[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / hobby / tech / edu / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / git ] [ GET / ref / marx / booru / zine ]

/tech/ - Technology

"Technology reveals the active relation of man to nature" - Karl Marx
Name
Email
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

Join our Matrix Chat <=> IRC: #leftypol on Rizon


 No.12724

Okay so when I post through the onion with Javascript enabled (though the following functionality is probably also active for the clearnet users) and I export some filters between fresh sessions (between new "tor identities" / browser restarts; no persistent cookies) - leftypol JS / export filter somehow is able to track which posts I've made in previous sessions. How is this technically possible? I am under the assumption that this following string is only filtering a trip, a flag and hiding a couple of threads. Am I mistaken? Here is my export (see options -> general -> storage) of my current filters:

{"postFilter":"{\"generalFilter\":[{\"type\":\"flag\",\"value\":\"Punk\",\"regex\":false},{\"type\":\"trip\",\"value\":\"!!IQ4P2MASFU\",\"regex\":false}],\"postFilter\":{\"leftypol\":{\"56299\":[{\"post\":\"56299\",\"hideReplies\":false}],\"211384\":[{\"post\":\"211384\",\"hideReplies\":false}],\"370215\":[{\"post\":\"370215\",\"hideReplies\":false}],\"513986\":[{\"post\":\"513986\",\"hideReplies\":false}],\"638949\":[{\"post\":\"638949\",\"hideReplies\":false}],\"658188\":[{\"post\":\"658188\",\"hideReplies\":false}],\"663892\":[{\"post\":\"663892\",\"hideReplies\":false}],\"665630\":[{\"post\":\"665630\",\"hideReplies\":false}],\"667081\":[{\"post\":\"667081\",\"hideReplies\":false}],\"667613\":[{\"post\":\"667613\",\"hideReplies\":false}],\"667711\":[{\"post\":\"667711\",\"hideReplies\":false}]},\"siberia\":{\"156521\":[{\"post\":\"156521\",\"hideReplies\":false}],\"195307\":[{\"post\":\"195307\",\"hideReplies\":false}],\"199072\":[{\"post\":\"199072\",\"hideReplies\":false}],\"199963\":[{\"post\":\"199963\",\"hideReplies\":false}]},\"roulette\":{\"1614\":[{\"post\":\"1614\",\"hideReplies\":false}]},\"hobby\":{\"3012\":[{\"post\":\"3012\",\"hideReplies\":false}],\"7003\":[{\"post\":\"7003\",\"hideReplies\":false}],\"13248\":[{\"post\":\"22138\",\"hideReplies\":true}],\"15233\":[{\"post\":\"15233\",\"hideReplies\":false}],\"22130\":[{\"post\":\"22130\",\"hideReplies\":false}]},\"tech\":{\"12660\":[{\"post\":\"12660\",\"hideReplies\":false}]}},\"nextPurge\":{\"leftypol\":{\"56299\":{\"timestamp\":1640963248,\"interval\":86400},\"211384\":{\"timestamp\":1640917218,\"interval\":86400},\"370215\":{\"timestamp\":1640920665,\"interval\":86400},\"513986\":{\"timestamp\":1640920463,\"interval\":86400},\"638949\":{\"timestamp\":1640922087,\"interval\":86400},\"658188\":{\"timestamp\":1640927509,\"interval\":86400},\"663892\":{\"timestamp\":1640968217,\"interval\":86400},\"665630\":{\"timestamp\":1640962615,\"interval\":86400},\"667081\":{\"timestamp\":1640963155,\"interval\":86400},\"667613\":{\"timestamp\":1640921266,\"interval\":86400},\"667711\":{\"timestamp\":1640921023,\"interval\":86400}},\"siberia\":{\"156521\":{\"timestamp\":1640918209,\"interval\":86400},\"195307\":{\"timestamp\":1640967625,\"interval\":86400},\"199072\":{\"timestamp\":1640920604,\"interval\":86400},\"199963\":{\"timestamp\":1640963047,\"interval\":86400}},\"roulette\":{\"1614\":{\"timestamp\":1640920311,\"interval\":86400}},\"hobby\":{\"3012\":{\"timestamp\":1640963159,\"interval\":86400},\"7003\":{\"timestamp\":1640967263,\"interval\":86400},\"13248\":{\"timestamp\":1640968064,\"interval\":86400},\"15233\":{\"timestamp\":1640920316,\"interval\":86400},\"22130\":{\"timestamp\":1640968207,\"interval\":86400}},\"tech\":{\"12660\":{\"timestamp\":1640927019,\"interval\":86400}}},\"lastPurge\":1640912861}","name":"","own_posts":"{\"siberia\":[\"199614\",\"199615\",\"199617\",\"199633\",\"199636\"],\"meta\":[\"15731\",\"15732\",\"15733\",\"15735\",\"15736\",\"15755\"],\"leftypol\":[\"667584\",\"667664\",\"667681\",\"667715\",\"667812\",\"667813\"],\"tech\":[\"12703\",\"12723\"]}","catalog":"{}","password":"6mwfX$0D","email":"","user_js":"/* Enter here your own Javascript code... */\n/* Have a backup of your storage somewhere, as messing here\nmay render you this website unusable. */\n/* You can include JS files from remote servers, for example: */\n/* load_js(\"http://example.com/script.js\");*/","hiddenimages":"{}","auto_thread_update":"true","catalogImageHover":"false","imageHoverFollowCursor":"false","imageHover":"false","watchlist":"[]","hiddenboards":"{\"leftypol\":false,\"anime\":true,\"games\":true}","stylesheet":"Dark Red","youtube_embed_proxy":"tuberyps2pn6dor6h47brof3w2asmauahhk4ei42krugybzzzo55klad.onion","file_dragdrop":"true"}


Is it really the case that a cookie is involved therein? If so, are any of you able to locate it?
How can this string be able to track a unique ID in regards to my posts between renewed tor sessions?

 No.12725

disable cookies

 No.12728

>>12725
Cookies are cleared with each new tor session. That is why I'm suspecting the leftypol JS's "storage export" string, which is supposed to be for filters, includes continuous information in regards to the user's post history.
I'm trying to find out what bits of text in the string shared in the OP could convey this.

 No.12730

>>12728
i notice a lot of post numbers and "timestamp"s in it

 No.12731

>>12730
Can you specify what exactly it is I'm supposed to be looking for? What in the string is in regards to post number and its related timestamp? Could you copy that section and highlight it?

 No.12733

Don't forget to put them in code tags, or it might come out weird.
Here's how: https://leftypol.org/faq.html

 No.12734

>>12728
I think youre asking this:
>where in this string are the posts I made tracked?
>meaning, where in the string does the (You) information come from?
Right?

 No.12735

>>12734
Yes exactly

 No.12736

>>12735
I'm on mobile, so I can't really help you.
Try this:
Open a new clean session, make a post ITT, then export the JS string and paste it here.

 No.12737

fresh test post

 No.12738

>>12736
Below is the resulting Storage export after a new tor session and one single post ( >>12737 )):

{"postFilter":"{\"generalFilter\":[],\"postFilter\":{},\"nextPurge\":{},\"lastPurge\":1640983761}","name":"","own_posts":"{\"tech\":[\"12737\"]}","password":"#7+VQ*&O","hiddenimages":"{}","catalogImageHover":"false","imageHoverFollowCursor":"false","imageHover":"false","auto_thread_update":"true","watchlist":"[]","youtube_embed_proxy":"tuberyps2pn6dor6h47brof3w2asmauahhk4ei42krugybzzzo55klad.onion","file_dragdrop":"true"}

 No.12739

>>12736
Thank you anon for being an aid in dialogue through this, I think I've narrowed it down to these being the culprit:
"own_posts":"{\"tech\":[\"12737\"]}"


I will remove these manually from future Storage exports.

<Meta:

Also - this is very eye-opening / concerning. This can very readily be turned into a malicious tracker to the unsuspecting.

 No.12741

Also note:
There is nothing in the Options overview that even suggests that this JS cookie fingerprint is included in the export
An option box to tick this functionality off would be highly desirable, as this is an online community within a politically controversial, and as a result of JS implementations like these potentially self-doxable, (pseudo-?)anonymous social media (ASM) environment (social media relying on posters sharing a lot of personal information with each other).

For example say I post in a [country] general in relation to a specific region. Say I post about [specific party], say I post about [particular hobby, for example online game, or a specific sport], say I post within [specific timeline] and with [certain canvas fingerprint].
Very fast I will dox myself to anyone with access to the domain server (surely glowies will at some point, if they haven't already).
This is a problem.

 No.12743

File: 1641004182114.png (153.27 KB, 474x266, ClipboardImage.png)

>posting your local storage for real
lmao you're an idiot.

 No.12748

>>12743
Why are you spreading FUD?
It's not "local storage" as in system information, it's leftypol JS "storage" specifically as it relates to the configs and the user activity on this site.
My current maxxed one is recreatable in a matter of like 60 seconds. It's ephemeral.

Also why the fuck did you delete my last post that gave a guide on how anons can practically solve this issue right now? The password I had as a sample text was the password of a session with like one saged test post. The definition of ephemeral. Luckily I screen shot the post anticipating something like this, but since you don't allow tor posts of images I will use leftych4n as an external source for hyperlinking it here. Feel free to post the screenshot ITT, making the site link redundant if that's problem:
https://leftychan(DOT)net/b/src/1641058409650.png

 No.12754

>>12748
>Also why the fuck did you delete my last post that gave a guide on how anons can practically solve this issue right now?
because it was fun and taught you a lesson about information security.
>but since you don't allow tor posts of images I will use leftych4n as an external source for hyperlinking it here.
>you
i'm not a janny. you posted a password and I tried it on your post to make sure you were an idiot before i called you one.
>FUD
using the actual technical term for something is now FUD. ok. dont bother with leftychan, just go back to /g/ you absolute pseud.

 No.12755

File: 1641090224534.gif (1.04 MB, 444x480, giphy.gif)

>>12748
>Why are you spreading FUD?
You're literally making a baseless fearmonger jump to 'canvas fingerprints' and then bad-jacketing in >>12741 , and then there's the rest of the thread. That is inventing FUD. Piss off and take your projector reels with you.

 No.12756

>>12754
>>12755
>this blatant misdirection
Yeah ok let's just ignore that leftypol JS tracks "anon" post history to zoom in on you being able to delete a post with my ephemeral storage created specifically with test-posting ITT in mind while setting up a how-to to remove leftypol JS tracking.
Scummy fuck(s).

 No.12757

File: 1641092586605.png (89.25 KB, 250x250, ClipboardImage.png)

>>12756
>let's just ignore that leftypol JS tracks "anon" post history
How do you propose basic JS features be implemented without storing local variables? It's webdev 101.
>[the rest]
Holy shit you are retarded. Are you really this new to imageboards or just making up FUD on purpose?

 No.12761

>>12757
>How do you propose basic JS features be implemented without storing local variables? It's webdev 101.
It's obviously fucking possible since I've been posting without JS in this fucking community for 6 fucking years and since every fucking reply to you have been with cleared "own_posts" and "password" storage imports you pretentious fucking bastard.

 No.12762

File: 1641096178837.mp4 (395.21 KB, 1280x720, Thats a bingo.mp4)

>>12748
>mask comes off
yeah I think the feds could identify you just fine without compromising any servers. put me in the screencap you nonce.

>>12755
>canvas fingerprints
at least 8/tech/ generally understood what they were scared of. this is just hilarious.

 No.12763

>>12761
>how do you propose basic JS features [..]
<it's obviously possible since I've been posting without JS
haha this is gold.

 No.12764

>>12762
Yeah bro your American remotely hosted servers are truly impervious to the NSA LMAO
Whatever makes you sleep at night you stupid fuck
>>12763
I.e. I'm saying clearly JS is optional, as are implementation of post history in JS. These are not essential features in the slightest for the purpose of a supposedly ANONYMOUS imageboard website hosting highly controversial discussions and content.
>Inb4 more see-through modcuck damage control, misdirection and obfuscation

 No.12765

>>12741
You know, tor warns you when a website attempts to use html5 to fingerprint you.

 No.12766

>>12765
That happens when I select and use/upload the oekaki thing

But yes I use the wrong term in that post. I was thinking of fingerprinting more generally and then conflated it with specifically canvas fingerprinting. Being really specific I'm talking about "own_posts": "password": and the "fingerprinting" through non-obvious post history accumulation via the current implementation of the Options Storage export menu, which highlight no such information. It in fact mentions pretty much every other detail, from image sizes, to youtube proxies, to themes – but not that it also accumulates history. It would be beneficial to the anonymous userbase of this site if there was a check-box where you could simply opt out of post history cookie accumulation.

I hope I have made things clearer. I am not a computer scientist and never claimed to be.

 No.12767

>>12766 (me)
<post history cookie accumulation
Or "own_posts:" string/integer (whatever the technical term is) accumulation.

 No.12768

>>12766
It's an interesting idea for a feature. Unfortunately I'm too busy dealing with spam and ban evasion these days to actually work on things like this.

 No.12769

>>12768
Thank you for your response. As the picture is clearer now than at the start of the thread I will now attempt to write a proper ticket in regards to this in the right place, the /ttg/, as this thread has run its course.


Unique IPs: 3

[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / hobby / tech / edu / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / git ] [ GET / ref / marx / booru / zine ]