At most, they can offer data that a plugin would use, and see if the plugin (if it is capable) reports back to the website that it is active.
They cannot tell who your ISP is if you going through a secure proxy.
You left out several:
They can tell what site provided the link that brought you to their site (as reported by your web browser), known as a referrer.
They can tell what language and character set your browser prefers.
They can tell what URL you requested (obviously, as they have to be able to serve the content).
They can tell what cookies you have, and the values of those cookies, that are valid within servers domain.
-------------------- Just another spore in the wind.
|
supra
computerEnthusiast
Registered: 10/26/03
Posts: 6,446
Loc: TEXAS
Last seen: 11 years, 1 month
|
Re: what can websites tell about your visit [Re: Seuss]
#8770348 - 08/13/08 10:07 PM (13 years, 9 months ago) |
|
|
Quote:
Seuss said:
Quote:
what browser you are using, the speed of your connection, what plugins you have installed, what version of many things, like flash, quicktime, etc. that you are running, who your ISP is.
The only one I agree with you on is what browser you are using; and even that can be faked.
They cannot tell your connection speed. They can time how fast your connection to their site is, but not more. If you are sharing your connection with others, have QOS, are downloading other stuff in the background, or there is a lot of traffic to the remote site, then their timing will be a guess at best.
They cannot tell what plugins you have installed. At most, they can offer data that a plugin would use, and see if the plugin (if it is capable) reports back to the website that it is active.
They cannot tell who your ISP is if you going through a secure proxy.
You left out several:
They can tell what site provided the link that brought you to their site (as reported by your web browser), known as a referrer.
They can tell what language and character set your browser prefers.
They can tell what URL you requested (obviously, as they have to be able to serve the content).
They can tell what cookies you have, and the values of those cookies, that are valid within servers domain.
We do all of this at the place I work whenever any user logs on...so it can be done. By your connection speed, i did mean the connection between the two. If you fake some of this stuff, some sites will not work correctly, but any user skilled enough to fake it would expect this behavior for the most part. There is actually a list of about 70-80 different 'things' we query about a users connection for analytics, while many things do come up 'unknown' for the most part we know, even what OS you are running.
We push a small file to the users pc, to see how fast their connection is to us, yes, it isn't entirely reliable, but its the best that can be done with current technology. We detect major and minor versions of flash, and even use these results to serve up videos encoded in h264 if they have flash 9 and the third minor version, i think it is like 9 then minor is 0.3 or something, don't really remember. If not, we serve up video encoded with an mpeg2 encoder. We detect if you have things like cookies blocked or not, JS turned on or off, other basic browser settings. We even have nice reports of how many users are using ubuntu linux vs redhat vs. win98 vs. 2000 vs. xp vs. vista vs. unknown linux flavors, unknown bsd systems, and general unknowns, etc. There really is quite a list.
From what I can tell, none of it is really going to make you any more vulnerable or not, at least to us, but maybe someone malicious could easily use it.
peace
|
zouden
Neuroscientist


Registered: 11/12/07
Posts: 7,091
Loc: Australia
Last seen: 12 years, 7 months
|
Re: what can websites tell about your visit [Re: supra]
#8770727 - 08/13/08 11:17 PM (13 years, 9 months ago) |
|
|
Interesting, sounds like web analytics is much more advanced than just recording the IP address and useragent string
-------------------- I know... that just the smallest
part of the world belongs to me You know... I'm not a blind man
but truth is the hardest thing to see
|
5150
phantom

Registered: 09/01/06
Posts: 5,437
Last seen: 2 years, 6 months
|
Re: what can websites tell about your visit [Re: zouden]
#8773097 - 08/14/08 02:51 PM (13 years, 9 months ago) |
|
|
thanks for the info everyone
-------------------- "the way of the warrior is the resolute acceptance of death"
Miyamoto Musashi
|
MarioTrip
since84



Registered: 10/21/07
Posts: 2,207
Loc: 69 w/ you
Last seen: 13 years, 8 months
|
Re: what can websites tell about your visit [Re: 5150]
#8774556 - 08/14/08 09:38 PM (13 years, 9 months ago) |
|
|
This is why a VPN is critical.
-------------------- I'm Livin' It, distribute it
The streets are inhibited
By cut throat niggas just like me that out there getting dividends
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 4 months, 3 days
|
Re: what can websites tell about your visit [Re: 5150]
#8776341 - 08/15/08 06:20 AM (13 years, 9 months ago) |
|
|
For anybody reading this thread... please be advised that the "slop factor" is pretty large. Although most of what has been said is correct, more or less, many of the claims are borderline inaccurate. For those worried about browsing safety, please do not use this thread as a source of accurate information.
-------------------- Just another spore in the wind.
|
MarioTrip
since84



Registered: 10/21/07
Posts: 2,207
Loc: 69 w/ you
Last seen: 13 years, 8 months
|
Re: what can websites tell about your visit [Re: Seuss]
#8777186 - 08/15/08 01:15 PM (13 years, 9 months ago) |
|
|
Why? A lot of this is absolutely fact.
-------------------- I'm Livin' It, distribute it
The streets are inhibited
By cut throat niggas just like me that out there getting dividends
|
supra
computerEnthusiast
Registered: 10/26/03
Posts: 6,446
Loc: TEXAS
Last seen: 11 years, 1 month
|
Re: what can websites tell about your visit [Re: Seuss]
#8778504 - 08/15/08 06:54 PM (13 years, 9 months ago) |
|
|
Quote:
Seuss said: For anybody reading this thread... please be advised that the "slop factor" is pretty large. Although most of what has been said is correct, more or less, many of the claims are borderline inaccurate. For those worried about browsing safety, please do not use this thread as a source of accurate information.
haha, i hope your not talking about me, because i can guarantee you that this is done, but believe whatever it is you want.
peace
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 4 months, 3 days
|
Re: what can websites tell about your visit [Re: supra]
#8781248 - 08/16/08 09:27 AM (13 years, 9 months ago) |
|
|
> i hope your not talking about me
I am talking about several of us, myself included. If you want to get into another pissing match, I can list out your errors (and my own), but you never seem able to handle constructive criticism, thus I put out the general disclaimer rather than enumerating our various mistakes.
-------------------- Just another spore in the wind.
|
|