Private window does not hide identity?

I've been reading that private window still does not prevent sites from knowing it's your computer or phone making the search. Is this true? Thanks

There may be some alternative facts that keep your computer hidden

But here is what happens with private browsing in Safari:
While utilizing Private Browsing, cookies and other files are not saved on your hard drive. Your entire browsing and search history are automatically wiped out.

Yes Ira, but I've been hearing that your browser leaves a digital fingerprint? They can still knows it's your computer again?

If you are that concerned about privacy your best bet is to use a VPN (Virtual Private Network). There are around 100 different ones available through the App Store for either iOS or MacOS. Some are free, but generally you get what you pay for.

This Wikipedia Article explains how they work.

Joe maybe I'm PM you to describe the goal if needed,(offline) but in short, can I just ask your opinion on this specific question:

If I'm in private browser mode, firefox, safari, or Chrome, and I search in Google soemthing, and I do this at various locations, with different IPs, will Google (as an example with their vast echnology), recognize it's the same laptop, or ihpone doing the searches even though I'm in private mode and different ips?? I understand that private mode deletes the cache, but others say now they still may know its the same computer because of a "digital fingerprint"

https://thehackernews.com/2017/02/cross-browser-tracking.html

or is this BS?

The "private" in private browsing is more to keep others who might use your browser or computer from knowing where you have been. As the earlier post stated, cookies, history, etc. are deleted. Nothing seems to be saved to the computer.

This is completely different from a web site recognizing you while you are browsing. It does not seem to be that type of "private". In fact, even with private browsing, you may want a cookie to exist during your browsing session. It just won't be there when you leave private browsing.

Ira/ Joe, let me aks it this way:

Can I search something in Google, and Google only, it's a Google project experiment, and maybe use a VPN, which I've never done before, move to different locations/ different IP, and they would not know the search is from my computer? Is this possible? And you are definitive that private browser would not achieve that even though it clears cache cookies....

Set it up with DuckDuckGo, which allows you to use whatever search engine (eg, Google) you like without leaving "tracks".
But it does take a bit longer to search because of the circuitous route.

Tacit may have something to offer on this but from the article you cited it appears that at this time there is no way of hiding your digital signature from this technique as It is based upon detectable/harvestable hardware and software information. That does not identify you specifically, it identifies your computer. So anyone using your computer is you. This appears to have nothing to do with cookies or cache files which means Private Browsing would be ineffectual.

A VPN provides a reasonably secure encrypted data path between you and the VPN server. Any site you access through the VPN server will see the VPN server and not you. I don't know enough about this technique to speculate on how completely this would hide you. I venture it would hide you at least to some degree.

In the meantime, given the amount of money involved, I am willing to speculate that...

This technology will spread rapidly and will be significant enhanced
Other developers will be spending a lot of time and effort developing ways to block this kind of data gathering
Some congressman or senator will introduce legislation to make it illegal to block that type of data gathering and someone from the other party will introduce legislation making that type of data gathering illegal. Neither will make it out of committee because it will be too hot a political issue
Some sites will attempt to deny access if they cannot capture this data from your computer and others will offer not to gather the data if you pay a "subscription fee" (in the latter case you end up giving them the information they want and pay for the privelege)
All of the above
Some of the above

Thanks Grebler: Would Google perceive Duck as a proxy? If so then it's no good, as they don't count proxies, or see a proxy as a real user. For this project, my computer has to look like a unique new user.

Thanks Joe: Same question as to VPN: Does Google perceive a VPN as proxy? If so then it's no good, as they don't count proxies, or see a proxy as a real user.

Also can one use, if works, VPN on iphone or only laptop?

Your conjecture / points good. you are saying that this digital fingerprinting may eventually be outlawed?

If Tacit is out there, please pine in!

But for all intents purposes Joe, If I search something on Google, from a new isp, coffeehouse, even with private browser, on iphone/ laptop, and then another isp, at new cafe, in private, cache cleared/ cookies cleared/ Private, yet Google knows it me still? My iphone/ laptop again? Crazy.

Is the nature of your project such that you can go to various Internet cafes, do whatever you want to do on their computers, and email the results to yourself?

Originally Posted By: kevs

...you are saying that this digital fingerprinting may eventually be outlawed?

He suggested that it's a possibility, as is its being classified as legal and disabling it being outlawed.

Originally Posted By: kevs

Thanks Joe: Same question as to VPN: Does Google perceive a VPN as proxy? If so then it's no good, as they don't count proxies, or see a proxy as a real user.

I can't answer that one, but it would be worth trying.

Originally Posted By: kevs

Also can one use, if works, VPN on iphone or only laptop?

Desktop, Laptop, Tablet, or SmartPhone all can use VPN provided the VPN provider has a client for each of the platforms. There are many that cover both MacOS and iOS on the App Store.

Originally Posted By: kevs

Your conjecture / points good. you are saying that this digital fingerprinting may eventually be outlawed?

Given the attitude of current White House, House of Representatives, and Senate toward enriching business interests at the expense of the public and their aversion to anyone's privacy but their own the odds of that happening are somewhere between razor thin and none. That doesn't mean legislation against it won't be introduced â€” it might, but it will never get out of committee.

Originally Posted By: kevs

But for all intents purposes Joe, If I search something on Google, from a new isp, coffeehouse, even with private browser, on iphone/ laptop, and then another isp, at new cafe, in private, cache cleared/ cookies cleared/ Private, yet Google knows it me still? My iphone/ laptop again? Crazy.

Have you deleted all the cookies in all your browsers? Google has its tentacles in lots of cookies that do not bear its name. Try deleting all cookies, flushing all caches, and set Safari Preferences > Privacy to

Always block Cookies and website data
Deny without prompting Website use of location data
Avoid e-commerce and financial websites

That will of course make the use of many web sites problematic at best and most e-commece sties unusable. Even with that Google has some very sophisticated algorithms that can make some surprisingly reliable guess about you from minuscule amounts of information.

Thanks Joe, I have to know if they see VPN as a proxy, before investing time/ money into that... there is no test for it, someone has to know and tell me.

Maybe just email VPN companies?

For laptop, I see the other 2 , but where is, Avoid e-commerce and financial websites?

For iphone, Safari: block cookies, and at bottom clear history and website data. Once all that is done and I oprn a private window, at a new isp/ cafe, do you think with digital fingerprinting, I'm a new user to Google then?

BTW if anyone knows how to clear all that stuff with Chrome and Firefox for laptop and iphone please post. thanks!

Originally Posted By: kevs

but where is, Avoid e-commerce and financial websites?

A large percentage of e-commerce, and in the final analysis financial sites are e-commerce, use and contribute data to Google analytics even to the extent of embedding Google analytics into their cookies/ Those cookies in turn are essential to the functioning of most shopping carts, and cannot work if their cookies are blocked. E-commerce pays Google's bills.

Originally Posted By: joemikeb

Originally Posted By: kevs

but where is, Avoid e-commerce and financial websites?

A large percentage of e-commerce, and in the final analysis financial sites are e-commerce, use and contribute data to Google analytics even to the extent of embedding Google analytics into their cookies/ Those cookies in turn are essential to the functioning of most shopping carts, and cannot work if their cookies are blocked. E-commerce pays Google's bills.

Your post had "Avoid...." bulleted, and made it look like a setting.

Originally Posted By: kevs

Thanks Grebler: Would Google perceive Duck as a proxy? If so then it's no good, as they don't count proxies, or see a proxy as a real user. For this project, my computer has to look like a unique new user.

Here are a couple of articles which may help you in your quest:

How to Muddy Your Tracks on the Internet

The paranoid computer user's guide to privacy, security and encryption

thanks G is duckduckgo.com considered a proxy by google? Can what Joe outlined to do with Safari compare to Duckgo?

Originally Posted By: kevs

thanks G is duckduckgo.com considered a proxy by google? Can what Joe outlined to do with Safari compare to Duckgo?

I can't answer either question. Those more familiar with the inner machinations will have to chime in.

Question: is it possible to have 2 versions of Safari, Firefox, Chrome on your desktop/ laptop? One for normal searching, and one unmodified for more private searching?

Yes as long asâ€¦

you install a copy of the browser in the /Users/username/Applications folder on separate user accounts and
Remove all internet plug-ins from /Library/Internet Plug-Ins and install a custom set in /Users/username/Library/ Internet Plug-ins in each account
Then login to the different accounts to use the different copies of the browser.

If your browser is Safari or one of the third party bowsers, email clients, etc. that use Apple's webkit they may still be using the webkit that is embedded in OS X. You could get around that by using multiple drives each with a unique installation (not a clone) and booting from the "private" drive(s) when wish a high degree of hiding your browsing.

But even if you go to all that trouble, neither your ISP address nor the tell-tale signs that it's "your" computer are hidden or even disguised, correct?

Thanks Joe, turns out 'may" not need to. I've been testing 2 browsers that are brand new on my laptop with Panopticlick, and they test as "nearly unique fingerprint". The have no records of any thing, so I don't think I'll get a better score than that.

That is as good as I think one can get.

Then I tweaked a few settings and even Safari, Firefox, Chrome achieved "nearly unique" too.

Artie, yes, I can move to new internet cafe of friends, libraries etc for a new IP, and use private window-- but as others have pointed out, Google and many will use this digital fingerprint now.
Though on iphone chrome still says unique, not nearly unique.

Do you know this site? Seems to be the best tester of this stuff. Can one get better than "nearly unique"?

As far as installing -- a copy of the browser in the /Users/username/Applications folder on separate user accounts --

Sounds a bit hairy, but I could try...

Originally Posted By: kevs

Artie, yes, I can move to new internet cafe of friends, libraries etc for a new IP, and use private window-- but as others have pointed out, Google and many will use this digital fingerprint now.

You misread, kevs; my suggestion was that you move from cafe to cafe and use their computers, NOT your own. (I know I posted that suggestion, but I can't find it now; anybody know where it is?)

I had never heard of Panopticlick, so I checked it out, and my browser, like yours, "has a nearly-unique footprint"; I wonder what that means to Google, et al?

joemike's installation instructions aren't complicated, kevs, with the only hitch being that you may not have the designated applications folders in /Users/yourshortusername. In that case, simply create one (command-shift-N) and it will even take on an "Applications" icon. (Note that any folder he mentioned that you haven't got in the location he designated can be created in the same manner.)

Thanks Artie, cafe's don't provide a computer for you, so that wont work.

As I was saying, I downloaded two new browsers opera and vivaldi, and tweaked the settings to be a private as possible, and still they fared no better than, "nearly unique".

I think I found that out between posting and Joe's response.

If you have the energy to download a clean copy of Safari/ Chrome/ Firefox and see if you do better than "nearly unique", I'd love to know!

Originally Posted By: kevs

Thanks Artie, cafe's don't provide a computer for you, so that wont work.

As I was saying, I downloaded two new browsers opera and vivaldi, and tweaked the settings to be a private as possible, and still they fared no better than, "nearly unique".

Am I that far out of the loop?

Aren't there still places where you can walk in and rent a computer by the hour, and don't libraries have computers for those in need any more?

Have cell phones done that much damage?

Maybe you're going in the wrong direction, kevs. Have you tried testing your browsers with NO (-0-) protection which would put them more in the range of "the common man"?

Artie, libraries are good, but very few. Cafes are all over.

What is NO (-0-) protection ?

Originally Posted By: kevs

Artie, libraries are good, but very few. Cafes are all over.

What is NO (-0-) protection ?

So the cafes don't have rental computers any more, and there aren't enough libraries to allow you to complete your project?

You said that you "tweaked the settings to be a private as possible, and still they fared no better than, nearly unique".

You don't want your Mac to be unique, because that's how the bad guys identify it as the same computer each time regardless of your privacy settings, so I'm suggesting that if you leave your settings "wide open", i.e. with NO protection enabled, it will become more generic and "nearly unique" may turn to something less identifiable, "one of millions", hopefully.

I think you have it backwards Artie.

Unique is worse than nearly unique.

If it's unique, you are more identifiable than nearly unique.

Has anyone see any other result than those 2! I have not.

Originally Posted By: kevs

I think you have it backwards Artie.

Unique is worse than nearly unique.

If it's unique, you are more identifiable than nearly unique.

Has anyone see any other result than those 2! I have not.

Got it straight, kevs; I said "You don't want your Mac to be unique....", and turning your privacy settings off will make it less "nearly unique" than it is now.

Originally Posted By: artie505

Am I that far out of the loop?

Aren't there still places where you can walk in and rent a computer by the hour, and don't libraries have computers for those in need any more?

I live in the 16th largest city in the United States and internet cafes with computers you could use were never that popular in this neck of the woods, but now that so many venues offer free WiFi the few that did exist have either closed or given up their computers and customers bring their own laptops, tablets, and smart phones. The only places I know that offer computers for their customers to use on the internet are high end auto dealership service waiting rooms (and those are phasing out the computers in favor of carrels where you can use your own device in private), a high end car wash, and public libraries (my nephew, the head of a rather large city library system, tells me their computers are primarily used to access the online card catalog but people do drop in the take advantage of their free WiFi).

Originally Posted By: artie505

Have cell phones done that much damage?

Damage???

If you insist on assessing blame, it isn't the CELL phone that is to blame it would be the SMARTphone and free WiFi used by a variety of businesses to attract customers with minimal investment.

I do volunteer work with the homeless, with refugees, and underprivileged and fifteen to twenty years ago a pager (remember pagers?) was an essential tool for getting a job and for survival beyond bare existence, five to ten years ago the pager had evolved to a cell phone, and today it is a smart phone. I have known homeless to forego a meal in order to pay for data services.

School districts are more and more often issuing tablets to every student and installing MiFi towers in public and private apartment complexes catering to low income families. Those tablets are required for the students to get their assignments, do their school work, as well as communication between the teachers and parents.

To me that is not damage, it is EVOLUTION. Whether you are in or out of the loop seems to me a personal choice and neither right or wrong, it is your choice.

Originally Posted By: joemikeb

Tacit may have something to offer on this but from the article you cited it appears that at this time there is no way of hiding your digital signature from this technique as It is based upon detectable/harvestable hardware and software information. That does not identify you specifically, it identifies your computer. So anyone using your computer is you. This appears to have nothing to do with cookies or cache files which means Private Browsing would be ineffectual.

Yes, that's exactly correct.

I just checked my browser's digital signature via Panopticlick with private browsing on and off. I was easily identified both ways.

Ditto for using a VPN; I have private VPNs set up in Portland and Vancouver, and again, my browser fingerprint could be identified.

Private browsing protects you from someone else sitting at your computer and seeing what you've been up to. It does not in any way prevent a sufficiently skilled server owner from fingerprinting your computer.

Thanks Tacit
I'll been testing Panopticlick, and I got some browsers to go from having a digital fingerprint to nearly having one, which I assume is better!

But I have not see it better than nearly having, even with brand new browsers I downloaded with a total clean slate (and doing a quick tweak on settings).

Have you or anyone else seen a better score than "nearly unique"?

Don't forget that part (much?) of your "fingerprint" is hardware/software related; it's not limited to your browser settings.

Edit: Have you tried Safari > Develop > Disable Extensions to see if your Panopticlick results change?

Update, this Chrome extension claims to create a (not) unique fingerprint, but I tested it in panopticlick and it did not. Maybe someone else can give it a whirl and let me know if you succeed?

https://chrome.google.com/webstore/detail/rubberglove/koabfojebhfdjnligkcihoeekimoekpg

I checked out TOR (originally a Defense Advanced Projects Agency project) and according to Panopticlick when taken together with Badger (which installs from the Panopticlick site) it provides partial protection of the fingerprint at the medium level of protection and full fingerprint protection at the maximum level. The downside of all this is with medium level protection there are web sites that either will not work or will work only when specific permissions are given. At the top protection level a LOT of web sites will not work because so much functionality is turned off.

It routes through the TOR network and for example the routing to reach FineTunedMac is going from my browser to France, thence to the Netherlands, then to another Netherlands site, and finally to the internet. All that international routing does make it a touch slower. There are too many other security features to go into here, but if you are security conscious it is worth a look.

Joe, have you or anyone seen Panopticlick give a verdict of anything other than unique or near unique fingerprint? I haven't.

This plug claims to achieve that, but I tested it to no avail:

https://chrome.google.com/webstore/detail/rubberglove/koabfojebhfdjnligkcihoeekimoekpg

Only thing so far I've stumbled upon that talks about achieving that.

Rubber Glove will reduce the uniqueness of your signature, but not remove it entirely. The developers are still actively developing it, and each update removes more and more unique identifying bits of information.

Originally Posted By: kevs

Joe, have you or anyone seen Panopticlick give a verdict of anything other than unique or near unique fingerprint? I haven't.

You obviously didn't read the post to which you just responded.

Originally Posted By: joemikeb

...according to Panopticlick when taken together with Badger (which installs from the Panopticlick site) [Tor] provides partial protection of the fingerprint at the medium level of protection and full fingerprint protection at the maximum level. (Emphasis added)

Is there some aspect of Chrome that enables RubberGlove to developed for it, but not for Safari, or is it simply developer choice?

Artie I read the post and I asked, and I'm still asking: Tacit others:

anyone seen Panopticlick give a verdict of anything other than unique or near unique fingerprint? I haven't.

Those are the only 2 results I have ever seen.

Tacit, thanks. I'm not even sure Rubber Glove works, I click the hand and then start Panopticlick, and the result is: you have a unique fingerprint. Which is not even as good as I get on my own, the "you have a nearly unique fingerprint".

Of course, maybe I'm not using it correctly I have no idea.

BTW, in the Panopticlick, analysis, it seems, that system font reading is 90% of that fingerprint? If one could block that...

Originally Posted By: kevs

Artie I read the post and I asked, and I'm still asking: Tacit others:

anyone seen Panopticlick give a verdict of anything other than unique or near unique fingerprint? I haven't.

One of us is missing something here, kevs.

joemike reported "partial protection of the fingerprint at the medium level of protection and full fingerprint protection at the maximum level", which, respectively, surpass and far surpass "unique or near unique fingerprint", while using Tor.

Why isn't that a positive answer to your question?

ARtie,

Partial protection and full protection are not terms that define the results after clicking the test button, and hence, have nothing to do with my question.

They may describe something Joe is talking about, (which I don't fully understand), but my question is about something totally different with different terminologies.

Have you run the test?

Aaah! Okay, I see where you're at.

It sounds to me as if joemike's terms, while they're not specifically Panopticlick terms, do answer your question, albeit obliquely, but it's now up to him to say aye or nay.

I've run Panopticlick from Safari, the only browser I regularly use, and it rated me "almost unique", which doesn't bother me, because so much of me is already out there that trying to stop the flow of innocuous info at this point seems to me to be wasted effort; my preference is to keep the innocuous stuff flowing to whatever degree is beyond my ability to squelch without going to extremes and to use Tor if I've got something to hide.

I think "hiding" should be more within the purview of kids who are starting out fresh on the Internet and, of course, people who've got a specific purpose in mind.

BTW side note: I was able to keep seeing Washington Post Online, even with their article limit by clearing cache, but that does not work anymore suddenly. Are they using fingerprinting?

In an attempt to clarify my previous post. There are two software elements involved...

The TOR browser (donationware)
Badger (freeware)

The TOR browser has three user selectable levels of security

Low (default)
Medium
High

On the LOW setting all normal browser functions are sup0orted and Panopticlick reports

Is your browser blocking tracking ads: âœ“ Yes
Is your browser blocking invisible trackers: âœ“ Yes
Does your browser unblock 3rd parties that promise to honor Do Not Track? No
Does your browser protect from fingerprinting? Partial

On the MEDIUM setting Javascript performance otions are disabled, scripts may run more slower, HTML 5 runs click to play, some math functions are dusabled, some font rendering options are disabled and Panopticlick reports

Is your browser blocking tracking ads: âœ“ Yes
Is your browser blocking invisible trackers: âœ“ Yes
Does your browser unblock 3rd parties that promise to honor Do Not Track? No
Does your browser protect from fingerprinting? Partial Protection

On the MAXIMUM setting Javascriot is disabled, Javascript performance otions are disabled, scripts may run more slower, HTML 5 runs click to play, some math functions are dusabled, some font rendering options are disabled and Panopticlick reports

Is your browser blocking tracking ads: âœ“ Yes
Is your browser blocking invisible trackers: âœ“ Yes
Does your browser unblock 3rd parties that promise to honor Do Not Track? No
Does your browser protect from fingerprinting? âœ“ YES

NOTES:

With Medium and high level protection settings you can allow some protection features to be turned off on a site by site basis.
Without Badger Tor does not report any blocking of tracking ads or invisible trackers.
traffic is routed through a variety of domestic and European servers to disguise your origin and you can change the routing on the fly â€” I have two tabs open at the moment and and each is going through a different set of overseas servers.
you can spoof almost any make browser you desire.

For iOS

The TOR browser per se is not available for iOS devices, however there are several TOR based browsers in the iTunes Store but I have yet to find one that has all the features of TOR or that doesn't come with and expensive subscription price (one is $30 a month).
Badger is not available for iOS either but Disconnect works the same way and seems to be very effective.

Thanks for clarifying all that for kevs.

As I surmised, you have, in fact, seen Panopticlick reports other than "almost unique" and "unique".

Well after downloading and testing every iOS browser claiming to the based on TOR. Most of them verified they were using the TOR network but there were a few that used their own VPN (at a hefty price). Not one passed Panopticlick's test for hiding the signature.

While TOR is based in Mozilla and can use Mozilla extensions and has functionality to be the default browser for many users these browsers are pretty minimal..

Thanks Joe, now I get it.

But I might think because Tor is so rare, so rare, that Google would know it's me. Almost like a proxy right, which Google can figure out?... if that made sense. (Google has good proxy detection)

bTW notice in Panopticlick that most of the identifying thing is the system fonts, am I wrong on that? So if you could just block visibility of those...

Originally Posted By: kevs

But I might think because Tor is so rare, so rare, that Google would know it's me. Almost like a proxy right, which Google can figure out?... if that made sense. (Google has good proxy detection)

bTW notice in Panopticlick that most of the identifying thing is the system fonts, am I wrong on that? So if you could just block visibility of those...

I'll guess that at its safest setting Tor blocks so much stuff that Google won't allow you to "play" under any circumstances.

I don't see how system fonts can identify you when every Mac running a particular version of OS X/macOS, perhaps even every Mac, has the same font set; user installed fonts, sure, but not fonts that the OS, itself, installs.

PS,JOE, where are setting, Low Medium etc? Can't find.

Originally Posted By: kevs

PS,JOE, where are setting, Low Medium etc? Can't find.

Click on the onion icon to the left of the URL bar. I am often guilty of not reading the manual, but I found it helpful with TOR.

Excellent Joe Thanks, It was great to finally see, the no fingerprinting result.
Do you think if one is running a test with Google they would count the search as they would see it's from Tor?

Anyway to get this groove with Safari, Firefox etc? maybe disable java?

Originally Posted By: keys

Anyway to get this groove with Safari, Firefox etc? maybe disable java?

Unless Apple rewrites WebKit to use something like the TOR network (essentially a multipoint VPN), you have only a very limited number of fonts on your system, you disable JavaScript, and several other factors the answer is probably NO. You can already deactivate JavaScript (do not confuse Java and JavaScript they are totally unrelated. Many web sites will not work if JavaScript is disabled, including virtually all e-commerce or financial sites.)

As I said TOR is based on Mozilla (a.k.a. Firefox) so those are related.

UPDATE ON iOS BROWSERS: Onion Browser's Panopticlick results on signature hiding are equivocable. With Disconnect running, trackers of both kind are disabled and but the signature hiding test does not complete. I am interpreting that as there is at least partial signature hiding. Given the fact that Onion uses the TOR network, I am using it as my secure iOS browser.

Thanks Joe.

I don't know if you can answer: But if one runs test on Google, (which is my project0, they discount anything if they think coming from a proxy.

1) Is Tor similar to a proxy?
2) Would Google discount as they see you are on Tor which is such a rare browser?

What is Onion, parent commpany of Tor?
Good discover Tor, did you stumble upon it?
Did you try the Chrome add on Rubber Glove?

I just did test disabling java script on Safari, no help, no benefit. So Safari, FF, Chrome, those just wont achieve a not being fingerprinted result ever correct? Was not until I changed the setting to Max on Tor that that was achived. Maybe Tor has a secret sauce or something normal browsers dont?

Joe, did not understand the "update on ios browsers" too much:
What is "disconnect"? Oh... you are saying that Tor is not great on ios, but better than nothing?

Originally Posted By: kevs

I don't know if you can answer: But if one runs test on Google, (which is my project0, they discount anything if they think coming from a proxy.

1) Is Tor similar to a proxy?
2) Would Google discount as they see you are on Tor which is such a rare browser?

I will answer your question with a quote and a comment:

Originally Posted By: Wikipedia

In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.[1] A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.[2] Today, most proxies are web proxies, facilitating access to content on the World Wide Web, providing anonymity and may be used to bypass IP address blocking.

The TOR network is essentially a network of proxy servers scattered around the globe. The communications between these servers are heavily encrypted and in my experience there are always three different servers in the route. These servers are operated voluntarily and TOR actively recruits users to act as servers in the network. Only Google can answer the question of whether TOR is blocked or not. They can't shoot you for trying.

Originally Posted By: kevs

What is Onion, parent commpany of Tor?

TOR is an acronym for The Onion Router. There is no company per. se., it is an open source project springing from a Defense Advanced Projects Agency (DARPA) project released into the public domain. The network is called the TOR network and the technique used in the network is called "onion routing" because it resembles the layers of an onion. You may have run across it as a technology undergirding the illicit sharing of copyright materials via BitTorrent. (Before you ask, I do not participate in BitTorrent, I believe copyright holders have a right to fair compensation for their work. If the work is overpriced, I do not use it.)

See this Wikipedia article for full details on TOR.

Originally Posted By: kevs

Good discover Tor, did you stumble upon it?

This thread got me started looking for a solution and in my research, I came across TOR. Given today's internet environment I decided to give it a try, and surprise, it works albeit with limitations.

Originally Posted By: kevs

Did you try the Chrome add on Rubber Glove?

No, because others had already indicated a lack of success with Rubber Glove and I saw no reason to "beat a dead horse".

Originally Posted By: kevs

I just did test disabling java script on Safari, no help, no benefit. So Safari, FF, Chrome, those just wont achieve a not being fingerprinted result ever correct? Was not until I changed the setting to Max on Tor that that was achived. Maybe Tor has a secret sauce or something normal browsers dont?

As I reported previously my results were the same as yours in terms of hiding, and yes TOR does have a "secret sauce". Simply stated although the TOR browser uses the Mozilla engine used in Firefox and a variety of other browsers, it is designed and built from the ground up to hide the digital fingerprint and as an open source project there are hundreds, even thousands of developers all over the world working to keep it that way.

Originally Posted By: kevs

Joe, did not understand the "update on ios browsers" too much:
What is "disconnect"?

Disconnect is an iOS app that essentially does the same thing Badger (open source and recommended by Panopticlick) does for MacOS. It sets up a dummy proxy server that effectively blocks merchant tracking and invisible tracking cookies. I use Disconnect on my iPhone and I{Pad and Badger on my Macs and regardless of which browser I am using Panopticlick indicates tracking is blocked.

Originally Posted By: kevs

Oh... you are saying that Tor is not great on ios, but better than nothing?

The TOR browser does not run on iOS
There are several iOS browsers that claim to be base on TOR, but as far as I can tell that only means they use "Onion Routing" either on the TOR network or in a couple of cases their own and have little or no impact on signature hiding. VPN.
The Onion router on iOS is the work of a single individual but appears to have been based on some version of the Onion Router and appears to offer some degree of digital signature hiding in addition to onion routing, but the Panopticlick results are equivocal.

Joe, got this today from Tor and Google, what think? Google beats Tor? They asked for a captcha

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

Ah.. did not see your long answer when I posted this above. Great info, thanks Joe. Will look for disconnect.. for iphone. I use badger now on desktop for Firefox. I never imagined there could be add ons to phone browser but yes?

I'm finding Badger is not causing the enormous headaches that Ghostery would. I have to bail on Ghostery.

Originally Posted By: kevs

I never imagined there could be add ons to phone browser but yes?

I'm finding Badger is not causing the enormous headaches that Ghostery would. I have to bail on Ghostery.

There are over 100 ad blocking plugins/addons for Safari in the App Store on the iPhone and iPad. Safari plugins/addons are installed and setup as individual apps then "attached to" or "activated in" Safari using Settings > Safari > Content Blockers.

Disguise...

...works at the system network level not at the browser level
...is not attached to or activated in the browser
..works for all browsers on iOS including those built into apps

I gave up on Ghostery several months ago, but I do keep Cookie Stumbler around to cleanup accumulated cookies to speed things up.

Thanks Joe, so Badger is the replacement for Ghostery, correct?

What does cookie stumbler do?

What do you make of Google saying the see unusual activity while one is in Tor? odd?

Originally Posted By: kevs

Thanks Joe, so Badger is the replacement for Ghostery, correct?

Functionally Ghostery does more, but Badger effectively blocks cookies of all sorts from phoning home.

Originally Posted By: keys

What does cookie stumbler do?

Allows you to specify which cookies to keep and then every night sweeps all the undesired reporting cookies from your system.

Originally Posted By: keys

What do you make of Google saying the see unusual activity while one is in Tor? odd?

Probably the Onion Routing that hides your actual location. There are workarounds that are suggested for use in countries that make uncontrolled internet access illegal.

Thanks Joe, did not understand this:

"Probably the Onion Routing that hides your actual location. There are workarounds that are suggested for use in countries that make uncontrolled internet access illegal."

Question is how does Google know I'm at the same computer, I thought the whole point is, I have no fingerprint.

I don't see a cookie stumbler in firefox which I use the most. If you have one for FF you love let me know. I think I see a few hundred cookies on my computer. The cookies I don't care about slows things down at the point you could notice?

BTW, there is one newspaper, I would remove their cookies manually when they say,you have reached your article limit. It worked till recently. Any idea why that does not work now?

That was the "onion routing" that is used by The Onion Router (TOR) not TOR itself. In fact any browser can report itself to be almost any other browser and this information can used by sophisticated web sites to feed pages compatible with the browser in use.

Cookie Stumbler is a third party app that can be downloaded from WriteIt Studios or the App Store and runs on MacOS, IOS, and Windows. It cleans cookies on Chrome, Safari, iCab, Opera, Firefox, and whatever Microsoft calls its browser these days.

I have no way of knowing about the newspaper, but it sounds as if they have simply gotten smarter in blocking those trying to get something for nothing.

Thanks Joe, finally:
(unless I missed your answer), if you can guess...

How does Google know I'm at the same computer, I thought the whole point is, I have no fingerprint."

Originally Posted By: keys

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

If you could not receive a message directed specifically to you, you would be unable to receive anything from the internet. Lacking any further data I would say this message does not imply your browser is uniquely recognized. It addresses your network and since you are using TOR that would be the TOR Onion Routing Network.

Ah interesting Joe, I assumed Google knows it was my computer making those searches, but in the end, I was not able to continue with Google... any opinion on that? Maybe it was glitch.

Having no idea what the issue with Google is, I have nothing to base an opinion on one way or the other. I have no idea what you are doing, or why there is an issue with Google, but have you considered your own web site and domain? There are any number of companies willing to host a web site complete with email and will helo you register a domain name for a very reasonable fee.

A DuckDuckGo search for "web hosting" will get you a lot of options. I doubt that would solve your GMail/email issues however.

Thanks Joe, I have several domains and email, but how does that tie into this?

The G mail issues, from my research with friends and googling the issue is that Gmail is over aggressive. Google Gmail legit emails to spam. Still, just infuriating, imaging the quintessential white list a email company should provide is that if someone emails you the person replying should be white listed. Not with Gmail. A prospective client can email me, unsolicited, and my reply might go to spam. I wish Google had not gotten into email, and stayed with search. Gmail will lump people who send a newsletter to 100 softball members with a Viagra spammers sending million.

Back to Tor, great find, thanks! I realized how powerful it is really. Before, one could hide an ip, but then the fingerprint issue was discovered, so only true anonymity would be the library, but Tor brings the library to your house!

Originally Posted By: keys

Gmail will lump people who send a newsletter to 100 softball members with a Viagra spammers sending million.

The number of recipients in an email is still considered one of the most reliable indicators of spamming and that isn't just Google, it is industry wide. It was institutionalized as a virtual standard when various state and federal agencies began putting severe pressure on major email providers to prevent their networks from being used to distribute spam. Some providers set the maximum number of recipients as low as 10 or 15. That goes back 20 to 25 years in the earliest days of spamming. That was the progenitor of email services such as Constant Contact.

A lot of time and money has gone into software and techniques for identifying potential spam originating in or going to ISP networks, but there are $billions to be made with spam so some of the most highly paid programmers in the world spend their days figuring out how to get around every block that is set up. In the past it was estimated that over 60% of email traffic was spam. The fact our mailboxes are not overflowing with spam is a testament to how effective Google and others have been in blocking spam.

There is no question spam blocking techniques are annoying to "people who send a newsletter to 100 softball members" but to me it beats getting a couple of hundred spam messages every day. By the way, many "viagra spammers" send their junk through bot infected PCs using barebones SMTP servers installed on the infected PC to get around any limit on number of recipients by bypassing the provider's SMTP servers entirely. Others use SMTP servers in China, Russia, etc. that aren't worried about U.S. or E.U. regulations.

Originally Posted By: keys

Back to Tor, great find, thanks! I realized how powerful it is really. Before, one could hide an ip, but then the fingerprint issue was discovered, so only true anonymity would be the library, but Tor brings the library to your house!

FYI, I logged into my Google account today using TOR at the Medium security setting and both times had to verify I was by entering a code number texted to the cell phone associated with my account. So even at the Medium security setting Google apparently did not recognize my browser as one that had logged on to the same account half an hour earlier.

Thanks Joe. I use email tied to a url I own with spam sieve, so spam is not an issue.

Gmail is a disaster, I brought up the softball, as I really have a friend who runs a softball club, he loves Google and Gmail, and said he did have to send notices through Google groups now, not email, as his members (who are his members!), receive his alerts in their spam folder. And I have clients emailing me and my replies go to their spam, it's insanity.

Well if you are logging into your Google account, that would be reason not to need Tor, as you are showing your cards fully.?

But I just saying Tor is amazing as it does both the IP and the fingerprint trick in one. Now if that IP is recognized as a proxy is another issue.

Originally Posted By: kevs

Well if you are logging into your Google account, that would be reason not to need Tor, as you are showing your cards fully.?

By the same token, doesn't it suggest that you may be able to open a new account at each visit with Tor?

Sad news Joe, I just did a risk score on the first proxy that came up, with my MaxMind account, and it rated 90 chance of fraud.

Which means if you if someone really smart is wondering about your IP while on Tor they will know it's fishy. But you can still get stuff done as long as it's not related to them analyzing the source.

TOR has never claimed that it cannot be detected. Some countries ban the use of TOR and Onion Routing, but there are work arounds for that. You might try using one of those workarounds for more security. For absolute security, do not use the internet.

When you have questions about TOR the official advice isâ€¦

Read through the FAQ and the Documentation
See if your question is asked or answered on our StackExchange page. If it isn't, please consider asking it there! Then everybody else can benefit from your question and the answer to it.
Join the #tor irc channel, state the issue, and wait patiently for help.
Read through the archives of the mailing lists to see if anybody else has raised your issue recently. Note that you need to subscribe to the mailing lists before you can post.

For example I found a couple of FAQs that perhaps relate to some of the issues you have had with Google.

Originally Posted By: TOR FAQ

Google makes me solve a CAPTCHA or tells me I have spyware installed.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Gmail warns me that my account may have been compromised.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by it's rightful owner.

Even though this may be a biproduct of using the service via tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

You might find This page on Pluggable transports helpful in working around any blocking of TOR.

Thanks Joe, good info, some it a bit too much for me...
But Tor is good if you want a unique ID, and especially no fingerprint. Their IPs though are known ones, but for what it is, it's very cool.

I don't know actually of a list of "good" proxies, that rate as legit, and not fraud. So that one remains an intangible.

And last question Joe! Doubt you will know, but wonder is way to use Tor at a Starbucks or friends house, and use their IP and not Tors? Then you have a totally respected IP and unique fingerprint-- or are you bound by Tor IP?

And I think Tor is on iphone for $1.00.... app store.

Originally Posted By: kevs

And last question Joe! Doubt you will know, but wonder is way to use Tor at a Starbucks or friends house, and use their IP and not Tors? Then you have a totally respected IP and unique fingerprint-- or are you bound by Tor IP?

Every time you log onto the internet from a different location, you have a new IP address and TOR does its best to hide that. The first thing TOR does when it starts up is initialize its connection to TOR's Onion Routing Network and it will do that no matter what the connection to the internet is or where it is. Support for the Onion Routing Network is a prime reason for TOR's existence and essential to hiding the actual physical location of the user.

If you are a skilled programmer with time on your hands you could download the TOR source code and make the use of the Onion Routing network optional, but I doubt that would ever accepted back into the main TOR project. I don't think it would accomplish what you want anyway.

Originally Posted By: keys

And I think Tor is on iphone for $1.00.... app store.

According to TOR they are "working on a version for iOS but it is not available yet". My guess is hiding the digital signature requires access to parts of the iOS tht Apple will not permit. Not that Apple is opposed to digital signature hiding, but it would open potential security vulnerabilities Apple wants to keep tightly locked for security reasons.

There are a number of browsers in the iTunes app store claiming a basis in TOR, but I tested every one of them with Panopticlick and only The Onion Browser showed any digital signature hiding and that was equivocal because the test could/would not complete. The others either used the onion routing network or in a couple of cases a proprietary VPN for which they charge a substantial monthly or annual fee. I did not test those becasue I was unwilling to pay the fee. For several months there was a TOR browser offered on the iTunes App Store, but it was a phony and Apple eventually pulled it. There is a version of the TOR browser for Android devices called OrBot.

I have joined TOR's Mailing Lists and I will be keeping my eyes and ears open for an iOS version when it is released.

Keys, I think most of your questions and concerns are covered in detail in the TOR FAQ, but admittedly they are quite extensive and can be intimidating to a less technical reader. However if you will read...

I think that will cover most of your concerns and perhaps clear up a few concepts and possibly misconceptions in the process.

Some Interesting Sidelights to this discussion

As of yesterday 3/24/2017 I am unable to reach the TOR Project website other than through the TOR network. The error message I get is "unable to establish a secure connection" but it appears OpenDNS may be blocking access because the TOR project offers hidden routing that could be used for illicit purposes??? There is no problem reaching the site using TOR and the Onion Routing network.
On the TOR project site, I found an experimental pre to early alpha sandboxed version of the TOR browser. Since all iOS apps and any MacOS app distributed via the App Store must be sandboxed this is a prerequisite for an iOS version of the TOR browser. As there is already a version of Firefox for iOS and there are other browsers using the Onion Routing network for iOS it is apparently the digital signature hiding that is the sticking point at this juncture. (If I am housebound much longer, I may get bored enough to dig into the source code and see if I can figure out what is going on, but I will have to get really bored to do that.)

This thread has finally pushed me over the edge, and after years of indecision, I finally decided to turn on FileVault last night just before I went to bed. (NOTE: I cloned the system to an external drive so if anything goes wrong I can always get back to go.) There have been a few learnings with this as well...

I don't know about earlier versions of FileVault but in MacOS 10.12.4 beta 8 or 9 (I have lost count) you can Encrypt either the user folder or the entire drive. I elected the entire drive. The first step after turning on FileVault in system Preferences > Security & Privacy is rebootingâ€¦
It makes sense when you think about it but when you turn FileVault on Automatic logon is deactivated â€” permanently
I have not rebooted a second time but apparently bluetooth does not turn on until after the password is entered. Fortunately the Magic Keyboard and Magic Keypad can be connected via a lightning cable as well as wirelessly or I would not have been able to enter the password. (Memo to self: keep a couple of lightning cables handy.)
The system can be used as soon as it reboots, but encrypting the drive can take some time. Mine has been "encrypting" for 18 hours and the progress bar says there are some 15 hours left to go â€” oops, now it says 5 hours. Patience is a virtue I am told but I have never been convinced of that and at my age it is unlikely I ever will be.
Even with the encryption running in the background I have not encountered any noticeable reduction in system performance.

Thanks Joe, I just use the Tor browser, so don't understand why one would go to the Tor website.

I did find a Tor browser in app store called Red browser, but just "nearly unique" fingerprint, I think... Remember to let this thread know when you fine the real deal!

I've never used File Vault, What are the needs why one would bother? Joe Kissel has an entire PDF book on it...

Originally Posted By: kevs

I've never used File Vault, What are the needs why one would bother? Joe Kissel has an entire PDF book on it...

Given laptop's propensity for growing legs FileVault is IMHO essential to protecting your identity and data from "the bad guys'". For all computers that connect to the internet it is an additional layer of data protectionism from exploits.

I ran across the article I referenced in this thread this morning. I originally was thinking about protecting my internet browsing from apparently well meaning but perhaps overly intrusive marketers. Now I am beginning to be even more concerned about protecting myself from an over-zealous security apparatus that would consider any effort to protect one's privacy as suspect behavior.

Thanks Joe, we'll I'm still using my normal Firefox and Apple Mail at home for normal things and yes, the NSA and FBI etc can see it all if they want. But Tor for me is cool for occasional paranoid browsing once in a blue moon.

But if I used TOR 100% of the time... would I have no traces? But then you would not have the luxury of using bookmarks ever, or ever see a history to click back to?

And Apple Mail, Tor/ File Vault helps with that? I guess File Vault if you use it 100% of time, and log out, means those guys could never get into see anything... without your premiison, unless they were waterboarding you!

Originally Posted By: kevs

And Apple Mail, Tor/ File Vault helps with that? I guess File Vault if you use it 100% of time, and log out, means those guys could never get into see anything... without your premiison, unless they were waterboarding you!

Given that FileVaulting or Un-FileVaulting a drive can take anywhere from 24 to 36 hours most people will pretty much use it 100% of the time. However, in spite of how long it took to encrypt my drive, I have not seen any noticeable slowdown in normal use. Other than not being able to use automatic logon the user experience is changed.

Thanks Joe, never used File Vault, so this is the first time for you going full time with it? And it was introduced 5-6 years ago?

Do you have to password into the computer each and every time? Was are the trade offs? How do you like it?

FileVault has evolved since it was first introduced. Originally it only encrypted the user's home folder and while that it still an option, today the entire drive, apps and all are encrypted. Because of other settings involving automatic password entry, I have long had to enter a password after a give period of sleep. The only difference now is having to enter the password after rebooting. No big deal.

Given FileVault is essentially invisible and does not have a noticeable side effect on performance, and provides substantial additional security, I have to say I like it. My question now would be, "Why not turn on FileVault?"

Originally Posted By: joemikeb

Given FileVault is essentially invisible and does not have a noticeable side effect on performance, and provides substantial additional security, I have to say I like it. My question now would be, "Why not turn on FileVault?"

Anything that makes your data more difficult to access makes it much more difficult to fix if it becomes damaged.

I've spent hours on comparably trivial problems. Imagine a two-drive software raid STRIPE where the partition table is too damaged to mount the drive. Normally software like DiskWarrior wouldn't mind that, but in this case it can't touch it until the raid is attached, which can't happen if the partition table is bad. (not mounted... simply attached) So catch-22. DW can't fix the partition until it's attached, and it can't attach until it's fixed.

Now spend 18 hours UNstriping two 1tb drives to one 2tb drive. (would you believe I did it in BASH?) Then run dw and get a full repair and hundreds of gigs of data recovered in the next 5 minutes.

Now try that stunt wth file vault. I have. NOT fun. And far from reliable processes, it's different every time and requires a lot of time and trial-and-error. (and it took about a week for him to upload that 250gb block dump from down under, fortunately the repaired one was compressible... down to 72gb)

"Why not turn on FileVault?"
Joe that question is for me and others?

I have never thought of using File Vault, but may have to think about it now! But I do leave my two computers on all day long...the 27" imac and the macbook air in the other room, synced to icloud...

Virtual, so I assume you do not use File Vault?

I've done armchair infosec and malware research for years and never felt the need to encrypt my drives, even when I was specifically being targeted by a prolific malware gang.

Trump's administration changed that. I now encrypt my drives.

Virtual1 is correct; doing this makes drive repair harder. This problem is alleviated by a reliable and robust backup scheme. With 2TB USB hard drives hovering around the $40 mark and Apple having what is hands down the best automated backup software in the industry built into mac OS, there is no reason not to have good backups (and plenty of reason to do so).

I have three external backup drives. One is a 2TB clone, created with Carbon Copy Cloner and updated weekly. The other two are 3.5 TB Time Machine backups I rotate.

In addition, I have two servers (one in Portland and one in Canada) that run remote backup software and automatically mirror my laptop every night, but that's overkill; I only do that because my entire livelihood is on my laptop and I happened to have two old (Core 2 Duo) computers I wasn't using.

Originally Posted By: Virtual1

Imagine a two-drive software raid STRIPE where the partition table is too damaged to mount the drive. Normally software like DiskWarrior wouldn't mind that, but in this case it can't touch it until the raid is attached, which can't happen if the partition table is bad. (not mounted... simply attached) So catch-22. DW can't fix the partition until it's attached, and it can't attach until it's fixed.

That's why I went the extra mile and run a RAID 5 array. Yes it can get trashed, but it is more likely one of the drives will fail. Put a new drive in the cartridge, plug it into the array and it is automatically rebuilt.

Originally Posted By: kevs

Virtual, so I assume you do not use File Vault?

I do not. The only encrypted data I have is passwords and some server logs. I'm not doing anything to warrant much effort spent on me.

I just came across a product called Whonix that looks appealing if you are looking for the ultimate in
identity hiding. according to their web siteâ€¦

Originally Posted By: Whonix.org

Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed, pre-configured applications are ready for use, and installing additional applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.

However after looking at the Warning and Do Not pages I decided I do not need that much confidentiality or perhaps a better way of looking at it would be, I am not that risk averse.

Originally Posted By: Virtual1

I do not. The only encrypted data I have is passwords and some server logs. I'm not doing anything to warrant much effort spent on me.

I used to feel the same way, but having dodged a few fraud bullets (a $10,000 first class airline ticket from Dubai to Berlin purchased on my credit card for one) and as the internet has become a more and more hostile environment like tacit, I feel the need for a more secure internet environment.

Thanks Joe, new OS! I'm staying with Apple.

Yesterday, I tried to make a new Google account with Tor and was unable to. They kept saying the phone number was not formatted correctly even though it was.

At the top it say "be sure to turn your Java script on". So I think it was the java being off that screwed up the phone number field?

But, of course, if you turn java off, your unique identity, (which I don't even know how to do with Tor), fingerprint etc is compromised, so it's back to the library!

Any idea on that? would be nice to do Gmail at home for occasional with Tor, but I don't think it's possible.

Google also has a forced phone verification now which they did not have before....

Be sure you do not confuse Java and JavaScript. Java is a standalone application and applet environment from Oracle. JavaScript is built into the browser engine and relatively unique to each browser which makes the browser an identifiable element of the digital signature. The only similarities between the two are the first four letters of the name (J A V A) and a passing resemblance in grammar and syntax.

Unfortunately JavaScript is essential to the operation of many web sites. Likely Google is using JavaScript to capture, verify, and format the phone number, a relatively common practice.

As for GMail, I send and receive GMail almost every day ands seldom, if ever, log onto Google. Apple Mail and several other MacOS and iOS clients handle GMail flawlessly.

As for two-step authentication many, including Apple, are offering it as a strong security measure. The Electronic Frontiers Foundation (EFF) and TOR and most security experts strongly recommend it. It is a trade off between security and privacy. For me there is no single answer, rather a case by case choice.

Thanks Joe, by doing a G mail account in Apple Mail, would that identify you somehow to Google?

There is no way now to open a Google account without the phone verification correct?

Originally Posted By: kevs

Thanks Joe, by doing a G mail account in Apple Mail, would that identify you somehow to Google?

Well it would most certainly identify your userid and password. How else could you access your GMail account?

Remember this when dealing with Google, they are a very wealthy company that provides valuable services to users by selling the data they collect to marketers and by selling priority placement of search results to those same marketers. Google's bread and butter is knowledge of who you are, where you are, and where you are browsing. It is not unreasonable for them to consider your desire to hide that information from them when you use their search engine as theft of services. (Who knows they might even get that to stand up in court the way things are going today.)

Originally Posted By: kevs

There is no way now to open a Google account without the phone verification correct?

You would have to ask Google about that. My Google account is over 15 years old and that was not a requirement when it was created.

You know Joe, I did have 3-4 browsers I downloaded, to use for projects, non Tor, that achieved at least, "nearly unique" not unique fingerprint.

Opera is one, and I just checked it and it sucked in bookmarks from chrome or safari, setting were more relaxed in preferences and I cannot get it back to a nearly unique.

It likes browsers just want to be identified and populated with stuff.

The more stuff you add, the more opportunities for identifying characteristics to creep in.

Yes of course Joe, the point I was making is I did not add this stuff. Don't know how it got there...

Today, someone in tech biz told me about Epic browser which claim to fame is it's always in private mode, but out of the box it had a unique finger print, not as good as other is that respect go figure.

Baffled on this Epic browser. It's claim to fame it is always in private mode. Yes it cannot achieve "nearly" unique fingerprint with Panopticlick, as Opera or Vivaldi can... Puzzling. Curious on tha.

Various PC oriented "magazine" reviews give Epic high ratings, but privacy and security oriented reviewers, not so much. You might take a look at this review, this thread, and this blog.

Thanks Joe, for my project, I want to have a small stable of browser, not Tor, normal ones that can achieve at least a "nearly unique" in Panopticlick. That the best rating I have discovered outside of Tor.

I can't do it with FF or Safari, as those have all my bookmarks on them probably.

I did with Opera and Vivaldi, as those are clean, no bookmarks.

Sometimes even Chrome I get a nearly unique with bookmarks.

Epic, surprisingly, just gets the bad "unique fingerprint", even though brand new, clean, no bookmarks, any idea on that?

And other non Tor browers too add to my stable?