[OU] How to anonymize Opera?

[Bessenyei Balázs]

Hi,

If you want button for those settings you can use one of the online custom  
button creator webpages. http://nontroppo.org/tools/buttonmaker/ It  
requires some investigation, on how to touch the appropiate functions, but  
it can be done.
Also there are several premade ones on  this link as well  
http://operawiki.info/CustomButtons

Also I requlary check FF versions, but it always remembers me an old joke.  
"No matter how I assemble it, I always get a tank."

The UA string and the Operating system version doesn't realy help the  
attacker that much. My router is useing a non ms operating system, so they  
are welcome to try to hack it with ms based exploits. They can try browser  
specifc exploits, but those will fail as well since, I'm useing more than  
one HIPS. Including a sandbox and some other security solutions. Also  
Opera since it closed source, is using the security by obscureity  
pinciple, which requires even greater efforts to hack than the others,  
includeing the smaller useage percentage.

The adblockPlus feature can be reached in Opera via right clicking on the  
site then selecting Block Content
The NoScript can be achived via F12 or site specifcly via  right clicking  
on the site then selecting Edit site Preference. Ctrl-F12 / Advanced /  
Content / Javascript options can set the block to all sites, then  
removeing them site speficialy if needed.
The cookies and other plugins related configuration is reachable on the  
above mentioned settings page, or the above referenced buttons page.

I have also checked the anonomizer networks, but all of the can be brooken  
with some effort. The ISP provided solutions are also interesting, but  
with court order they have to provide the data (or with the help of a  
disgruntled employe). Also these type of solutions are makeing the p2p  
based softwares completly or partly inoperable. For example bizzard is  
useing p2p to effectivly patch the wow clients. There are experimental P2P  
based broadcasting applications, includeing some official versions as  
well. If they use random address to send data. The other solution is to  
but you behind a NAT, which will effectivly kills your oportunity to play  
with your firends online with locally hosted gameservers.

Javascript is not bad by default nor flash nor java nor html or even ajax.  
Most of the security problems are caused by incorrect implementations.  
Javascript shouldn't be banned. Instead the improper implementations and  
needles usage should be banned. The same aplies to other web technologies  
as well.

In the final anaysis for normal webbrowsing it doesn't worth it. I have  
multiple email accouts for that some of them are dedicated to SPAM only.  
Also you can check bugmenot.com website for especialy their throwable  
email address service is great. For sensitiv browsing there are so many  
solutions that I can randomly pick one for the time being. This way it is  
a bit more harder to track.
Basicly all major browser can be setup to minimalize "sesitive"  
information leakage. Some has built in features (Opera) for this  
requireing a bit more diging. Some requires plugins (FireFox and its  
clones and maybe IE). Also proxies can be placed before it, to remove even  
more information or send the data throug anaonimizer networks, with  
consequences.

According to your email address you are useing MAC, the latest CanSecWest  
conference MAC was hacked first even before Vista.
Your email provider storeing the emails on their servers in an encyripted  
form, if we assume that they implemented it correctly. They still have to  
send your messages on the open internet in plain text format, between  
servers. Which can be read with a simple package sniffer, since mail  
traffic is not encyripted between mail servers in most cases and for  
compatibility reasons. If you want to prevent this you have to send the  
email encyripted, of course this way the reciever also needs a way to  
decyript it. This way you have to trust some form of email encyription  
software like PGP.
Fakeing your email address isn't that difficult, there are still many SMTP  
servers that allows entering any email address in the sender field.
Although the other features they offer are very lucrative and they have  
free service so I give them a try.

BR
BB


On Sat, 02 Aug 2008 11:32:05 +0200, macintoshzoom  
<macintoshzoom at lavabit.com> wrote:

> Hi Bessenyei Balázs
>
> Bessenyei Balázs wrote:
>> Hi, I'm Balázs, sorry about the missing introduction.
>>
>> I'm not on opera developer team or associated with the company any way.
>>
>> The link you have provided to the privacy optimized FF profil. States in
>> the second sentence, the following:
>> "We recommend using JonDoFox together with JonDo"
>> So they admit that even with that profil you are not "safe".
> They are not admitting nothing there.
> Just test the site-test from your opera, try to amsk and everything, you
> will see it don't works: The test reveals to any one who uses the same
> test technique (Paypal, Google, Opera, hackered/spoofed sites) your real
> user-agent details: Opera browser and worst, your OS.
>
>>
>> As I have said before that information is required for normal site
>> operations, also that information can be used to track your activities.
>> You can remove that information useing proxy servers, but it will cause
>> issues with some sites.
>
> Yes, you may need to allow for specific sites you feel are safe cookies,
> javascript, plugins (e.g. your banking, gmail , , youtube, etc.
>
> (gmail allows NOW (result from many user protests) for a version without
> javascript -only cookies needed- (yes, some reduced functionality, bad
> webmasters job or intentionally done)
>
> But as javascript and plugins are VERY dangerous for your data
> protection, there are many webmasters and corporations swithcing to more
> secure web-designs, pure html, etc.
> Javascript should be banned as evil, or bundle with some kind of secure
> filterings for bad/dangerous/unnapropiate/unnacepted behaviors. Privoxy
> (a must in your privacy/securuty toolbox) does a bit of that already .
>
>> Nowdays sites are using javascript to determine the capabilities of your
>> browser and lots of other information regarding your browsing session.
> Every security Internet advisor will reccomend ALWAYS to swith-off your
> javascript.
> Javascript is a beautiful way to design powerful sites, BUT that was
> before Internet become so dangerous and unsafe.
> An easiest way to infect your PC with keyloggers, rootkits, trojans,
> spambots and viruses FOR life is via javascript.
> A huge % oft he worldwide computers are infected.
>
> So
>> even behind proxies you can be identifed and profiled.
> If you are so innocent and ignorant to still leave enable javascript!
>
>
> You only make it a
>> bit harder for them and much less inconvinient for yourself. Forget the
>> top of the page and see the bottom of it, there are lot more interesting
>> data regarding you that is apparent at first.
>> Also there is the IP address, which simply can't be filtered out. You  
>> can
>> however use anonimizer networks to hide it like Tor, or JonDo.
> The IP should always be masked via an anonymizer network. Ig f the
> hacker (robot or human) knows your Ip they got 80% of the job done to
> hack your PC.
> Soon all ISP will offer those anonymization services, for free or for a
> litle extra, besides an https proxy to hide from neigbour sniffering.
> The UN will anyway enforce govs and ISP to provide them to protect
> citizen privacy rights.
>
> But even
>> those network can't protect you completly. Traffic analysis are one of  
>> the
>> possible methods to break them.
>
> Security, as privacy is never absolute, but you will not drive a car
> without your safety belts. Only a few decades ago those didn't exists.
> Today cars and road must specify a security specifications that only one
> decade ago cars couldn't satisfy at all.
> Thank to this progress, fatal accidents have lowered perhaps to 50%.
> Even today, you are quite SAFER on a big Audi or Saab, than in a litle
> corean car.
>
>>
>> As you can see, with external software and settings you can make  
>> yourself
>> less profilable. But this way you will be give up correct rendering and
>> speed (Tor and such networks are not very fast). But you can rest  
>> assured,
>> if they want to track you, they will track you.
> No and no, you can protect you quite a lot.
> You must defend yourself and your family and your world, you must fight,
> protest, react, and denounce, a passive fatalist attitude don't will
> gave a chance to human being to progress to a fairer world.
>
>
> Internet is like
>> interpersonal communication, if you are interacting with people (or
>> servers) you will leave traces. In both cases it can be used against  
>> you.
>> If you want to avoid that, have a life that can't be stained, after
>> reassembling those information, live without regrets.
>>
>> If you think you can't have fine grained control in Opera than in FF
>> regarding information sent to the page you are completly wrong. Just  
>> rigth
>> click on the page and choose site preference. If you want to do this
>> before visiting sites, modify the global defaults CTRL-F12 / Advanced,  
>> and
>> use the previously mentioned site specific settings for sites you trust.
>>
>> The only sure identification method I know of on the internet is the IP
>> address.
> Yes, not any more with strong anonymizers as tor, jap(jondonym), i2p or
> many apid ones as anonymizer.com, steganos.com, etc.
>
> The information in the header or the top of the JonDoes website
>> is irrevelant by itself. Whey is it hurt you that the site you are
>> visiting wants to know that how many of their vistors useing windows, or
>> opera or any other browser?
>> Without the ip address it is problematic to link it to you, and nothing
>> more just a nameless statistical data (if that brothers you use a proxy,
>> global and site specific settings).
>> For hideing the IP you can use Tor or some other networks, if it is big
>> enough and useing appropiate criptografic algorithm and you are not too
>> important you can get lucky and not be traced. If you are interesetd,
>> recently even skype's encryipted voice traffic can be reconstructed,
>> without breakingg the encryption, over 50% accuracy, thanks to the
>> variable bit rate encodeing.
> You are right. Interesting info about skype and voip.
>>
>> Also I will rest my case with the following information. The "Optimized"
>> profile is nothing more than a javascript.
>
> You didn't make your home job.
> This JONDOFOX https://www.jondos.de/en/jondofox  profile for FF (It
> should be good to create a similar pre-set-for-privacy profile-settings
> for Opera, my opera has lots of custom settingn and extra toolbar
> buttons enabling and disabling at one mouse click cookies,javascript,
> etc, but still at as whole browser sets, need a button for quick setting
> the tabbed specific current site (instead of menu-editsiteferences...-
> todo) and includes lots of privacy specific settings and extra privacy
> tools (pre-setted for a good protection) addons:
>
> Noscript http://noscript.net/features (please read this: 25,331,347
> total downloads, twenty five millions) (javascript blocker/allower per
> site wih lots of per site/global extra privacy tweakings (allow/block
> iframes,flash,Silverlight.Java,other plugins, etc.
>
> Other amin addons are adblockplus, coockieswap, cslite (cookie
> allower/blocker/+per-site-settings), etc.
>
> Plus privacy focussed settings.
>
> Try FF3! You can't speak about Opera without testing regularly
> competitors, the most relevant now is FF3 with the Jondofox profile,
> pointing to an anonymizer proxy network.
>
> Since Opera supports user
>> scripts that profile can be applied in Opera as well. Unortunalty you  
>> need
>> to addapt it to be Opera specific, or use it to rewrite the opera6.ini.
>>
>>
>
> It should be good to create a similar pre-set-for-privacy
> profile-settings for Opera, my opera has lots of custom settings and
> extra toolbar buttons enabling and disabling at one mouse click
> cookies,javascript, etc, but still at as whole browser sets, need a
> button for quick setting the tabbed specific current site (instead of
> menu-editsiteferences...)- todo.
>
> I have to learn on using user scripts, still an obscure Opera tweaking
> way for me, Opera remains badly tweakeable for common mortals.
>
> Thanks Bessenyei Balázs to talk about all this, I am reading you with
> attention.
>
> I have posted a new thread to refresh this annoying user's privacy
> rights lacks from Opera, titled "Updating to 9.51 don't respect my
> preferences"
> See you there also!.
>
> Mac
>



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/