Tracking IDs

7 May 2023 18 minutes Author: D2-R2

Ways to ensure security in cyberspace

Well, warriors, you already have some knowledge about how to protect yourself and not fall into the eyes of overly curious netizens and other interested parties. Congratulations, you have seen the tip of the iceberg, it’s time to dive a little deeper!
It is not enough to simply protect against theoretical hacking, a real hacker must understand with which devices his hardware can be hacked and how to protect against hacking. After all, there is a sufficient number of them and it is necessary to react quickly in order to protect yourself and your iron. In this article, we will also consider the available methods of tracking in the network, and for what purposes they can do it – a rhetorical question. Because it’s our job to identify these tracking methods and prevent them from happening. Let’s start the review with a PC, then we’ll move on to personal devices, that is, those that are always with us either in our pockets or on our bodies – we mean smartphones, smart watches, fitness bracelets, etc. After all, not everyone knows that at first glance, the most banal electronic devices that are not related to cyber security can identify their owner.

Safety should be a priority

Well, warriors, you already have some knowledge about how to protect yourself and not fall into the eyes of overly curious netizens and other interested parties. Congratulations, you have seen the tip of the iceberg, it’s time to dive a little deeper!
It is not enough to simply protect against theoretical hacking, a real hacker must understand with which devices his hardware can be hacked and how to protect against hacking. After all, there is a sufficient number of them and it is necessary to react quickly in order to protect yourself and your iron. In this article, we will also consider the available methods of tracking in the network, and for what purposes they can do it – a rhetorical question. Because it’s our job to identify these tracking methods and prevent them from happening. Let’s start the review with a PC, then we’ll move on to personal devices, that is, those that are always with us either in our pockets or on our bodies – we mean smartphones, smart watches, fitness bracelets, etc. After all, not everyone knows that at first glance, the most banal electronic devices that are not related to cyber security can identify their owner.

IP (I’ll calculate your IP, bitch!)

So an IP is actually a digital address that your ISP assigns to your device. There are different types of IP addresses: internal, external, dynamic, static. 80% of Internet users use an external static IP address assigned by their ISP. I will not open America for you by saying that knowing your IP can determine the provider, as well as the city in which you live, the zip code and even your house. You can protect yourself from this with the help of a banal VPN or proxy server. It works quite simply: all the data you transmit using a VPN becomes encrypted (which is why the Internet speed decreases), and most importantly, the IP address of your ISP is replaced by the IP address of the VPN server. A proxy server does roughly the same thing, with one difference: it doesn’t encrypt your traffic, it just replaces your IP address. This does not mean that the proxy server is much worse and we should not use it – it is just necessary to understand for which tasks it is best suited. Of course, you will find out about it, dear mommy hackers, but a little later. By the way, you can use the 2up.ua service to determine your IP address

The VPN service will change your IP address in one click

 

MAC addresses

A MAC address is a unique number of the network equipment through which you use the Internet. Routers, telephones, computers and other gadgets capable of connecting to the network have a MAC address. Now I will tell you how this information can be used. Let me give a simple example: if Wi-Fi is turned on, any of your devices (laptop, tablet or smartphone) reveals its MAC address. This is publicly available information that cannot be hidden without disabling the Wi-Fi module in your device. Some visitor analysis systems, so-called Wi-Fi radars, are built on this, from where information is collected about how long, how often, which places a particular person visits. Thanks to the received data, they build popular routes, collect statistics on the time and regularity of visits.

As you might have guessed, your main bug is an electronic gadget with an activated Wi-Fi module: it not only “bleeps” your current location, but also constantly tries to connect to those networks to which it was previously connected; in this way, you can understand where and which routes you walk, where you like to dine or rest, and much more. For the most part, such information is collected, analyzed and used by large advertising companies to increase the number of sales: knowing your movements, age, interests, you can “tuck in” any junk. Also, information about the movement of MAC address owners can be obtained by law enforcement agencies upon official request. But you, mother’s hackers, have nothing to worry about: you are white and fluffy! But just in case your paranoia level suddenly rises a little above the norm, know that you can easily fix the problem – turn off active Wi-Fi scanning on your device.

Bluetooth

With Bluetooth, the story is about the same as with the MAC address. All devices have active Bluetooth, are constantly trying to connect to something or someone, thereby as if shouting to the whole world: “Look, I’m here, look at me!” This, of course, can be used by attackers. This usually happens in crowded places. Fraudsters calculate a plan of action in advance and prepare a device that will be used to hack. In most cases, a tablet or smartphone reset to factory settings is suitable for this. The only obstacle is a small distance (no more than 10-12 meters) for a stable connection. Well, then you already understood: with the help of special software, a connection to your device occurs, the device itself becomes infected, and it is not known how it will be used further. Here, the protection is the same as with the MAC address: turn off Bluetooth from the active search mode – and that’s it!

Iron or telephone indicators

Here, too, everything is quite simple: basic VPN programs and a proxy server help to hide your location from prying eyes, but this is not always enough. Some sites have embedded programs that read the system data of your iron or phone: language, time, network name, etc. And so you go to any site, let’s say, under an Italian IP, and your iron at the same time gives data that it works in a different language and at a different time… Hmm, suspicious. Of course, this reduces the level of trust in you as a user. Usually, such deanonymization methods are used by not-so-honest hackers, but this is not about us, my friends. However, we must take care to anonymize ourselves as much as possible.

IMEI is confidential information

Phone

Your phone can be tracked using many identifiers, including Bluetooth and MAC address. It is also possible to calculate a phone by IP, but it is much more difficult than a PC, since the IP on a phone is usually dynamic. What other ways are there to identify the phone? Of course, IMEI and IMSI (this is the unique number of your phone and your SIM card). With these outlets, attackers can access almost everything on your phone: contacts, geolocation, movements, address, account balance, in some cases even intercept calls or messages, and can sign you up for some paid services that will debit money from of your account – in general, the space for maneuvers is quite large. For criminals, the downside of this identification method is quite obvious: only you and your operator know your IMEI and IMSI. Of course, the employees of your operator can be bribed, or law enforcement agencies can send an official request to your operator to provide IMAI and IMSI — well, for the latter, it is necessary to do a lot of damage for uncles in shoulder straps to do this! For the most part, in order to protect yourself from something like this, it is enough for you not to buy cards in unverified places and not to reveal to anyone what outsiders should not know. By the way, this applies not only to IMEI and IMSI.

Browser


So, let’s move on to browsers.
Most of the time, the main reason why your browser can be hacked is simple inattention. You want to download a file or install an extension and you accidentally end up on a phishing site (I’ll admit, I’ve had this happen too), at the same moment malicious software is installed on your hardware, and then everything depends on what exactly you downloaded. You can be immediately locked out of your system and asked for a ransom, or simply have all your online activities monitored in the background. It is quite difficult to understand that you have caught malicious software, sometimes it is not seen by antiviruses and it can be quite inconspicuous on your computer. The bell that you should start worrying about is an abnormally high load on the system: one fine day the iron starts to work slower and worse than yesterday.


Browser security should come first

The main issue before us is the maximum protection of our data in case of such unpleasant situations, since even professionals can get into such trouble. What steps should be taken to avoid such troubles? First, you need to work on a virtual machine: a virtual machine will help you hide all your data, which is usually stored on the main Windows. Secondly, install an anti-detection browser: even if malicious software is installed, it will not allow you to make a digital impression of your iron. It is also necessary to take care in advance that your browser does not save history and cannot automatically connect the camera and microphone, but only on request – this can be easily done by going to the settings of any browser. And of course, I’ll give you some pretty useful plugins to help you work more securely in your browser.

1.AdBlock Plus

Click here

2. BetterPrivacy

Click here

3. AmIUnique-signed d.NoScript

Click here

4. Disconnect

Click here

5. uBlock Origin

нlick here

6. Self-Destructing Cookies

Click here

7. HTTPS-Everywhere

Click here

8. m. User-Agent Switcher

Click here

Watches, headphones, trackers


Our gadgets are not as safe as they seem

 

This section is a hodgepodge of the previous sections, as the gadgets listed above and many of your other electronic devices (even some types of refrigerators!) work with bluetooth, some have their own IMEI, and others work with a SIM card (for example, a parking barrier ). Therefore, all these devices can become tools for tracking or identifying your person if you do not use the advice from the previous sections. And the barrier in front of your parking lot, which works with the help of a SIM card, you can generally sign up for a paid service and receive money from it. In general, I would like to remind you that not only computers and phones can identify you, but also the most banal electronic devices that, at first glance, have nothing to do with cyber security. We will add to this section…

GPS

I don’t know if I should write a lot here. GPS tracking methods are intuitive even for those users who are not very knowledgeable about cyber security. The fact is that most applications that are installed on your phone or other equipment read your GPS data in the background. The place where the phone is located is determined by transmitting a signal to a satellite, which in turn provides accurate geographic coordinates on Google maps. Thus, large corporations collect a huge amount of data about you and store it on their servers. In an ideal world, this data should be strictly confidential and not go beyond the boundaries of the companies that collect it. But there is no such thing as a perfect world, and we fully understand that there are many ways that this data could accidentally end up in the wrong hands. For example, everyone understands perfectly well that the Yandex company cooperates with the Russian FSB and will gladly transfer all possible data about any user at the first request. This is just one example, there are other ways, starting from banal bribery of an employee and ending with hacking and downloading the information of all these companies. One way or another, I personally would not want a fellow major or any other “well-wishers” to know where I live, work, train or drink beer in the evening with friends. I think you have already guessed how to counteract this: turn off geolocation tracking in every application starting with Telegram and ending with an application for learning English with the handles and turn it on only when necessary.

DNS servers

As it turns out, DNS lookup allows you to track a user on the network.
Recursive domain servers have capabilities that compromise the privacy of a user’s personal data. Based on the data obtained through DNS (Domain Name System – a computer distribution system for obtaining information about domains), it is possible to track a user on the network and collect a “profile of his interests”. The behavioral method allows ISPs to track user activity over a long period of time. How is it done? By comparing the IP address and the requests made through it, it is possible to determine which sites the user is visiting. As many ISPs use dynamic IP addresses, the user’s address changes periodically and is increasingly difficult to track, but anyone with access to the infrastructure DNS, can track a user’s behavior by their IP address, then create a classifier for their chain on the network and use it to find that user again. Each user has a unique combination of interests and preferences that are reflected in their Internet surfing in the future, even when they use a different IP address.

Use different software to replace DNS

Programs

QuickSetDNS

Click here

Smart DNS Changer

Click here

NetSetMan

Click here

Cookie

If you use a web browser, you may have already collected several cookies. They are created by websites and stored in your browser until they expire. Some cookies are harmless, and some remain active even on sites that do not belong to them, collecting information about your behavior. These are called persistent third-party cookies. Third-party cookies are used to collect information for relevant advertising customization, analytics collection, or statistics tracking. Tracking cookies can be so aggressive that many antivirus programs classify them as spyware. How to protect yourself? You can’t disable the Cookie completely, because there are basic ones that can’t be fixed, but I advise you to READ and READ before you accept something, because when the “Accept” button appears, you can drag the sliders and not use some cookies. The second method, but less effective, is to go to the browser settings and remove literally a couple of ticks. Chrome does not provide information about which websites and web services comply with the “Do not track” queries. And I want to advise you to save data while working on the Internet, but delete it when you exit Chrome. To do this, we go back to the browser settings and perform the following steps – namely, enable the option Delete cookies and site data when closing all windows.

Don’t be in a hurry to click “accept”

Metadata

Simply put, metadata is data about data (their composition, content, status, origin, location, quality, formats, scope, terms of access, copyright, etc.). The National Information Standards Organization (NISO) offers a classification that can be applied to all types of data or data repositories, from libraries to websites, to textual and non-textual data, in digital or physical form.NISO describes three types of metadata

The first type

Written metadata includes information such as contact points, title or author of the publication, work instructions, keywords used in the work, geographical location or even an explanation of the methodology. This data is used to identify, collect or group resources according to their common characteristics. To understand how descriptive metadata relates to informational data, visit the European Commission’s Economic and Financial Affairs Business and Consumer Research pages. In addition to research data, you can obtain BCS Metadata from a study of each of the EU countries, such as France. Metadata files contain contact information, a description of the methodology, and the date of each study, but do not contain questions and answers obtained during the study.

The second type

Structural metadata explains the composition or organization of resources. For example, a digital book can be published as images of individual pages, PDF or HTML. These pages or components are usually grouped into sections. Data on sections, content or page layout information are considered structural metadata. Structural metadata includes records such as a structural map of pages or other website resources, an intrusion event, or recording voice call information.

The third type

Administrative metadata is used by resource management. The date of creation or receipt, access rights, rights or origins, or disposal rules, such as storage or deletion, are examples of rights that can be exercised by a digital archivist, curator. Such metadata will be useful for the database administrator or for administrators responsible for retrieving data from telecommunications or data networks, or security or event logs.

From the above, you already understand how much metadata you give to the network, and how you can use all this, you also understand.
You can clear metadata with the following services

EXIFTool-Android

Click here

MetaClean

Click here

“Метаданные ++”

Click here

FingerPrint

FingerPrint – or computer fingerprint, is general information that is collected about a particular device for further identification. The fingerprint collects information even when the cookie is turned off. Not to mention everything that FingerPrint reads, I will say that it collects information on about 3 sheets of A4, even reading the unique defects of your video card, screen diagonal and everything else. The technology is usually used by the state. structures to detain cyber criminals. The concept of fingerprint is related to the practical value of human fingerprints. Ideally, all machines have different fingerprint values (difference), and this value will never change (stability). In this case, it would be possible to uniquely identify each machine on the network without the user’s consent. In fact, neither difference nor stability can be fully achieved. Improving one of the parameters causes the deterioration of the other The difference is that no two cars have the same footprint. However, a large number of devices are likely to have the same settings and thus have the same fingerprints. This is especially true for factory-installed operating systems. One way is to use scripting languages that will collect more parameters. However, this will cause system instability as many parameters change over time. Stability is that the imprint will change at any time. However, by definition, browser configuration is not a guarantee. For example, one of the settings you change in a cookie is displayed as “on” / “off”. This change may change the imprint. Thus, it should be concluded that only those parameters should be collected that will not change with greater certainty, which will lead to a decrease in the parameters for collecting information.


The imprint knows everything about us

Fingerprint methods are covert and active.

Hidden fingerprint

The hidden fingerprint is a hidden request for the client’s car. These methods are based on the exact classification of client parameters such as TCP / IP configuration, digital OS footprint, IEEE 802.11 (WiFi) configuration, and time offset.

Active fingerprint

An active fingerprint is that the client will allow you to make requests. The most common method is to install the running code directly on the client machine. This code will have access to more hidden settings, such as MAC addresses or unique serial numbers of equipment. Such information is useful for software in the field of technical means of copyright protection

Collecting fingerprints from clients (using a browser) can be done using JavaScript or other scripting languages to collect a large number of parameters. Only two classes of network users have severe restrictions on tracking: mobile devices and security-enhanced applications.
A separate problem is the ability of the user to have multiple browsers on one device, and even more virtual hosts. Because each entity can have its own fingerprint, you can change it very quickly if you do not use the new cross-browser fingerprint technology.

Not sure that it is now possible to 100% secure yourself from this technology, but most of the privacy techniques described above, such as a virtual machine and anti-detection browser, should help minimize the risk of collecting detailed information.

PS * We have many more interesting instructions on the site

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.