![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "Alexander K. Yezhov" <admin@leader.ru>
To: bugtraq@securityfocus.com
Subject: Anonymized ? Not yet.
Date: Wed, 13 Jun 2001 21:09:10 +0400
Hello,
Anyone knows the Anonymizer service. It's a good tool that lets you
stay anonymous surfing the web (http://www.anonymizer.com). Moreover,
it blocks the JavaScript code placed on the web pages. The problem is
that it just comments scripts instead of cutting them out. On the one
hand it's good since you can look at the original JavaScript code if
you want. On the other hand this commenting has some disadvantages.
The text below applies to the free/trial version of Anonymizer service
(commercial version wasn't tested).
The problem: Anonymized web pages can use the JavaScript code that
will be executed even if commented by Anonymizer (site can silently
reload frame and get real visitor's IP for example).
The code: The code below won't give you any errors no matter if you're
loading the page with Anonymizer or without it (visible part can be
hidden using <font color>).
<!--
<script>//--->->
<script language=javascript>
alert('Hi! Still anonymized?');
//</script>
</script>
-->
Working example: You can try to load the "Privacy tools" pages at
Tools-On.Net via anonymizer, click on the "Go" button below
"Holmes/Who" and look at the report (compare results with JavaScript
enabled and disabled).
http://anon.free.anonymizer.com/http://tools-on.net/privacy.shtml
http://tools-on.net/privacy.shtml
Note: if you get a "re-enter" message on the site it means the session
id was lost and you really need to re-enter (this can happen if you're
using a cluster of proxy-servers for example).
Best regards, Alexander
----------------------------------------------------------------------
MCP+I, MCSE
http://Tools-On.Net - Free tools for connected people.
http://Leader.Ru - Leader's Smart Guide.
----------------------------------------------------------------------