Blocking of Detecting Private Browsing Mode

General discussion about the NoScript extension for Firefox
Post Reply
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Blocking of Detecting Private Browsing Mode

Post by luntrus »

Hi Giorgio Maone,

Hello I have come to join you here.
As you know every modern browser to-day has a so-called "pr0n"-button aboard in order to leave no surfing-traces behind,
but websites are now very well able to record who it is that is trying to surf "anonymously".
The way this is being done is by offering some-one to visit a unique, never before seen URL,
and then check whether that link has been visited through CSS.
That specific link will then have another color.
Isn't that the case, then that means that Private Browsing, InPrivate or InCognito mode has not been active.
"Not a very serious issue, but interesting enough to mention in case some-one wants to embroider further on this concept", according to security researcher Jeremia Grossman.
http://jeremiahgrossman.blogspot.com/20 ... -mode.html
Together with his colleague Collin Jackson he designed the following web-page:
http://crypto.stanford.edu/~collinj/research/incognito/
that is able to detect if you use of the "pr0n"-button or not,
Do we have protection through NoScript also against other forms of likewise CSS-abuse?
Aren't browser users not becoming more and more transparent?
Where would we be without the NoScript extension?

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090321 Minefield/3.6a1pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Blocking of Detecting Private Browsing Mode

Post by Giorgio Maone »

NoScript does block the specific PoC, which relies on JavaScript.
With some additional effort you can detect the same info without using JavaScript: in that case, there's nothing you can do about it.
Notice, though, that this is really an almost ridiculous issue, if compared with the ability of tracing the sites you've actually visited which is possible outside the "Incognito" mode (and defeated by SafeHistory and SafeCache).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
bazzargh
Posts: 2
Joined: Sat Mar 21, 2009 7:29 am

Re: Blocking of Detecting Private Browsing Mode

Post by bazzargh »

That page doesn't actually detect if PB mode is on, it detects if visited links can be discovered, which is an orthogonal issue.

For example, it reports false positives if either layout.css.visited_links_enabled or browser.display.use_document_colors is false. There's probably other ways to trip it up. See https://bugzilla.mozilla.org/show_bug.cgi?id=147777 for more info about the visited_links_enabled pref.

-Baz
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Blocking of Detecting Private Browsing Mode

Post by luntrus »

Hi bazzargh,

As Giorgio Maone mentioned when it is done via JavaScript there is no problem, because NoScript perfectly takes care of that one and similar issues; as a more permanent solution to the visited links issue at hand -

Copy the code below as css file at /Users/luntrus/Library/Application Support/Firefox/Profiles [random].default/chrome

Code: Select all

/* visited link stuff */
#board_wrap a { color: #03c !important; }
#board_wrap .board td { color: #000 !important; }
#board_wrap .board a:link { color: #000 !important; }
#board_wrap .board a:visited { color: #03c !important; }
#board_wrap .message a:visited { color: #000 !important; }
#board_wrap .searchtopics a { color: #000 !important; }
source: http://www.ksot.com/AdBlocks.html
Can you comment to this?

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090321 Minefield/3.6a1pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Blocking of Detecting Private Browsing Mode

Post by Giorgio Maone »

@luntrus:
No CSS hack can defeat attacks leveraging the :visited CSS selector. Some of them may help against a single well known payload, but there are several ways (both scriptless and using JavaScript) to work around, e.g. using descendant selectors and background images to notify the "spying" party.
As I said, the most useful approach to block the history sniffing attacks is using SafeHistory.
Jeremiah's article shows that SafeHistory (like Incognito), or more precisely the fact we're disabling either globally or selectively history logging, can be detected by a remote sniffer -- not that I'm overly worried about that, considering pros and cons.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
mik33mik
Posts: 18
Joined: Fri Mar 20, 2009 11:59 am

Re: Blocking of Detecting Private Browsing Mode

Post by mik33mik »

Hi,
Torbutton addon prevents this issue
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Blocking of Detecting Private Browsing Mode

Post by Giorgio Maone »

mik33mik wrote:Hi,
Torbutton addon prevents this issue
How does it, exactly?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
mik33mik
Posts: 18
Joined: Fri Mar 20, 2009 11:59 am

Re: Blocking of Detecting Private Browsing Mode

Post by mik33mik »

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive).
You must check Block History Reads during Non-Tor in torbutton preference.
You can also test torbutton with this poc:

Code: Select all

http://ha.ckers.org/weird/CSS-history.cgi
In this page you can read the Torbutton Design Documentation
This component was contributed by Collin Jackson as a method for defeating CSS and Javascript-based methods of history disclosure. The global-history component is what is used by Firefox to determine if a link was visited or not (to apply the appropriate style to the link). By hooking the isVisited and addURI methods, Torbutton is able to selectively prevent history items from being added or being displayed as visited, depending on the Tor state and the user's preferences.

This component helps satisfy the State Separation and Disk Avoidance requirements of Torbutton
Ciao
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Blocking of Detecting Private Browsing Mode

Post by Giorgio Maone »

mik33mik wrote:The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive).
Not exactly: from the test's standpoint, it's ON because TorButton is doing more or less the same thing as Private Browsing and Safe History (i.e. blocking History recording).

In other words, I may declare that I can detect the presence of TorButton (which for people who are very concerned about privacy, i.e. all the TorButton users, is even worse than detecting Private Browsing) and then say that "Private Browsing prevents this issue" ;)
By hooking the isVisited and addURI methods, Torbutton is able to selectively prevent history items from being added or being displayed as visited, depending on the Tor state and the user's preferences.
In other words, TorButton use the very same technique as SafeHistory, and this is not surprising since history sniffing is a major attempt to privacy, which is the main concern of TorButton.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Blocking of Detecting Private Browsing Mode

Post by luntrus »

Hi mik33mik,

A proposed 'domain tagging' - make 'visited' links only look 'visited' when they point to documents in the same domain as the current page. This would be a severe blow to the functionality and usability expected of visited links. What is the interference of RequestPolicy blocking in this case?

luntrus
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Browzar)
mik33mik
Posts: 18
Joined: Fri Mar 20, 2009 11:59 am

Re: Blocking of Detecting Private Browsing Mode

Post by mik33mik »

Hi,
yes, the eternal struggle: privacy VS functionality, it's a very subjective choice.

About the question concerning RequestPolicy, it doesn't interfere with browser history setting.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18
Post Reply