sticky: test sites

[Thorin-Oakenpants]

snip

[earthlng]

• http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html
  • external protocol handlers FP (Thorin says: failed for me on 4 different browsers)

It only checks the following protocol handlers, all of which you probably don't have and therefore it fails in all your tested browsers.

    var protocols = {
    "znzbadbfasdf" : "asdf", // bogus test
    "smb" : "GNOME support",
    "sftp" : "GNOME support",
    "addbkmrk" : "RefSpoof",
    "httpmod" : "RefSpoof",
    "hxxp" : "RefSpoof",
//  "spoof" : "RefSpoof", // tries to spoof
    "spoofx" : "RefSpoof",
//  "custombutton" : "CustomButton", // generates error
    "chm" : "chm reader",
    "glue" : "Glue",
    "wikipedia" : "Zipedia",
    "boox" : "Boox",
    "ubiquity" : "Ubiquity",
    "relative" : "FoxyProxy",
    };

[Gitoffthelawn]

Using http://www.html-kit.com/tools/cookietester/ I just discovered that all Private Browsing windows share the same cookies.

IOW, if you have one Private Browsing window open, and then open another Private Browsing window, the new Private Browsing window shares all the data with the other Private Browsing window. It would be so much more useful if each Private Browsing window had its own privacy sandbox.

[Gitoffthelawn]

Came across this: http://cs1.ca/ttest/dump.html

What do you think?

[nodiscc]

@Gitoffthelawn this looks interesting but it doesn't report my own actual config values. Is it supposed to do so? Is there more context to this test page?

[earthlng]

Look at the source code guys xD no-resource-uri addon is what blocks this

[Gitoffthelawn]

@nodiscc I found it in the description on this page: https://addons.mozilla.org/firefox/addon/no-resource-uri-leak/

It's interesting that it isn't reporting your actual values. Maybe try a fresh test profile?

[Atavic]

@Gitoffthelawn I get this: tortype = 0

[ghost]

I'm not really sure if this is the best thread to share a site which proposes to create an ad hoc Firefox profile based on the user's preferences: Firefox Profilemaker.

I've tried it but I have to say the settings are excessively rudimentary.

[Atavic]

Privoxy https://github.com/ghacksuserjs/ghacks-user.js/issues/6#issuecomment-343989292 doesn't eat so much here, maybe it's your OS battling with it?

Google S2 Shared Stuff

[publicarray]

http://webkay.robinlinus.com/ It's from the same guy that made ubercookie, not much new here but I like the design.

[Atavic]

https://people.torproject.org/~brade/tests/canvasTest.html :feelsgood:

[Atavic]

I propose the canvas test above. Blindly clicking everything I got the expected results:

3/3 tests passed ... expected true, got true expected false, got false

While the currently listed test Canvas Blocking Detection leaves me on a blank page with some text.

[Gitoffthelawn]

@Atavic I didn't have time to look too closely at it, but Firefox 58.0b4 passed all the tests (4/4) without any canvas extensions installed. Not sure exactly how to interpret those results.

[claustromaniac]

@Gitoffthelawn Isn't FF 58 with privacy.resistFingerprinting=true supposed to deal with canvas? See #7

[Atavic]

On testpage here I see no images in the Destination slots, so canvas isn't working.

[Gitoffthelawn]

@claustromaniac IIRC, yes. But I tested it with privacy.resistFingerprinting=false

[2glops]

I understant that, people.torproject detect if canvas is working or not, kkapsner shows if canvasblocker can be detected by websites.

Passed all tests on first site and CB is detected only by: function length: CB detected known pixel value test 10: CB detected

Linux FF57 with privacy.resistFingerprinting=true

[Atavic]

https://browseraudit.com

[Gitoffthelawn]

@Atavic Excellent find. I hope Mozilla takes a look at it, because there are a couple things revealed that are likely Firefox bugs.

[Atavic]

As found @ Wilders Security Forum. Search for browseraudit discussion if interested.

[Gitoffthelawn]

@Thorin-Oakenpants What were your results in FF (and which FF version)?

[Atavic]

Welcome to FP Central!

This website aims at studying the diversity of browser fingerprints and providing developers with data to help them design good defenses.

Pretty epic research, from simple charts, as:

Lang. EN 59% RU 26,2%

...to very deep custom searches.

[Kraxys]

2 sites for testing storage cleaning apps or addons:

https://www.hotcleaner.com/cleaning-software-test.html https://demo.agektmr.com/storage/

[Gitoffthelawn]

DCSec - https://cc.dcsec.uni-hannover.de/

TLS/SSL Certificate invalid.

Symantec - https://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp

Not available.

[polcak]

https://blog.skylined.nl/LocalNetworkScanner/ scans local network using cross-origin XHR requests

[polcak]

@Thorin-Oakenpants: WebRTC leaks local IP address. Then cross-origin XHR scans the local network to detect active devices, see https://blog.skylined.nl/LocalNetworkScanner/fXHRScanIPAddressPorts.js.