Simple Data Privacy Check

What can you do in 5 minutes that will give you a concrete picture of your data privacy?  Everyone is concerned about the state of their online data privacy and if there is a leak of their data on the Internet. Every day there is a new headline about how data privacy is being compromised by malware, hackers, government, telecommunications providers, Google, Facebook, Amazon, Apple, Microsoft, and on and on… Use this simple test to check and see what private data and information your computers, tablets, and devices are leaking about you right now.

5 Minutes

First, you need to be able to visualize what private data others can see about you right now. To do that, you’ll need to use a tool that can show you what online data and privacy leaks look like.  One of the best tools to see what information others can see about you online is ipx.ac When you click on the link, you should see something like the picture below. It starts with your IP Address and then performs some important analysis of data leaks, vulnerabilities, and location information. Please read on to find out everything this fast and easy tool will tell you about your identity exposure!

Question Mark Icon
Question Mark

First, you will need to click on “Test for leaks & footprints” if you have not already. Each major heading area has conveniently added a “Question Mark” box to allow you to click for an explanation. For some this will be sufficient but we are going to take the time to explain a little more information about how each of the areas data leak tests impacts your data privacy. Here is a rundown of the major result areas:

IP/IPv6 Geolocation: This information is all about where databases relate your IP Address to a physical location. Pay particular attention to the “PTR”, “ASN”, and “ISP” as these amount to fully-traceable records about what company provides your Internet Service, and specifically which node  on their network you are using. Click on the “Lat/Long” to see your City/Location on Google Maps. Rest assured the actual address of your home is associated with the PTR, ASN, and ISP data but Google maps doesn’t make that information available because it would become an obvious tool for malicious users. IPv6 is simply the newer version of the Internet Protocol (IP Address) and some networks have already upgraded.

DNS: These are the Domain Name Servers you are currently using to reconcile the Domain Name (eg, https://www.google.com) with an IP Address (eg, 123.123.123.123) used by servers hosting content. Every time internet content (movies, web pages, apps, video games, etc) is accessed the request is first sent to these servers saying, “I’d like to visit this site, please”. So, if your cable company is your Internet Service Provider and you use their DNS then *every* thing you do is first sent to them before your network connects you to your destination.

WebRTC: Also Known As “Web Real-Time Communication” is a set of tools developed to allow your browser to communicate immediately and directly with another browser (or server). Ideally, it allows for convenient video and audio communication without special apps, right from your browser. It also means any destination can request not only your “Public” IP Address (from your ISP like above) but also your “Private” IP Address – the one right on your home network, behind your firewall, passing right through your home router. This creates a link from any destination directly to your device.

Flash IP: This is the IP Address of the user as determined by the Adobe Flash application. This can create a liability similar to WebRTC where an attacker can communicate directly with your machine, passing through firewalls and routers. More, Adobe products have known vulnerabilities that can difficult to patch or secure.

Battery: If you are using a mobile device or laptop, it is possible to read and potentially affect the level of your battery. While perhaps not the worst data privacy leak, it can definitely expose you to malicious sites and code (See Below).

User Agent: This tells the server destination what your environment (OS, Hardware) is and what content works best for you. It is standard stuff but it can also be used to tailor malware, viruses, trojans, zero-days, and so on. Most folks who are worried about data protection want to obfuscate what platform or device they are using rather than it being an inherent weakness.

Browser: This is essentially an extension of User Agent but more detailed. This in combination with User Agent can be unique enough to identify a specific computer even if no other information is entered. If you do share identifying information (preferences, UserID, etc) it is stored for database validation in your Cookies.

Request Headers: Again, an extension of User Agent and Browser information about what works for your environment. This can also be used to identify a specific machine even without other identifying information.

Timezone: In what timezone does it appear this machine is located? In particular is there a discrepancy between what the internal application reveals (Javascript) versus what the IP Address Resolution to a physical city might indicate. A discrepancy reveals a data leak, as if one might be using a VPN to attempt to conceal their destination.

TCP Connection: Telecommunications Protocol (TCP) is the counterpart of Internet Protocol (IP) and thus the familiar “TCP/IP” reference to networking on the Internet. TCP and IP go hand-in-glove to facilitate network communications over the Internet. This is just yet another datapoint that can be used to compare a machines identity and location.

TLS Test: Transport Layer Security is a reference to the encryption suites used by Internet hardware and software to communicate. Consider this less of a comprehensive test than a minimum evaluation.

Now that you have a solid overview, visit this site repeatedly on different devices – laptops, smartphones, tablets, etc – and evaluate their individual data privacy and leaks.  You will find a wide variety of results by device and it is particularly advisable to test with your VPN Service. The following video shows what results might look like in an ideal scenarios, where all private data is obscured by using a mobile device connected through the Tor network.

Further Reading

Battery Level Indicator Exploit

Flash IP/Exploits

Browser Fingerprinting