1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What can Javascript pull from a user's PC and browser?

Discussion in 'HTML & JavaScript' started by powpowmeow, Sep 17, 2010.

  1. powpowmeow

    powpowmeow Newbie

    Joined:
    Apr 5, 2010
    Messages:
    5
    Likes Received:
    0
    Hope this is the right subforum, apologies if it isnt- OK, I am using hidemyass proxy, firefox with history disabled, + noscript this certain website is *still able to detect that i am logging into different accounts from the same "household or computer environment" (yes, that is a direct quote) the website in question does have a https: but hidemyass is also encrypted my best guess is that this website, which uses javascript, and at some points when browsing the site you are REQUIRED to allow the scripts (with noscript) in order to fully use the site, that the javascript is pulling a real IP off my connection, or perhaps a hardware profile from my machine. how likely is this? what exactly can java pull off while i am connected via a proxy like hidemyass? is it perhaps something far simpler than a javascript intrusion? again apologies if this is in the wrong place and thanks for the help
     
  2. flibbertigibbet

    flibbertigibbet Regular Member

    Joined:
    Apr 11, 2010
    Messages:
    388
    Likes Received:
    188
    if you're connecting to another person's server, then they can potentially track EVERYTHING you do while you're connected. they can see what webpages you visit, what you click on, what information you submit in forms...ect. This means they can learn your name, your real ip, your cc number if you submit it, your email if you submit it, your passwords if you log into an account of some kind...anything you do.Hidemyass is obviously a transparent proxy and is NOT SAFE.....use a service that is more anonymous.
     
  3. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Well JavaScript is a client-side script so, save for what security precautions are employed by the typical browser, JavaScript can indeed retrieve quite a bit of data. If you have NoScript enabled it could be a Flash embed that is retrieving some data... even though NoScript does block most Flash content. Try installing FlashBlock (another FF add-on), and see if that helps.

    Additionally, I'm sure almost every service that wants to cripple anonymity has a DB of almost all web-proxy IP ranges. I could be wrong though.
     
  4. powpowmeow

    powpowmeow Newbie

    Joined:
    Apr 5, 2010
    Messages:
    5
    Likes Received:
    0
    I forgot to mention, flash is not installed but I will look into Flashblock as well as the other suggestions thanks!
     
  5. marquist

    marquist Newbie

    Joined:
    May 13, 2010
    Messages:
    15
    Likes Received:
    3
    Are you sure it's not just an ordinary HTTP cookie? Did you clear them out?
     
  6. RiskyShift

    RiskyShift Newbie

    Joined:
    Sep 16, 2010
    Messages:
    19
    Likes Received:
    3
    It's not possible to get a user's real IP using javascript, but it can sometimes be possible using Java (which is a completely different language), so make sure you have that disabled.

    I would also try disabling the cache in your browser, there are some techniques to track users by checking if they have a particular object cached.