Phaster Computer Spy


Are you paranoid about someone
watching your every move?

Some ISP’s use a transparent web proxy (i.e. most of the outbound traffic to TCP port 80 gets re-routed through machines running some Inktomi transparent HTTP proxy software).

Naturally, ISP’s keeps logs for that traffic (Inktomi boasts that its Traffic Server can write many different log formats), in part to deal with abuse.

As you might expect, privacy policies do not directly cover these logs. They make promises about some very specific types of information, but does not make any general statements that obviously pertain to types of information not covered in the enumerated, specific types. Result: most lawyers would say an ISP could sell access to DoubleClick, the FBI, the FSB (the KGB has changed initials but not staff) or anyone else.

Checking your system

So are you using a proxy, but don’t know it? You can check pretty quickly (though I should warn you, while a positive/proxy result is conclusive, a negative/no-proxy result may be a result of the proxy configuration, as the systems can be set up to bypass the proxy for certain sites, or to only use the proxy for certain sites, etc.).

Step 1: what’s your address?

Check your current address for whatever network adapter (ethernet card, PPP/dialup device, etc.). On the Mac start by checking the TCP/IP control panel. In Unix or Linux, something like '/sbin/ifconfig eth0' will do; in Micro$oft Windows 9x, run 'winipcfg'; in Windows NT, 'ipconfig'.

Step 2: what address do web sites see?

Go to a URL that will show you the environment variables passed to a env.cgi script, like http://perlprogrammers.com/env.html or http://www.ualberta.ca/htbin/dumpenv.pl. Look at REMOTE_ADDR. Reload several times. Does it change? You might see some other proxy-specific variables like HTTP_CLIENT_IP and HTTP_VIA, depending on the proxy server’s configuration.

Step 3: interpreting the results

If you ever see a REMOTE_ADDR value in Step 2 that doesn’t match the local address from Step 1, yet you don’t have a Manual or Automatic proxy configured in your browser, then congratulations, you’re behind a transparent proxy, and should assume that all your web traffic is being logged.

http:// vs https:// For regular HTTP, there’s a lot they can conceivably record. The URL. Your cookies. Where you came from. Etc. For https:// it’s a bit better. All they can do is record where you connected to, and when. Even this information might be deemed valuable, e.g., someone frequently connecting to many banking sites probably isn’t eligible for low income tax credits. https:// is somewhat like encrypting your email: they can’t tell what you’re doing, but they can tell who you’re contacting.

Server Side Includes

If a server is SSI (Server Side Includes) enabled, all that needs to be done to call SSI to life from any web page is to give the web page a file name extension of .shtml instead of the usual .html. This will cause the SSI enabled server to display all sorts of user info.

 

Just some of the stuff JavaScript
knows about you

Where You Are From
 
The Last Page You Visited
 
Your Screen Size
 
Web Browser and Version You Are Using
 
What Time And Day It Is Where You Live
 
How Many Sites You Have Visited Before This One
 
What Programs You Have Installed On Your Computer

Links

 Avoid the Web Page spam Scam
 Secure Online Shopping Browser Check
 VeriSign - Browser Check








Home