Computer security

From BoyWiki

The term browser security can have various meanings, for boylovers this most often refers to the need to get rid of any tracks that a visit to boylove related web sites can leave in one's browser.

This page was created to provide a quick reference to browser security, it also contains information regarding the data that may be sent by your browser when visiting other sites, each individual is ultimately responsible for their own security. The information on this page is provided as a guide only, following the links in this page will take you to more detailed articles on the specified topics.

What information does your browser send?

When your browser sends a request for a page to a web server, this request includes a HTTP header containing information about you and your request. Typically this includes your IP number and a string called "HTTP_REFERER"[sic]. These values are stored in server logs and may be retrieved by the server admin. You can increase your anonymity by using a proxy and blocking the referrer string sent by your browser. Following is a brief explanation of each of these pieces of information.

IP Address

While you are connected to the net, you are identified by a unique number know as an IP address. This takes the form n.n.n.n (ie. 127.1.67.235). If you are using a dial-up account it may be difficult to pinpoint you from this as the number will be shared among many users of your service provider. Your IP address will be dynamic. However, if you have a broadband account such as Cable, DSL, or are surfing from an institution such as a school or company, you may have a permanent, or static, IP address. If that is the case your number points directly to your computer.

If you are concerned that your activities may be linked back to you, you can use an anonymous proxy. The proxy server will handle http requests and your IP address will be replaced by the IP address of the proxy server in http headers. Most proxy servers are vulnerable to hostile parties who may hack into or even control the server, which persuades some people to use proxy networks such as Tor, which routes data through multiple, random servers.

The links listed under a URL included at the bottom of a BoyChat post are free web-based proxy servers which will take you anonymously to the listed site. For a more permanent solution you can enter one of many free public anonymous proxies into your browser preferences to use with all your surfing. Check the external links at the bottom for a list of publicly-available anonymous proxies.

HTTP Referrer

When you click on a link embedded within a web page, your browser attempts to send the location of that page as a string known as "HTTP referrer|referrer". The address of this referring page is then stored in the logs of the server you are visiting. If you are clicking on a link from any site, the site address will be recorded along with your IP number.

As of the beginning of 2004, a new feature was added to the Free Spirits family of boards to increase anonymity by stripping out this referrer value. When you click on a link in a BoyChat post, or from BoyLinks, you will be redirected through a script called derefer. This will remove the address of the linking page. (This is the notice you receive saying "One moment, you are being redirected to ...")

The simplest way to circumvent the referrer problem when following links from non-FS sites is to open a new browser window, then copy and paste the URL (link address) into the address bar of this new window rather than clicking directly on the link. A few browsers will allow you to block the sending of the referrer in the preferences or browser settings. Doing this will enable you to click on links without fear of transmitting the location of the referring page. In Mozilla Firefox, the string "network.http.sendRefererHeader" is used to control referer settings. Changing this value to "0" in "about:config" will prevent Mozilla Firefox from sending the referring URL.

What information does your browser store?

Your web browser stores a great deal of information every time you visit a web page. This information is often stored to make it easier to later find and reload already visited web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

  1. The address in your address bar drop-down list
  2. Links to the page in your history
  3. The page itself in your cache
  4. Any embedded elements, such as graphics or scripts, separately in your cache
  5. Cookies

Address Bar and History

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leave a breadcrumb trail for others to find and follow your activity on the internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity. Many browsers allow you to change your settings to not store this information.

The Browser Cache

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, stylesheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server. The browser cache is a record of the sites you have visited and can easily be accessed by others.

Changing your browser settings to not keep a cache or history is advisable, but you still may wish to clear out these items periodically anyway.

Cookies

Cookies are small files used to by web sites to either stored settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, but they too leave their footprints for others to follow, if someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

External links