DMT-Nexus member
Posts: 4031 Joined: 28-Jun-2012 Last visit: 05-Mar-2024
|
This store had a site that provide selling points near your location. Since I work with a payed & respected VPN I thought they would send me a map with selling points in the country far from me where my VPN represents me. Firefox asked me if they could send 'my location' to the store server, I said YES thinking they would fail estimating my real place. I have never to my knowledge said to Firefox where I live. Bam, I get selling points around my perfect real location They got my location like the location-pin exact at my doorstep! How on earth could firefox knew where I live? My IP address is covered up nicely. Excerpt from https://www.mozilla.org/en-US/firefox/geolocation/Quote:... How does it work?
When you visit a location-aware website, Firefox will ask you if you want to share your location.
If you consent, Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.
If you say that you do not consent, Firefox will not do anything. How accurate are the locations?
Accuracy varies greatly from location to location. In some places, our service providers may be able to provide a location to within a few meters. However, in other areas it might be much more than that. All locations returned by our service providers are estimates only and we do not guarantee the accuracy of the locations provided. Please do not use this information for emergencies. Always use common sense...
Whats worth my VPN with this going on, they just have to probe my firefox only to get my location? Firefox allows to continuous disable Location Aware Browsing permanently, but that's just an ON OFF switch while the intell is still in there? If firefox can gather the location intel, why not anyone else? Puzzled... any advice welcome.
|
|
|
|
|
DMT-Nexus member
Posts: 587 Joined: 02-May-2013 Last visit: 16-Apr-2018
|
Never trust anything stated by any entity over the internet, ever. If there is a system, there will always be a way into that system; if there is a barrier, there will be an infinite number of ways to get around it. VPNs, tor, firewalls, etc. are facades; they make it hell for the common-man to DOX you, but don't do diddly squat to keep the real computer geeks out of your life. Anything with a good, solid education in hacking servers knows that the concept of privacy is a gross delusion meant only to sedate one's own uncomfortability in a reality where anything can be accessed by anyone at anytime. My friends, ex-NSA agents turned Emergency Medicine residents, were able to hack into my computer (protected via a vpn, firewall and some other malicious traps), print-out a complete directory of my hard drive & browser history (even the stuff I had thought been deleted) from the past two years, and hand it to me, all within the span of 15 minutes. Long schtick cut short, privacy is a delusion and illusion; to think its real is tantamount to believing that Big Foot didn't die at Wounded Knee an is still at large in the black mining hills of Dakota; never believe anyone or anything which claims to grant you said illusion of privacy; whomever dares to make such maliciious statements only wants your money and another back door to your virtual life. There is no such thing as privacy in all of spacetime. Wake up, -God YOU ARE DELUSIONAL(as am I). '"ALAS,"said the mouse, "the world is growing smaller every day. At the beginning it was so big that I was afraid, I kept running and running, and I was glad when at last I saw walls far away to the right and left, but these long walls have narrowed so quickly that I am in the last chamber already, and there in the corner stands the trap that I must run into." "You only need to change your direction," said the cat, and ate it up.' --Franz Kafka
|
|
|
DMT-Nexus member
Posts: 4031 Joined: 28-Jun-2012 Last visit: 05-Mar-2024
|
I've never felt safe from hacking TBH. But a simple selling store is not a hacker by any means nor is it their aim to hack. You can say clicking that YES button was like handing over my keys and it's all my own fault, but my consent is worth nothing more than a smokescreen that pretends my authority I'm afraid. I do know that xxx sites have my place wrong as they hint me in weird languages, I was there just to check that out, really
|
|
|
DMT-Nexus member
Posts: 2889 Joined: 31-Oct-2014 Last visit: 03-Nov-2018
|
I'm not sure if you would be interested in any of this, but when talking about security and firefox this often come up: *A zero day is an unfixable, undisclosed loophole or vulnerability in a system.* Quote:The ongoing battle over the Federal Bureau of Investigation’s (FBI) use of a zero-day in the Tor anonymity browser hit a new gear this week with Mozilla filing a brief to get access to the vulnerability details. The brief [PDF] filed with the U.S. District Court for the Western District of Washington, warns that “the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability.” Tor, popular among web users for the privacy and anonymity features it offers, consists of a modified Mozilla Firefox web browser. The open-source Mozilla now wants to make sure its own code isn’t implicated in the Tor zero-day that was used by the FBI in 2015 to unmask web users accessing child pornography content. http://www.securityweek....ure-tor-browser-zero-day Quote:Mozilla on Wednesday filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose a vulnerability it exploited in the Tor Browser and Firefox. The FBI used the zero-day to hack a child pornography site and de-anonymize users visiting the site using the Tor Browser. Mozilla’s motion asks that the government disclose the vulnerability at least 14 days before it fulfills a previous motion granted to the defendant Jay Michaud requiring the FBI to hand over details on the exploit to the defense team under a protective order. See more at: Motion Filed Asking FBI To Disclose Tor Browser Zero Day https://wp.me/p3AjUX-uHV -eg
|
|
|
Communications-Security Analyst
Posts: 1280 Joined: 17-Aug-2014 Last visit: 05-Feb-2024 Location: Nirvana
|
A zero day is just a brand new exploit. So new it is '0 days old', so to speak.
|
|
|
xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ
Posts: 1716 Joined: 23-Apr-2012 Last visit: 23-Jan-2017
|
Quote:... If you consent, Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.
Quote:Location-Aware Browsing is always opt-in in Firefox. No location information is ever sent without your permission. If you wish to disable the feature completely, please follow this set of steps: In the URL bar, type about:config Type geo.enabled Double click on the geo.enabled preference Location-Aware Browsing is now disabled https://www.mozilla.org/en-US/firefox/geolocation/ Remember: people with a lock picker (e.g. the CIA) can lock pick your lock. People with explosives can open your gold vaults. Sometimes it's much smarter to hide your stuff in plain sight and be a little fish in the big swarm.
|
|
|
DMT-Nexus member
Posts: 4031 Joined: 28-Jun-2012 Last visit: 05-Mar-2024
|
Yep saw that how-to-disable thingy too. But I wonder:
* what difference does it make with not giving consent to a geo-location request from a site server? It's the first time I got such request, and therefore I was keen to check it out. It's not that I have to decline on a regular base so that it start to bother me, in that case a general OFF would be welcome.
* why do they hide the geolocation on-off preset out & far away from general browser preferences? As if they are obliged but not wanting for people to find it.
* as I've hinted before: what's really worth my request-consent or on-off setting? I suspect that has more to do with guidelines and let the customer believe he's in charge, like all about the paint on the front door to make it look nice. I do believe that the regular seller's site who works with the system will not get your location if you say no, but that site is not interested in your location for the sake of that, they just want to sell a product, they're not after you at all. But for purposes who are after someone, this gadget might be a back door with a tiny fisher price lock? I dunno, just wondering.
* what I've put in bolt, and you in purple, I've never thought of that. They don't have to have 'your' location but scanning surroundings to get near you, how bloody perfect clever and this little brad is housed in everyone's firefox. What other software does alike? Can't imagine firefox is only the lonely.
|
|
|
xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ
Posts: 1716 Joined: 23-Apr-2012 Last visit: 23-Jan-2017
|
Jees wrote:Yep saw that how-to-disable thingy too. But I wonder:
* what difference does it make with not giving consent to a geo-location request from a site server? It's the first time I got such request, and therefore I was keen to check it out. It's not that I have to decline on a regular base so that it start to bother me, in that case a general OFF would be welcome.
* why do they hide the geolocation on-off preset out & far away from general browser preferences? As if they are obliged but not wanting for people to find it.
* as I've hinted before: what's really worth my request-consent or on-off setting? I suspect that has more to do with guidelines and let the customer believe he's in charge, like all about the paint on the front door to make it look nice. I do believe that the regular seller's site who works with the system will not get your location if you say no, but that site is not interested in your location for the sake of that, they just want to sell a product, they're not after you at all. But for purposes who are after someone, this gadget might be a back door with a tiny fisher price lock? I dunno, just wondering.
* what I've put in bolt, and you in purple, I've never thought of that. They don't have to have 'your' location but scanning surroundings to get near you, how bloody perfect clever and this little brad is housed in everyone's firefox. What other software does alike? Can't imagine firefox is only the lonely. That's too much for me to ask. But I doubt it's a conspiracy, the FF code is OSS and I doubt it's infiltrated by the NSA.
|
|
|
DMT-Nexus member
Posts: 2889 Joined: 31-Oct-2014 Last visit: 03-Nov-2018
|
Quote:A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.[1] It is known as a "zero-day" because it is not publicly reported or announced before becoming active, leaving the software's author with zero days in which to create patches or advise workarounds to mitigate against its actions -Wikipedia -eg
|
|
|
DMT-Nexus member
Posts: 574 Joined: 24-Jan-2009 Last visit: 25-Aug-2023 Location: somewhere in the sands of time
|
Haven't read the thread but you probably have WebRTC leakage. Unless specifically dealt with by the user, it pretty much effects everyone using VPNs. I wrote about this in my internet security tutorial located in my thread in this "Security" section of the forum and here is a direct link: https://docs.zoho.com/wr...d2fc48bdb76e20f6234765bb"WebRTC is a technology that allows for browser-to-browser interactions not previously possible with other standards. A serious privacy issue has been found in WebRTC. This issue allows for websites see the local IP address of a user. This is a major concern as it allows for unique identification of users behind NATs, VPN, and Proxy." Test if your leaking your IP address via WebRTC here: https://diafygi.github.io/webrtc-ips/Your local IP address should not appear. How I remedy the issue: I already use an extension for adblocking called "uBlock Origin", (available for FireFox and Chromium/Chrome) I consider it the best, at least the last time I checked. It blocks everything while being lightweight. In the extensions settings, check "Prevent WebRTC from leaking local IP addresses". You can also simply disable WebRTC in Firefox: Enter "about:config" in the URL bar Find the key of "media.peerconnection.enabled" Set the value to "false" But it may reset after each update. Which is why you may want to install Disable WebRTC And there's extensions for FireFox and Chromium/Chrome specifically, to prevent this: Extension for Chromium: https://chrome.google.co...ikejlgdbkbdfeijglgfdalmlExtension for Firefox: https://addons.mozilla.o...o-disable-webrtc/?src=ssHope this helps people.
|
|
|
Communications-Security Analyst
Posts: 1280 Joined: 17-Aug-2014 Last visit: 05-Feb-2024 Location: Nirvana
|
Ufostrahlen wrote:Quote:... If you consent, Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.
Quote:Location-Aware Browsing is always opt-in in Firefox. No location information is ever sent without your permission. If you wish to disable the feature completely, please follow this set of steps: In the URL bar, type about:config Type geo.enabled Double click on the geo.enabled preference Location-Aware Browsing is now disabled https://www.mozilla.org/en-US/firefox/geolocation/ Remember: people with a lock picker (e.g. the CIA) can lock pick your lock. People with explosives can open your gold vaults. Sometimes it's much smarter to hide your stuff in plain sight and be a little fish in the big swarm. I did infosec for many years, I actually partnered with beyondtrust for a while. There are a lot of ways to jack your information. First and foremost, let's talk about passwords. Passwords are nothing but a lock on a door. No matter how strong that lock is, how big and strong that door is, I can still break a window if I need to. Next, let's talk about what you post online. I don't need your passwords to your website accounts when the answer to all of your recovery questions are publicly announced on your facebook profile. At least half of the time, they are. Everyone talks about IP addresses, so let's talk about them. Content such as internet forums, emails, and sms texts can include rapid offsite logging scripts that record user data. This could be valuable data needed to authenticate you to this website, or your IP address. But why would I care about your IP address when I can just post some random link to some hacked site, which you click on and give me access to your account, on this site. You dig? IP addresses aren't even that important. It's not enough to tie you to anything. It's not going to hilight your name, or even prove you were on any said computer or device. You can relax a bit here. Next, don't trust public wifi. I've authoured a great deal of scripts that can do things such as monitoring and editing everything from images, videos, and even paypal transactions. Ettercap and nmap work very well in tandom for this. The list goes on almost infinitely. What matters is that you need to control what you say/do, where you say/do it, and how you say/do it. Nobody is going to come looking for you unless you invite them to do so.
|
|
|
DMT-Nexus member
Posts: 4031 Joined: 28-Jun-2012 Last visit: 05-Mar-2024
|
Time to go back to that site and see if it changed anything, uBlock on, webRTC disabled: https://www.planet-knox.com/find-stockists/Hitting the "Share my location" resulted in straight at my doorstep, again. I believe it is not webRTC related but meanwhile I'm feeling fine to have webRTC in control now, thank you again. I think firefox just knows where I live by transactions I made, like entering an Address/City/Country fields on several occasions, that simple.
|
|
|
just some guy
Posts: 564 Joined: 13-Dec-2011 Last visit: 23-Mar-2019 Location: The Rocinante
|
Godsmacker wrote:My friends, ex-NSA agents turned Emergency Medicine residents, were able to hack into my computer (protected via a vpn, firewall and some other malicious traps), print-out a complete directory of my hard drive & browser history (even the stuff I had thought been deleted) from the past two years, and hand it to me, all within the span of 15 minutes. Ah, there's your mistake.. You see, if they tried this on me, it would never work. There's not a printer on the planet that can make a hard copy of my browser history or drive in 15 minutes. The technology just doesn't exist.
|
|
|
DMT-Nexus member
Posts: 587 Joined: 02-May-2013 Last visit: 16-Apr-2018
|
Hiyo Quicksilver wrote:Godsmacker wrote:My friends, ex-NSA agents turned Emergency Medicine residents, were able to hack into my computer (protected via a vpn, firewall and some other malicious traps), print-out a complete directory of my hard drive & browser history (even the stuff I had thought been deleted) from the past two years, and hand it to me, all within the span of 15 minutes. Ah, there's your mistake.. You see, if they tried this on me, it would never work. There's not a printer on the planet that can make a hard copy of my browser history or drive in 15 minutes. The technology just doesn't exist. *that's what they would want you to think... '"ALAS,"said the mouse, "the world is growing smaller every day. At the beginning it was so big that I was afraid, I kept running and running, and I was glad when at last I saw walls far away to the right and left, but these long walls have narrowed so quickly that I am in the last chamber already, and there in the corner stands the trap that I must run into." "You only need to change your direction," said the cat, and ate it up.' --Franz Kafka
|
|
|
DMT-Nexus member
Posts: 587 Joined: 02-May-2013 Last visit: 16-Apr-2018
|
Hiyo Quicksilver wrote:Godsmacker wrote:My friends, ex-NSA agents turned Emergency Medicine residents, were able to hack into my computer (protected via a vpn, firewall and some other malicious traps), print-out a complete directory of my hard drive & browser history (even the stuff I had thought been deleted) from the past two years, and hand it to me, all within the span of 15 minutes. Ah, there's your mistake.. You see, if they tried this on me, it would never work. There's not a printer on the planet that can make a hard copy of my browser history or drive in 15 minutes. The technology just doesn't exist. By technology, do you mean the actual technological agents which would be able to collect this info in a matter of minutes, or the amount of paper it would take to print-out your entire hard drive directory onto? '"ALAS,"said the mouse, "the world is growing smaller every day. At the beginning it was so big that I was afraid, I kept running and running, and I was glad when at last I saw walls far away to the right and left, but these long walls have narrowed so quickly that I am in the last chamber already, and there in the corner stands the trap that I must run into." "You only need to change your direction," said the cat, and ate it up.' --Franz Kafka
|
|
|
DMT-Nexus member
Posts: 11 Joined: 09-Jul-2016 Last visit: 03-Dec-2016
|
Godsmacker wrote:Hiyo Quicksilver wrote:Godsmacker wrote:My friends, ex-NSA agents turned Emergency Medicine residents, were able to hack into my computer (protected via a vpn, firewall and some other malicious traps), print-out a complete directory of my hard drive & browser history (even the stuff I had thought been deleted) from the past two years, and hand it to me, all within the span of 15 minutes. Ah, there's your mistake.. You see, if they tried this on me, it would never work. There's not a printer on the planet that can make a hard copy of my browser history or drive in 15 minutes. The technology just doesn't exist. By technology, do you mean the actual technological agents which would be able to collect this info in a matter of minutes, or the amount of paper it would take to print-out your entire hard drive directory onto? By this time usually you'll have so much money owed to the US gov't so as to pay for the paper to print the sheets.
|