Today in my tweet stream, someone pointed out this site and I wanted to blog about it. The site is called stayinvisible.com and offers a quick view of some of the data that is available to a web site or an attacker who can lure someone to a website.
The site displays a dump of a variety of common data that you might not be aware of that is leaking from your browser. There are also tips for hardening your browser settings and operating system against some of the methods used to dump the data.
If nothing else, it might just provide an “ah ha” moment for folks not used to the information security space. Give it a try and let us know what you think of it.
We have no association with the site, its content or the folks who run it. We just thought it was interesting. Your paranoia may vary. 🙂
What is your browser leaking? A quick post with a useful link for awareness & “ah ha” moments. http://t.co/PWD9I2Ls
Unfortunately, stayinvisible.com testing is incomplete, and they give bad advice.
For safety and utility, javascript should be turned on for sites that must have it, but remain turned off by default. This helps avoid very, very frequent drive-by script-driven compromises on sites users don’t expect or intend that they’re visiting.
stayinvisible.com does not work at all without javascript enabled for their site. Meanwhile, the user’s browser is still busy giving up information to other, more savvy sites, which don’t depend on javascript for their detecting.
stayinvisible.com should improve their game. First, they should show what browsers give up even without javascript. That’s important educational information too. Second, they should stop recommending -promiscuous- default javascripting. Promiscuity is the way to malware install hell. Users should instead let their browser have sex only with intended partners.
Until they do improve, we recommend http://ifconfig.me/ and similar sites. They’re perhaps not as pretty, but at least they do show what’s given up.