Recent

Author Topic: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)  (Read 2598 times)

ASBzone

  • Hero Member
  • *****
  • Posts: 713
  • Automation leads to relaxation...
    • Free Console Utilities for Windows (and a few for Linux) from BrainWaveCC
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #30 on: September 12, 2024, 06:25:38 pm »
I would be extremely grateful if whoever is reading this is willing to SHARE YOUR USER-AGENT INFO.

Done.
-ASB: https://www.BrainWaveCC.com/

Lazarus v3.5.0.0 (2216170cde) / FPC v3.2.3-1387-g3795cadbc8
(Windows 64-bit install w/Win32 and Linux/Arm cross-compiles via FpcUpDeluxe on both instances)

My Systems: Windows 10/11 Pro x64 (Current)

ASBzone

  • Hero Member
  • *****
  • Posts: 713
  • Automation leads to relaxation...
    • Free Console Utilities for Windows (and a few for Linux) from BrainWaveCC
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #31 on: September 12, 2024, 06:32:00 pm »
It says this extension will have permission to: Access your data for all websites ( I do my banking on-line ) also says access browser activity during navigation. So how safe is this I wonder?

My recommendation to all is that if you do online banking, always do it from a browser that is not used for any other function except financial management.  Even ecommerce is a gamble in that browser unless you are only purchasing from well known ecommerce sites.

Most people don't have a whole machine they can dedicate to such activity, so an isolated browser that never connected to social media of any kind, is the next best option.
-ASB: https://www.BrainWaveCC.com/

Lazarus v3.5.0.0 (2216170cde) / FPC v3.2.3-1387-g3795cadbc8
(Windows 64-bit install w/Win32 and Linux/Arm cross-compiles via FpcUpDeluxe on both instances)

My Systems: Windows 10/11 Pro x64 (Current)

MarkMLl

  • Hero Member
  • *****
  • Posts: 7622
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #32 on: September 12, 2024, 06:43:30 pm »
My recommendation to all is that if you do online banking, always do it from a browser that is not used for any other function except financial management.  Even ecommerce is a gamble in that browser unless you are only purchasing from well known ecommerce sites.

Most people don't have a whole machine they can dedicate to such activity, so an isolated browser that never connected to social media of any kind, is the next best option.

I agree. And that's particularly the case for sites like Ali which tend to wrap "stores" with little regard for any hazards that their files and scripting present.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #33 on: September 12, 2024, 06:45:15 pm »
I would be extremely grateful if whoever is reading this is willing to SHARE YOUR USER-AGENT INFO.

Done.
Thank you. Your ip-address I ran through IPinfo.io and looks like your not too far away from me. Chicago huh? The windy city and home of the Chicago Bulls and Michael Jordan. I have a question about your monitor, that is a resolution I have not seen before: 1607 by 876 ( how did you manage that?)   

So looks to me  like your running Windows NT 10.0 it is a x64 and browser is Safari? Is that correct or I screwed up? Thank you once again for testing.
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #34 on: September 12, 2024, 06:53:08 pm »
It says this extension will have permission to: Access your data for all websites ( I do my banking on-line ) also says access browser activity during navigation. So how safe is this I wonder?

My recommendation to all is that if you do online banking, always do it from a browser that is not used for any other function except financial management.  Even ecommerce is a gamble in that browser unless you are only purchasing from well known ecommerce sites.

Most people don't have a whole machine they can dedicate to such activity, so an isolated browser that never connected to social media of any kind, is the next best option.
Understood and thanks. So, if I install a brand new browser and use that for nothing but my online-banking I should be reasonably safe? I am wondering can we have two or multiple firefoxes or Google Chrome on the same system? I am going to find out :-)
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7622
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #35 on: September 12, 2024, 07:00:17 pm »
Understood and thanks. So, if I install a brand new browser and use that for nothing but my online-banking I should be reasonably safe? I am wondering can we have two or multiple firefoxes or Google Chrome on the same system? I am going to find out :-)

Frankly I don't think you need to. Firefox (and other Mozilla browsers) don't normally attempt to install any files other than in the user's home directory, and when you set up a new profile that goes into a separate tree. See

Code: [Select]
~/.mozilla/firefox/profiles.ini
~/.thunderbird/profiles.ini

which are the xrefs between named profiles and machine-generated directory names.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #36 on: September 12, 2024, 07:23:20 pm »
Code: [Select]
[quote author=MarkMLl link=topic=68478.msg529691#msg529691 date=1726160417]
Frankly I don't think you need to. Firefox (and other Mozilla browsers) don't normally attempt to install any files other than in the user's home directory, and when you set up a new profile that goes into a separate tree.
Mark I have never had a need to have more than a single profile for any of my browsers ( 90% of the time I use Firefox, 5% of the time I use Google Chrome because it gives me a whole lot more real estate when am doing front-end css + js stuff and 5% of the time on Opera just mucking about) so this is a brand new learning experience for me. What is the simplest way to go about doing this?
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #37 on: September 12, 2024, 07:30:51 pm »
Code: [Select]
~/.mozilla/firefox/profiles.ini

This is what I get:
Code: Text  [Select][+][-]
  1. aruna@debian:~$ ls ~/.mozilla/firefox/profiles.ini
  2. /home/aruna/.mozilla/firefox/profiles.ini
  3. aruna@debian:~$ cat ~/.mozilla/firefox/profiles.ini
  4. [Profile3]
  5. Name=default-release
  6. IsRelative=1
  7. Path=43coj9rk.default-release
  8.  
  9. [Profile2]
  10. Name=default-esr-1
  11. IsRelative=1
  12. Path=nlw1bpu6.default-esr-1
  13.  
  14. [Profile1]
  15. Name=default
  16. IsRelative=1
  17. Path=2cgjvl5n.default
  18. Default=1
  19.  
  20. [Install7210ADFAF9B279F0]
  21. Default=nlw1bpu6.default-esr-1
  22. Locked=1
  23.  
  24. [Profile0]
  25. Name=default-esr
  26. IsRelative=1
  27. Path=vzue9oic.default-esr
  28.  
  29. [Install3B6073811A6ABF12]
  30. Default=vzue9oic.default-esr
  31. Locked=1
  32.  
  33. [General]
  34. StartWithLastProfile=1
  35. Version=2
  36.  
  37. [Install981668029778D79]
  38. Default=43coj9rk.default-release
  39. Locked=1
  40.  
  41. aruna@debian:~$
  42.  
  43.  
I had no idea I had 3 profiles ( What the hell :-\ )
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7622
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #38 on: September 12, 2024, 07:44:52 pm »
What is the simplest way to go about doing this?

Add the parameters I've shown you to your browser startup menu entry. Run it, create a new profile, see what it does to your profiles.ini file and then relative to the same directory you should see a completely new tree of files (many of these are SQLite databases) representing the new profile which I'd expect to not contain any existing plugins etc.

I've been using it on various OSes since at least the Netscape v4 days... probably longer since we were already moving from OS/2 to NT before 1996 when it was released.

It's so simple Joanna could do it, and the security benefits are such that I feel she'd be doing herself a favour if she did.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #39 on: September 12, 2024, 08:20:26 pm »
What is the simplest way to go about doing this?

Add the parameters I've shown you to your browser startup menu entry. Run it, create a new profile, see what it does to your profiles.ini file and then relative to the same directory you should see a completely new tree of files (many of these are SQLite databases) representing the new profile which I'd expect to not contain any existing plugins etc.
I ran
Code: Pascal  [Select][+][-]
  1. aruna@debian:~$ firefox -P
it popped-up a window where I am able to create a profile.

It's so simple Joanna could do it, and the security benefits are such that I feel she'd be doing herself a favour if she did.
I was actually chatting with her this morning (on IRC #pascal) and she is a very pleasant charming lady with a sense of humor. She suddenly went off-line after a while. Maybe work? Or something else? Btw, 'I' will not be here or within grabbing distance when she reads your post, am just saying :-) 
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7622
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #40 on: September 12, 2024, 09:00:02 pm »
I was actually chatting with her this morning (on IRC #pascal) and she is a very pleasant charming lady with a sense of humor. She suddenly went off-line after a while. Maybe work? Or something else? Btw, 'I' will not be here or within grabbing distance when she reads your post, am just saying :-)

I'm more than happy to give Joanna the benefit of the doubt, and a copious amount of rope :-) But with the best will in the World: she's inclined to head off in unjustified (and misplaced) anti-establishment rants, it's almost as though she panics when presented with certain fnords. After something that transpired a day or so ago I also find myself wondering whether she really appreciates the difference between IRC and a forum (aka discussion group etc.), and the fact that in the latter case she really /does/ have to go back and read a thread in its entirety.

Please note that I specifically didn't say "even Joanna" earlier. But I'm seriously trying to make the point that if she- or for that matter anybody else- is worried about browser security then using Firefox with multiple profiles is a very good starting point, since even if one instance sets up (e.g.) a tunnel that persists longer than it should others should still be isolated. There are obviously problems when a browser starts writing outside its profile storage area, and I think I'd include ~/Downloads in that... I definitely would if a browser's configuration could be tweaked so that out-of-profile scripts could be run.

Things like spoofing the browser's UA string are only likely to help if scripting is disabled, since my recollection is that one of the things that can be mined from the DOM is an array identifying the installed extensions and plugins and in any event Google et al. can probably work out what's running by fingerprinting exactly what facilities are in the DOM. But basically anything that distracts less skilled attackers...

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #41 on: September 12, 2024, 09:53:42 pm »
I'm more than happy to give Joanna the benefit of the doubt, and a copious amount of rope :-)
Remember what @Martin_fr said? No personal attacks or digs :-) I like hanging around in this forum with so many people I continue to learn from every single day. The last thing I need is to get banned. ( Not happening:-)

But with the best will in the World: she's inclined to head off in unjustified (and misplaced) anti-establishment rants, it's almost as though she panics when presented with certain fnords. After something that transpired a day or so ago I also find myself wondering whether she really appreciates the difference between IRC and a forum (aka discussion group etc.), and the fact that in the latter case she really /does/ have to go back and read a thread in its entirety.
Patience is an acquired skill, so is tolerance. We have no idea what she may have gone through Mark? For someone to go off like that there has to be a reason which we are not privy to.

Given she drives me up the wall sometimes but maybe she feels scared, or fear of the unknown, or could be so many things. Given sometimes I feel this is a lost cause but that does not stop guys like you and me from helping.

I just do what we all do in situations like this I do not react or engage in that direction I simply wait for the anger and outburst to die down and when we have calmer weather initiate a dialog again, hopefully. All am saying is the Joanna I chat with on IRC and here in the forum could be two very different people. She was warm and welcoming to me this morning ( and I was getting ready to wear my body armor titanium carbon steel, but found there was no need) She believe it or not actually went and made me burst out with laughter. 

People have different natural levels of patience. Give her time I guess, once she sees that what we tell her can make her browsing a heck of a lot safer well you never know:-) Once she becomes comfortable with you she is a very normal person. The same cannot be said for you or me coz you went and spoofed NSCA with multics of all os's and I have a streak of certifiable lunacy in me. Why else would I still be trying to comprehend/figure out what the heck is an Object in Lazarus  %)

Please note that I specifically didn't say "even Joanna" earlier. But I'm seriously trying to make the point that if she- or for that matter anybody else- is worried about browser security then using Firefox with multiple profiles is a very good starting point, since even if one instance sets up (e.g.) a tunnel that persists longer than it should others should still be isolated. There are obviously problems when a browser starts writing outside its profile storage area, and I think I'd include ~/Downloads in that... I definitely would if a browser's configuration could be tweaked so that out-of-profile scripts could be run.

Things like spoofing the browser's UA string are only likely to help if scripting is disabled, since my recollection is that one of the things that can be mined from the DOM is an array identifying the installed extensions and plugins and in any event Google et al. can probably work out what's running by fingerprinting exactly what facilities are in the DOM. But basically anything that distracts less skilled attackers...

MarkMLl
Agreed and good advice. If only we can get people to listen then implement. ( Yes you may kick me when we someday meet. You know this is very off-topic and irrelevant to this topic but I saw yur profile says     'Sussex, UK' ? In 77 to 79 I was in Twickenham, Middlesex. Those were the days. I was what 17 I think :-)
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7622
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #42 on: September 13, 2024, 05:22:50 pm »
https://hackaday.com/2024/09/10/a-look-at-the-small-web-part-1/ might be of general interest. However the thing that it's very much brushing under the carpet is the difficulty of keeping an exposed server safe, and the significant overhead of the crypto etc. protocols that are pretty much insisted on by most players today.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

ASBzone

  • Hero Member
  • *****
  • Posts: 713
  • Automation leads to relaxation...
    • Free Console Utilities for Windows (and a few for Linux) from BrainWaveCC
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #43 on: September 13, 2024, 05:42:53 pm »
Thank you. Your ip-address I ran through IPinfo.io and looks like your not too far away from me. Chicago huh? The windy city and home of the Chicago Bulls and Michael Jordan. I have a question about your monitor, that is a resolution I have not seen before: 1607 by 876 ( how did you manage that?)   

So looks to me  like your running Windows NT 10.0 it is a x64 and browser is Safari? Is that correct or I screwed up? Thank you once again for testing.

That's very interesting.    I went to https://www.whatismybrowser.com/detect/what-is-my-user-agent/ to see what it was representing as my browser.   I'm using the Brave browser which is Chromium based.


Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

It mentions both Chrome and Safari in the output.

And I'm doing it from a Windows 11 system, so the OS recognition is accurate.

I'm not doing anything specific to mask my user agent.

I'll do one more test, using three browsers back to back:
-- Brave
-- Edge
-- Firefox

Also, IP address info doesn't pinpoint users anymore because of how ISPs distribute them throughout their service area.  I happen to reside in the Appalachian mountains... 😁     I think my ISP is HQ in Dallas, TX.   The IP block may have been previously owned by an entity in Illinois...
« Last Edit: September 13, 2024, 05:46:18 pm by ASBzone »
-ASB: https://www.BrainWaveCC.com/

Lazarus v3.5.0.0 (2216170cde) / FPC v3.2.3-1387-g3795cadbc8
(Windows 64-bit install w/Win32 and Linux/Arm cross-compiles via FpcUpDeluxe on both instances)

My Systems: Windows 10/11 Pro x64 (Current)

ASBzone

  • Hero Member
  • *****
  • Posts: 713
  • Automation leads to relaxation...
    • Free Console Utilities for Windows (and a few for Linux) from BrainWaveCC
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #44 on: September 13, 2024, 05:54:17 pm »
I have a question about your monitor, that is a resolution I have not seen before: 1607 by 876 ( how did you manage that?)   

That's interesting...   I have two monitors, both at 1920 x 1080.

Was it capturing the size of the screen or the size of the browser window?

I did a few tests at different browser sizes.  Would be interesting to see what you get.
-ASB: https://www.BrainWaveCC.com/

Lazarus v3.5.0.0 (2216170cde) / FPC v3.2.3-1387-g3795cadbc8
(Windows 64-bit install w/Win32 and Linux/Arm cross-compiles via FpcUpDeluxe on both instances)

My Systems: Windows 10/11 Pro x64 (Current)

 

TinyPortal © 2005-2018