Forum

Browser fingerprinting & flash cookies
 

When I change user account does my browser fingerprint stay the same and are flash cookies from other user accounts detectable

Excellent question GrannyT! Do you log out of each user, before logging into another? I never have, and so far so good, but interested to know if it could be a problem.

Yes I log out every time. I used to run seperate machines for each account and I'm wondering if I may have to go back to that

Browser footprints are based off of various system configs like user agent, fonts installed, and resolution. It is possible to change yout footprint nevertheless.

Have you ran Panopticlick service GTran (website)? First do that to compare the 2 browsers on sep. user accounts I would say.

On the Columbo fingerprint stuff again! :p

flash in theory should not be detectable on other users. Does not mean there there could not be a glitch I heard rumours but nothing concrete.

browser fingerprint will see the fonts of your PC, they will be the same at every screen, but you can vary alot with different browser, plug-ins etc to make each a bit different

I really think Ebay is doing this now. I have no proof but im just paranoid.

Use Firefox and get the Better Privacy addon which clears out the Flash crap.

Im thinking they are using browser fingerprinting now. I just have the feeling when I lose an account that is selling low risk stuff. It makes me scratch my head. I use a new user on my comp but who knows.

They always have.

Use different browsers on each windows account. Flash cookies are not an issue in this scenario BUT ALWAYS LOG OUT OF EACH WINDOWS ACCOUNT BEFORE LOGGING IN TO ANOTHER

I use a macbook pro. I use firefox or safari. But I wasn't sure they were using browser fingerprinting for sure?

I am using a Windows OS with VMWare (A new OS for each AZ account). Does AZ have the ability to track the browsing fingerprints, flash objects, and cookies through different VMWare's OS? Reason why I asked is because they use one hard drive in different partitions (obviously), and was worried if they have the ability to see another VMWare OS Fingerprint Browsing, Flash Objects, and Cookies and link them together.

VMWare Window 7 64Bit = Primary AZ Account
VMWare Window 7 32Bit = Second AZ Account
VMWare Window XP 32Bit = Third AZ Account

Note: All under the same computer

What browsers fingerprints does eBay track, this is new to me
I thought they track name, address and ip and cookies,
Now they is so advanced, I was selling low risk m one account went down and few others did at the same, made me think of browser fingerprint when I read your post

From my understanding eBay is not advanced as Amazon (MAC Addresses).

Ive posted it in the other thread so i'll paste it in here too.

Right well FireGloves 1.1 (for firefox can be found here)
https://addons.mozilla.org/en-US/fir...es/?src=search

Notable changes you can make with it are: screen resolution, platform, user agent string, disable font detection.

You get a little icon at the bottom right of your screen, click it to enable [firegloves on] and the changes will take effect. It does add an extra layer of checking things before logging into ebay though.

So if you prefer firefox and dont want lots of different browsers just install this, change the user string to look like opera, IE and even different operating systems and change your resolution.

This website will help you find a User string that makes sense (stick to browsers list)
UserAgentString.com - List of User Agent Strings

This should be more than enough if you are paranoid.

Of course, still have different user accounts. This just allows you to change operating system, browser, resolution conveniently :)

thanks genius, there is also one called user agent switcher. I tested both add-ons and they work when inputted, but as soon as you close browser and try again the old correct default user string is back again, therefore either I am doing something wrong, or you must input the user string before every ebay log-in.....

I resolved this by finding an add-on called UA controls, it outputs user string on site by site basis, so I added panopticclick, ebay and paypal urls...plus the string i wanted and it held on to preferences after browser shut down...

Thats strange. Everything stays put for me but I do have to turn firegloves on every time I open the browser. I like your way better though because I dont have to enable it every time, but then resolution and font support is lost.

We probably underestimate ebay sometimes. They outsource a lot of their security work to microsoft and I certaintly wouldnt be surprised if they're using browser fingerprints. Just today I found a small exploit when listing an item which... lets just say would have increased sales exponentially... 5 minutes later I got a call from microsoft security who ebay outsource to who told me off :bolt:

I was not provided with a button to turn on firegloves each time, I will look in to that, but yes as you say easy to forget to do it.

interesting point re the outsourcing, very...

i think you have to use Ctrl + \ to make the lower bar to appear.
I also found out that with fireglove, use Ctrl+Shift+P will makes your browser go into private mode.

Any of you who using firegloves tried the private mode? it seems really nice feature.

Wouldn't use private mode mate. It doesnt store cookies and ebay is like the cookie monster.

Private Browsing is actually a firefox feature it's there even without firegloves.

than i think i have to turn on the fireglove everytime i open a new tab.

just wondering would you use fireglove on paypal as well? Or just ebay?

The Firegloves plugin is somewhat flaky outside of private browsing mode right now. It turns off whenever you open a page in a new tab & it wrecks some sites when you use the block fonts options (ex. IPburger goes haywire). The developer plans to fix most of this in the next update.

That being said, If eb ever starts tracking system fonts it would be an epic disaster! Those unique list of fonts matched up with a very unique user agent string would be instant identification regardless of separate windows users. :rip:

On eb I use windows users or sandboxie to separate cookies. I use Quick java plugin to disable flash (blocks flash cookies, system font & browser plugin detection), then i use Firegloves plugin to set up a unique agent profile for every stealth...

Random browser... (safari 5.0 5.1, IE 8-10, Firefox 9-11 , Chrome 17-19)
Random OS... (mac osx, ipad, linux, xp, win 7, nt, vista)
Random resolutions... (1024x768, 1366x768, 1280x800, 1440x900, 1280x1024, 1920x1080, 1600x900, 1680x1050)
Time zone... matching timezone of stealth

^^^^ tons of unique combinations :spy:.

Compete overkill for eb? Probably, but who knows when eb will eventually turn into Az :shhh::croc:

Do you turn everything off in firegloves? The Language code always has to be en, right? How do you find out the User agent string settings? Do you use only en-us at "Accept language" section?
I was thinking about using the random setting in firegloves on my basic account(where I don't use ebay at all), and I use those settings to set up the combinations for my new accounts. Is that a stupid idea? Also, if I do something stupid in firegloves, let's say I would enter Windows 20 at the OS section, would ebay notice that? I think it's a great extra layer of security but I don't want to make a stupid mistake.
thank you!

This is really boggling my brain, lol. I have a lot of custom fonts on my pc which makes browser fingerprint unique. Anyone suggest the best method to follow from above? Once these extra security measures are in place can eb/pp still check old browser fingerprints?

Whiteberry

I only enter resolution & timezone + string, block fonts & plugin detect. (fonts block screws up some sites right now)

The other information is already in the string...

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6

^^^ Windows 7 64 bit os, Chrome version 20 browser


Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.7.62 Version/11.00

^^^ Linux 64 bit os, english, Opera version 11 browser


Mozilla/5.0 (iPad; U; CPU OS 4_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8F190 Safari/6533.18.5

^^^ ipad 2, ios 4.3 os, english, safari 5.0 browser


It's scary how much information can be retrieved about your computer. That being said, this stuff is overkill for eb. It's not necessary right now, but it's easy to set it up, so I just do it anyway.

Get an old PC and do a fresh, standard install of the OS. Use that for stealth, not your personal machine.

Then muck about with the UA stuff too.