How can a pc be UNIQUELY identified online?

Discussion in 'Programming & Software Development' started by Mihalis, Aug 16, 2009.

  1. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    14,850
    Location:
    Canberra
    Google (and other ad companies) of course profile their users, but they have access to significantly more data than you or I as a webmaster of a single site would ever have access to.

    Google has your search history ('everyone' uses Google yeah), mail history ('everyone' uses gmail), browsing history (every time you get a googlead from a site, you use chrome). etc.

    They have the data and capability to analyse all of that.
     
  2. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,093
    Location:
    Sleepwithyourdadelaide
    Essentially not possible if you are using TOR
     
  3. nEBUz

    nEBUz Member

    Joined:
    Feb 14, 2007
    Messages:
    824
    Location:
    Wanaka, NZ
    While the concept of this kind of thing makes me incredibly nervous and slightly disgusted; http://samy.pl/evercookie/ and similar techniques are pretty damn effective even if you anonymised and disable cookies etc. (+/- continuing thread necro :p -- it is an interesting question though)
     
    Last edited: Dec 22, 2013
  4. ascl

    ascl Member

    Joined:
    Aug 13, 2009
    Messages:
    463
    Location:
    Sydney
    It isn't that hard to do, at least for tracking purposes, check out https://panopticlick.eff.org/ for some ideas, at least on a per browser basis. There are several companies that make money doing EXACTLY this kind of device identification.

    TOR is not necessarily going to help either, as it does nothing to ensure your browser is clean and not identifiable, it just gets rid of the direct IP layer link.

    Do not, for a second, think you are even close to anonymous on the internet, unless you have put some thought into trying to be... and no, incognito mode doesn't help as much as you'd hope :)

    And this is without getting into tin foil hat territory (although with all the NSA related news over the last year, it isn't really tin foil hat-ish these days).

    evercookie looks cool, I haven't seen that one before, cheers
     
  5. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,992
    While we are grave digging for old threads we may as well discuss, certainly in 2009 it was less possible, but today.

    50 pieces of information with only 2 options creates 1 quadrillion+ unique combinations

    25 pieces of information with 4 options creates the same.

    It takes significant less to make a pretty good estimation.

    Peoples experiences with "big data" are making it easier and easier to handle this amount of information with ease.
     
  6. OP
    OP
    Mihalis

    Mihalis Member

    Joined:
    May 22, 2009
    Messages:
    107
    What about a live CD that is used by many people, and accessing the internet only through TOR, via another PC that is set up as a gateway so Flash is forced through TOR too?

    This surely beats evercookies and browser id methods. Especially if the live CD is run in a virtual machine so the hardware is identical to millions of others, and if the virtual MAC address is randomly changed in every powerup, so even ActiveX-like native execution is hopeless then. What else?
     
    Last edited: Dec 30, 2013
  7. OP
    OP
    Mihalis

    Mihalis Member

    Joined:
    May 22, 2009
    Messages:
    107
    Does a PC set up as a gateway leave any unique traces in the packages it sends through TOR?
     
  8. ck_psy

    ck_psy Member

    Joined:
    Jan 11, 2006
    Messages:
    4,239
    Location:
    Sydney, NSW
    how hard is it to track tor?
     
  9. OP
    OP
    Mihalis

    Mihalis Member

    Joined:
    May 22, 2009
    Messages:
    107
    So only the client side could ever be uniquely identified, gateways cannot?
     
  10. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,992
    Depends on what information you wanted to track. Tor works by changing the exit point of your traffic, you could theoretically capture the IP addresses of all the gateway nodes over time. Additionally you could map latency to create a statistical method of what path that traffic might be flowing via and work out where geographically the client is.

    It all depends on your end goals, do you want to distinguish yourself from the billions of devices on the internet or only from your user base? If you are running forums as per your initial example you only need to determine that it is or is not one of the other 100k people on your forums. One could just block all TOR to stop such a situation.

    Identifying a host on 1 single source of information is impossible. Think about what is information thou.

    Using not using tor 1 bit
    using ie/mozilla/opera/chrome 2 bits (versioning adds more)
    cookie on or off 1 bit
    flash cookie on or off 1 bit
    OS version xp/vista/7/8/linux 2+ bits

    having a full cookie available probably gives you sufficient information but not having one puts you in a subset ie 90% have a cookie, 10% don't so instant removes 90k of your users that need a bigger unique key.


    as for your earlier example with the banks, yes they do this today, but they just use a confidence thing, if they find your IP and host are similar to before they treat it as a normal risk, if your ip is located in russia and you logged in via australia 10 minutes ago they treat it as high risk.

    Could you identify a host uniquely that keeps changing all the information no, could you notice a pattern and block that pattern, probably. Would that pattern also block others also probably.

    But as i said at the start it all depends on your end goal. For a bank i'd just block all TOR why would i want to allow access method that is likely to be more prone fraud etc.
     
  11. OP
    OP
    Mihalis

    Mihalis Member

    Joined:
    May 22, 2009
    Messages:
    107
    To block TOR, how many IP's would have to be blocked? Might this cost too much in CPU time? Or were you talking about telling a visitor from TOR by other means, such as too frequent change of IP, and not by comparing to a list of IP's known to be TOR?
     
    Last edited: Jan 1, 2014
  12. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,093
    Location:
    Sleepwithyourdadelaide
    I think you can determine if a user is using tor via some method, you won't know who they are but you can tell if they are using tor by checking that their ip changes country re every time your Page tracks them and then tell them they can't use the website if they are using tor.
     
  13. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,992
    I don't know if you can determine if they are using TOR, however you can find a highly likely that they are. Push the IP against a geolocation service and map it and if it moves within an unrealistic timeframe its probably TOR.
     
  14. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,093
    Location:
    Sleepwithyourdadelaide
    Yep exactly this.
     
  15. Zoltag

    Zoltag Member

    Joined:
    Aug 30, 2001
    Messages:
    703
    Location:
    London
    That only works if they arent limiting the exit IP locations ;)

    There are also plenty of legitimate reasons for a persons IP address to be different (and even come through different geo-locations) pretty much every time they go to your website.

    Basically, you cannot definitively tell whether someone is or isnt using TOR (though you can make reasonable guesses).
     
  16. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,093
    Location:
    Sleepwithyourdadelaide
    You'll get most people though.
     
  17. Zoltag

    Zoltag Member

    Joined:
    Aug 30, 2001
    Messages:
    703
    Location:
    London
    Agreed - Until they work out that you are blocking TOR users. Once they work that out, you are unlikely to catch them again (going on the assumption that most people using TOR are likely to either be highly technically savvy, or motivated enough to find out how to change their TOR installation to work with your website, which I think is a reasonable assumption).
     
  18. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,093
    Location:
    Sleepwithyourdadelaide
    I don't see why anyone would care to block TOR users.
     
  19. OP
    OP
    Mihalis

    Mihalis Member

    Joined:
    May 22, 2009
    Messages:
    107
    For the purposes of preventing trolls from coming back after getting banned, blocking TOR is desirable so that non-TOR IP ranges used by the troll can be identified and blocked too from registering another account.

    This would block some legitimate users from the same ISP from registering too, but it is better than nothing and would only be temporary anyway.

    For all IP's a TOR user gets to be in the same country, the user must change their TOR installation? Or were you referring to some other kind of TOR installation change Zoltag?
     
    Last edited: Jan 3, 2014
  20. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,992
    It would not be possible to block a tech savvy person from getting onto the forums if they were once banned without causing problems for other users.

    You would have to use other sorts of methods to limit their ability to join. Invite only, interview to join, repercussions for people that repeatedly invite trolls etc.
     

Share This Page

Advertisement: