My apologies

[Ellieka]

It came to My attention just a short while ago that my signature had caused alarm for some users. In short what it did was display on your screen your IP address,Operating System, web browser and City of the IP owner. For instance, on my screen it would show somthing like this:

Code Select Expand

your IP address is 192.168.1.100, your ISP is Comcast, your Running Linux 2.6.29.3 and using Firefox

You live near South Bend Indiana.

On your screen how ever it would say something entirely different like:

Code Select Expand

Your IP address is 172.16.0.100, your ISP is Verizon, your running Windows Vista and using Microsoft Internet Explorer.

You live near Salt Lake City Utah

The information you see is only seen by you No one else can see whats on your screen. The information displayed is different for each viewer. This is done by using a program like Nmap or Snort to do what is known as TCP/IP stack fingerprinting. Many sites like Adobe Flash use this to detect what Operating system and web browser you are using to determine what version of Flash Player to install for you.

While TCP/IP fingerprinting is rather benign it can allow a remote system to determine what Operating system you are using along with other information like what web browser your using. It does not know your house address or street name or who you are. Every system be it UNIX/Linux, MAC, or Windows can send this information as it is a part of the whole TCP/IP suite of tools and is installed by default on most computers. Even if your computer is not displaying this information on your screen it will still transmit it if requested to do so from a remote system. My signature used such a request to echo this information back to you. This was a failed attempt at being amusing using various quips form popular movies like The Matrix.

It is possible to remove TCP/IP but doing so will also shut down your access to any network you are connected including the internet. You can however employ certain tools to block a remote system form fingerprinting your system. Try googling OS fingerprinting for more information on the subject.

Again I apologize for any paranoia this has caused. It was, in retrospect, a bad idea.

Sincerely,
Cami.

[Feever]

I noticed it one day, and never really thought about it.  In retrospect, i guess I should have been more observant.

Many people wouldnt admit an error like that.  They would simply fix it, and then pretend it never happened.

Thank you Cami. 

[Sandy]

It is pretty benign for the most part.  Cookies can be much more insidious.

Most users of the internet don't even know it is happening all the time.  It certainly didn't bother me, Cami.  I thought it kind of cute.  I was thinking about cruising that site to see if there was something I like.  Perhaps I won't now.

Yes, it can be used as part of an exploit, but if you are that paranoid then you should only access the internet through smoke signals.

-Sandy

[NicholeW.]

Oops, someone "stealth" got nervous? hahahaha

[Ellieka]

Yes, it can be used as part of an exploit, but if you are that paranoid then you should only access the internet through smoke signals.

-Sandy

Does comcast have smoke signal access ? 

Oops, someone "stealth" got nervous? hahahaha

You're going to help us Mr. Anderson, weather you want to or not.

I guess its kinda like Onstar... If you don't really understand it it would be conceivable for one to think they were spying on you. I can't blame someone for getting a little creeped  out by it. The authors web site even kind of eluded to that anyway.

The cool thing about this graphic is that when people see it, they think their private information (like their city or IP address) is being publicly shown on your Myspace background, layout, blog, or forum, and they think that other people can see their private info! Their first thought is, "hey, how did my IP address get on this website?!", or "why is this website telling people where are live?!"

[Sandy]

Does comcast have smoke signal access ? 

Actually, no, but they are actively reviewing the RFC for carrier pigeon IP http://en.wikipedia.org/wiki/IP_over_Avian_Carriers.  I defy anyone to go over the bandwidth cap using that! 

*excuse me miss, but your geek is showing...*

-Sandy

[Ellieka]

OMG! too funny! IPoAC 

*excuse me miss, but your geek is showing...*

Geeks are Hawt!

[NicholeW.]

OMG! too funny! IPoAC 

Geeks are Hawt!

I was told they were haute

[Syne]

Those things have been around forever, I saw them and did not think twice about it. If I really wanted to I could obscure the info but it is not worth the time usually.

Just remember that for the most part security and privacy on the net are nothing more than myths.

[Cyndigurl45]

You had a what showing what? I failed to notice it as well must be my blonde showing LOL keep up the geek work

[Sandy]

You had a what showing what? I failed to notice it as well must be my blonde showing LOL keep up the geek work

It's not your blonde, Cyndi.  At least not this time.

Cami already pulled the sig stuff out so it no longer showed.

There are gimmicks you can add to your sig file (that Cami had) that will display back user information and some may have mistaken those benign displays as security violations.

Look at the original post and see a sample of what was being displayed.

-Sandy

[Cyndigurl45]

OH sweetie I know exactly what she was talking about I have used them before in other forums and I have something similar on a few websites I've designed, cool little apps my blonde moments where never noticing her signature when it had them

[burgandy]

I never saw your signature, but it sounds to me like all it's doing is reporting the information from the client's user-agent header (browser, OS) along with a geolocation lookup.  I'm no expert, but I seem to recall that stack fingerprinting requires the scanner to find both an open and a closed TCP port, which usually takes a couple minutes.  Beyond that, many internet users have a firewall, in the form of a home-network router, which is going to silently drop just bout anything, and even if it didn't, the scan would only be fingerprinting the router, hardly the aim here.  Also, the IP addresses you gave as examples are both private IPs:  They're meaningless to anyone not connected to the private network where they originate (RFC 1918).  Perhaps gleaned client-side, pre-firewall?

Sorry, I just had to be pedantic.

~ Burgundy ~

[Ellieka]

Also, the IP addresses you gave as examples are both private IPs:  They're meaningless to anyone not connected to the private network where they originate (RFC 1918). 
~ Burgundy ~

Yeah I did that on purpose.

[Deanna_Renee]

OUCH!! Sorry, I just tripped over this thread and stubbed my toe on it.

The slightly more alarming side of this is when you find out/realize that Google Analytics employs this kind of technology to allow site owners to keep track of a very broad range of data regarding the people who visit their site/s. All of the above information and several times more. It's really quite fun to go through and look at where people are viewing your site from and how they got there, how long they were there, what kind of coffee they drink, that that blue dress just should not be worn with those sequined purple stilettos...

Oh, wait, that's the next version, currently in Beta. 

Anyhooo, just think what Big Brother knows...

Deanna

[tekla]

There is no limit to what they can know if they want to, or want to pay for it - but most people should not be that paranoid, their lives are not worth that kind of scrutiny.

[Deanna_Renee]

There is no limit to what they can know if they want to, or want to pay for it - but most people should not be that paranoid, their lives are not worth that kind of scrutiny.

For the most part too true.