mirror of
https://github.com/arkenfox/user.js.git
synced 2024-11-25 20:11:38 +01:00
Updated Appendix A Test Sites (markdown)
parent
eb9fc9fbcd
commit
f6251dcdae
@ -1,77 +1,58 @@
|
|||||||
Here is a list of various websites in which to test your browser. You should enable Javascript (JS) on these sites for the tests to present a worst-case scenario. In reality, you can control JS and XSS (cross site scripting) on sites with extensions such as uBlock Origin to reduce the possibility of fingerprinting attacks
|
🟩 FOREWORD
|
||||||
|
|
||||||
|
These are tests that are not specifically for fingerprinting purposes, which you can find in Appendix B
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
🟪 **BROWSERS**
|
||||||
|
|
||||||
🟪 Browser Comparison [Defaults]
|
|
||||||
- [PrivacyTests.org](https://privacytests.org/) - **h**ttps://privacytests.org/ <sup>[github](https://github.com/arthuredelstein/privacytests.org)</sup>
|
- [PrivacyTests.org](https://privacytests.org/) - **h**ttps://privacytests.org/ <sup>[github](https://github.com/arthuredelstein/privacytests.org)</sup>
|
||||||
|
- Not a test, but a weekly independent report of how default browsers hold up with regards in various privacy aspects
|
||||||
|
|
||||||
🟪 Fingerprinting
|
---
|
||||||
|
|
||||||
These are good sources to grab information on your results in one hit, but [do not read too much into their entropy figures](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-%EF%B8%8F-anti-fingerprinting-extensions-fk-no) as the data is tainted, and don't assume you are a fingerprint expert, see [Testing your fingerprint](https://matt.traudt.xyz/p/SkxEFK1m.html#testing-your-fingerprint)
|
#### 🟪 MOZILLA <sup>[github](https://github.com/mozilla/itisatrap)</sup>
|
||||||
|
|
||||||
- [Am I Unique?](https://amiunique.org/) - **h**ttps://amiunique.org/
|
|
||||||
- [Cover Your Tracks](https://coveryourtracks.eff.org/) - **h**ttps://coveryourtracks.eff.org/ [formerly Panopticlick] <sup>[github](https://github.com/EFForg/cover-your-tracks)</sup>
|
|
||||||
- [CreepJS](https://abrahamjuliot.github.io/creepjs/index.html) - **h**ttps://abrahamjuliot.github.io/creepjs/index.html <sup>[github](https://github.com/abrahamjuliot/creepjs)</sup>
|
|
||||||
- Additional tests listed in the footer
|
|
||||||
- [Device Info](https://www.deviceinfo.me/) - **h**ttps://www.deviceinfo.me/
|
|
||||||
- [DuckDuckGo](https://privacy-test-pages.glitch.me/privacy-protections/fingerprinting/) - **h**ttps://privacy-test-pages.glitch.me/privacy-protections/fingerprinting/ <sup>[github](https://github.com/duckduckgo/privacy-test-pages)</sup>
|
|
||||||
- there are also additional various privacy tests on the landing page
|
|
||||||
- [FingerprintJS](https://fingerprintjs.github.io/fingerprintjs/) Basic Version - **h**ttps://fingerprintjs.github.io/fingerprintjs/
|
|
||||||
- [Vytal](https://vytal.io/) - **h**ttps://vytal.io/
|
|
||||||
|
|
||||||
|
|
||||||
🟪 Multiple Tests [multi-page]
|
|
||||||
- [BrowserLeaks](https://www.browserleaks.com/) - **h**ttps://www.browserleaks.com/
|
|
||||||
- [CanvasBlocker Test Pages](https://canvasblocker.kkapsner.de/test/) - **h**ttps://canvasblocker.kkapsner.de/test/
|
|
||||||
- [Privacycheck](https://privacycheck.sec.lrz.de/index.html) - **h**ttps://privacycheck.sec.lrz.de/index.html
|
|
||||||
* [ETag](https://privacycheck.sec.lrz.de/passive/fp_etag/fp_etag.php) - **h**ttps://privacycheck.sec.lrz.de/passive/fp_etag/fp_etag.php
|
|
||||||
|
|
||||||
🟪 Multiple Tests [single page]
|
|
||||||
- [Do I Leak?](https://www.doileak.com/) - **h**ttps://www.doileak.com/
|
|
||||||
- [HTML5 Test](https://html5test.com/) - **h**ttps://html5test.com/
|
|
||||||
- [IP/DNS Leak](https://ipleak.net/) - **h**ttps://ipleak.net/
|
|
||||||
- [IP Duh](https://ipduh.com/anonymity-check/) - **h**ttps://ipduh.com/anonymity-check/
|
|
||||||
- [Permissions](https://permission.site/) - **h**ttps://permission.site/
|
|
||||||
* [GitHub](https://github.com/chromium/permission.site) - **h**ttps://github.com/chromium/permission.site
|
|
||||||
- [Whoer](https://whoer.net/) - **h**ttps://whoer.net/
|
|
||||||
|
|
||||||
🟪 Encryption / Ciphers / SSL/TLS / Certificates
|
|
||||||
- [JA3](https://ja3er.com/) - **h**ttps://ja3er.com/
|
|
||||||
- [BadSSL](https://badssl.com/) - **h**ttps://badssl.com/
|
|
||||||
- [Qualys SSL Labs](https://www.ssllabs.com/ssltest/viewMyClient.html) - **h**ttps://www.ssllabs.com/ssltest/viewMyClient.html
|
|
||||||
- [Fortify](https://www.fortify.net/sslcheck.html) - **h**ttps://www.fortify.net/sslcheck.html
|
|
||||||
- [How's My SSL](https://www.howsmyssl.com/) - **h**ttps://www.howsmyssl.com/
|
|
||||||
|
|
||||||
🟪 Mozilla's Safe Browsing, Tracking Protection <sup>[github](https://github.com/mozilla/itisatrap)</sup>
|
|
||||||
- [Attack](https://itisatrap.org/firefox/its-an-attack.html) - **h**ttps://itisatrap.org/firefox/its-an-attack.html
|
- [Attack](https://itisatrap.org/firefox/its-an-attack.html) - **h**ttps://itisatrap.org/firefox/its-an-attack.html
|
||||||
- [Blocked](https://itisatrap.org/firefox/blocked.html) - **h**ttps://itisatrap.org/firefox/blocked.html
|
- [Blocked](https://itisatrap.org/firefox/blocked.html) - **h**ttps://itisatrap.org/firefox/blocked.html
|
||||||
- [Malware](https://itisatrap.org/firefox/unwanted.html) - **h**ttps://itisatrap.org/firefox/unwanted.html
|
- [Malware](https://itisatrap.org/firefox/unwanted.html) - **h**ttps://itisatrap.org/firefox/unwanted.html
|
||||||
- [Phishing](https://itisatrap.org/firefox/its-a-trap.html) - **h**ttps://itisatrap.org/firefox/its-a-trap.html
|
- [Phishing](https://itisatrap.org/firefox/its-a-trap.html) - **h**ttps://itisatrap.org/firefox/its-a-trap.html
|
||||||
- [Tracking](https://itisatrap.org/firefox/its-a-tracker.html) - **h**ttps://itisatrap.org/firefox/its-a-tracker.html
|
- [Tracking](https://itisatrap.org/firefox/its-a-tracker.html) - **h**ttps://itisatrap.org/firefox/its-a-tracker.html
|
||||||
|
|
||||||
🟪 Other
|
---
|
||||||
- [AudioContext](https://audiofingerprint.openwpm.com/) - **h**ttps://audiofingerprint.openwpm.com/
|
|
||||||
- [Cache Fingerprinting](https://cookieless-user-tracking.herokuapp.com/) - **h**ttps://cookieless-user-tracking.herokuapp.com/
|
#### 🟪 SSL
|
||||||
* It does this by assigning a unique variable in a cached script (see [#436](https://github.com/arkenfox/user.js/issues/436#issuecomment-392069853))
|
|
||||||
* Article: https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
|
- [BadSSL](https://badssl.com/) - **h**ttps://badssl.com/
|
||||||
|
- [How's My SSL](https://www.howsmyssl.com/) - **h**ttps://www.howsmyssl.com/
|
||||||
|
- [Qualys SSL Labs](https://www.ssllabs.com/ssltest/viewMyClient.html) - **h**ttps://www.ssllabs.com/ssltest/viewMyClient.html
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 🟪 OTHER
|
||||||
|
|
||||||
- [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester
|
- [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester
|
||||||
- [CSS History Leak](https://earthlng.github.io/testpages/visited_links.html) <sup>1</sup> - **h**ttps://earthlng.github.io/testpages/visited_links.html
|
- [CSS History Leak](https://earthlng.github.io/testpages/visited_links.html) <sup>1</sup> - **h**ttps://earthlng.github.io/testpages/visited_links.html
|
||||||
- CSS Media: disable JS, resize the browser with the tests open
|
|
||||||
* [@media window size leak](https://demos.traudt.xyz/css/media/index.html) - **h**ttps://demos.traudt.xyz/css/media/index.html
|
|
||||||
* [screen & inner window measurements](https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html) - **h**ttps://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
|
|
||||||
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
|
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
|
||||||
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
|
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
|
||||||
|
- [Do I Leak?](https://www.doileak.com/) - **h**ttps://www.doileak.com/
|
||||||
- [Firefox Storage Test](https://firefox-storage-test.glitch.me/) - **h**ttps://firefox-storage-test.glitch.me/
|
- [Firefox Storage Test](https://firefox-storage-test.glitch.me/) - **h**ttps://firefox-storage-test.glitch.me/
|
||||||
- [HTML5](https://www.youtube.com/html5) - **h**ttps://www.youtube.com/html5
|
- [HTML5](https://www.youtube.com/html5) - **h**ttps://www.youtube.com/html5
|
||||||
|
- [HTML5 Test](https://html5test.com/) - **h**ttps://html5test.com/
|
||||||
|
- [IP/DNS Leak](https://ipleak.net/) - **h**ttps://ipleak.net/
|
||||||
|
- [IP Duh](https://ipduh.com/anonymity-check/) - **h**ttps://ipduh.com/anonymity-check/
|
||||||
- [IPv6 Leak](https://ipv6leak.com/) - **h**ttps://ipv6leak.com/
|
- [IPv6 Leak](https://ipv6leak.com/) - **h**ttps://ipv6leak.com/
|
||||||
- [Keyboard Events](https://w3c.github.io/uievents/tools/key-event-viewer.html) - **h**ttps://w3c.github.io/uievents/tools/key-event-viewer.html
|
- [Keyboard Events](https://w3c.github.io/uievents/tools/key-event-viewer.html) - **h**ttps://w3c.github.io/uievents/tools/key-event-viewer.html
|
||||||
* [Hotkeys Testing](https://rawgit.com/jeresig/jquery.hotkeys/master/test-static-01.html) - **h**ttps://rawgit.com/jeresig/jquery.hotkeys/master/test-static-01.html
|
- [Hotkeys Testing](https://rawgit.com/jeresig/jquery.hotkeys/master/test-static-01.html) - **h**ttps://rawgit.com/jeresig/jquery.hotkeys/master/test-static-01.html
|
||||||
|
- [Permissions](https://permission.site/) - **h**ttps://permission.site/
|
||||||
|
- [GitHub](https://github.com/chromium/permission.site) - **h**ttps://github.com/chromium/permission.site
|
||||||
- [Ping Spotter](https://armin.dev/apps/ping-spotter/) - **h**ttps://armin.dev/apps/ping-spotter/
|
- [Ping Spotter](https://armin.dev/apps/ping-spotter/) - **h**ttps://armin.dev/apps/ping-spotter/
|
||||||
- [Popup Killer](https://www.kephyr.com/popupkillertest/index.html) - **h**ttps://www.kephyr.com/popupkillertest/index.html
|
- [Popup Killer](https://www.kephyr.com/popupkillertest/index.html) - **h**ttps://www.kephyr.com/popupkillertest/index.html
|
||||||
- [Punycode](https://www.xn--80ak6aa92e.com/) - **h**ttps://www.xn--80ak6aa92e.com/ (www . apple . com)
|
- [Punycode](https://www.xn--80ak6aa92e.com/) - **h**ttps://www.xn--80ak6aa92e.com/ (www . apple . com)
|
||||||
* [Article](https://www.xudongz.com/blog/2017/idn-phishing/) by author of PoC
|
- [Article](https://www.xudongz.com/blog/2017/idn-phishing/) by author of PoC
|
||||||
- [Redirects](https://jigsaw.w3.org/HTTP/300/Overview.html) - **h**ttps://jigsaw.w3.org/HTTP/300/Overview.html
|
- [Redirects](https://jigsaw.w3.org/HTTP/300/Overview.html) - **h**ttps://jigsaw.w3.org/HTTP/300/Overview.html
|
||||||
- [Referer Headers](https://www.darklaunch.com/tools/test-referer) - **h**ttps://www.darklaunch.com/tools/test-referer
|
- [Referer Headers](https://www.darklaunch.com/tools/test-referer) - **h**ttps://www.darklaunch.com/tools/test-referer
|
||||||
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
|
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
|
||||||
- [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc
|
|
||||||
- [XSinator](https://xsinator.com/testing.html) - **h**ttps://xsinator.com/testing.html
|
- [XSinator](https://xsinator.com/testing.html) - **h**ttps://xsinator.com/testing.html
|
||||||
|
|
||||||
<sup>1</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites. For best results:
|
<sup>1</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites. For best results:
|
||||||
|
Loading…
Reference in New Issue
Block a user