Browser leaks information featured image

Online Anonymity Test: What Data Does Your Device Leak? (Free Tool)

Last edited: September 1, 2020
Reading time: 23 minutes, 16 seconds

Are you being followed online? The answer is most likely a resolute YES. As you surf the internet, you constantly share information about your computer and internet connection with other parties. This applies to your desktop and laptop as well as your smartphone and tablet.

Part of this information exchange is necessary: without it, your internet connection couldn’t be established and websites couldn’t be properly displayed on your device. For example, a website might need to know whether you want to access the mobile or desktop version of a page.

There is also plenty of information that is being exchanged which is not necessary at all for the functioning of websites. Think of commercial tracking cookies, which follow you online and pass on information about you to commercial parties and marketers. Countless online parties attempt to follow your online movements in order to show you personalized advertisements. The abundance of information your browser shares about you can pose a risk to your privacy and internet security.

Find Out What Information You Leak Online

We have developed a free tool that allows you to see what kind of information your computer is currently exposing about you. Please note that this test does not reflect all of the data that may be collected about you online. It merely gives an indication of the types of data that other parties may see about you and what they can do with it.

So how can you protect your privacy and stop online trackers? In this article, we discuss which information others gather about you through your browser. But we also provide you with useful tips to browse the web as anonymously as possible.

What Information is Collected About You and What Can You Do About It?

Perhaps you’ve tried our tool and were shocked by the results. Or maybe you already took some steps (even unknowingly) which help you to protect your privacy to some extent. In that case it’s possible that some results from the tool don’t align with your actual situation. For example, when you are hiding your real location for the rest of the internet, our tool might not be able to trace your whereabouts. How does this work exactly? We’ll explain everything below and give you tips on how to make your online footsteps as subtle and inconspicuous as possible.

How to hide your IP address

Your IP address might just be the most important piece of information you can leak online. It’s also the first thing third parties will look for. An IP address is the ‘home address’ of your computer. With your IP address, a website can find out a lot of information about you. This includes the location of your connection, your ISP, your browsing history and the owner of your connection. Everything you do online can be traced by your ISP and numerous other parties such as intelligence services and hackers because this information is linked to your IP address.

So how do you keep your browser from leaking your IP address? If you use a VPN or an invisible proxy, the websites you visit, your ISP, the government and any other party that tries to monitor your behavior will see a different IP address. This means your own IP address will remain hidden – at least, in most cases.

When you use a VPN, the actual IP address of your computer won’t match the one shown in our test. Your VPN connection hides your real IP address and instead of your real IP address, the rest of the internet just registers the IP address of the VPN server. Moreover, unlike a proxy, a VPN encrypts your data traffic. This way, no one can see what you’re doing online and which websites you’re visiting. This improves your online security and anonymity.

Change your online location

The location shown in our tool is based on your IP address. This is the place your internet connection appears to be originating from. Although this location isn’t very precise, it’s still quite dangerous to share it carelessly on the internet. Anyone who can see your real IP address knows approximately where you are in the world.

If you want to hide your location, a VPN will help, as we already explained above. Since your virtual location is derived from your IP address, using a VPN means you’ll take on the virtual location of the VPN server. In other words, the location displayed to others will differ from your actual location. For example, if you live in the United States and use a VPN server in Germany, the location displayed could be “Berlin, Germany” instead of “New York, USA”. By hiding your IP address, you’ll also be able to hide your real location.

Please note: your browser has additional tactics to determine your location more precisely. In addition to your IP address, there are also things like Html5 geolocation which reveal information about your whereabouts. But for Html5 geolocation, you usually actively have to give permission. The following tool works with Html5 geolocation, check it out:

We found your location!

Location
Address

This tool on your site for free?

Coordinates could reveal where you are

Map with location arrowCoordinates are sets of numbers that indicate an exact place in the world. The coordinates shown in our test don’t indicate your location, but that of an internet distribution station near you. These stations are nodes of internet connections where all cables from you and other people in your area come together.

These coordinates can also be influenced by changing or hiding your IP address. When using an American VPN server, the coordinates shown in our tool might just lead to an internet substation around the corner from Google’s New York office.

Your browser knows your time zone

It’s very easy to find out what time zone your browser and device are using. If this time zone doesn’t match the time zone of your IP address, this may be a sign that you’re using a VPN or proxy to change your location. However, it could also mean the time of your device hasn’t been set up correctly. If the time zones of your browser and your location match, your online profile is more ‘credible’.

Language settings and your browser fingerprint

Even small details such as the language settings of your browser can tell a lot about you. If your browser’s language settings don’t match the language associated with the location of your IP address, this could also be a sign that you’re hiding your real location. Of course, this doesn’t always have to be the case. Many people have their browser installed in English even when that isn’t their first language. This could be the case for other languages as well.

Your language settings also contribute to your browser fingerprint (or “device fingerprint”). This fingerprint is made up of countless details about your browser and computer. A combination of exceptional details can make your fingerprint unique. This means you could still be tracked online, even when you’re hiding your IP address. If your language settings indicate a language that isn’t spoken very widely, such as Italian or Dutch, you’ll be easier to track. After all, there are fewer people who’ve installed their browser in these languages compared to, for example, English. Therefore, your language settings can make your profile more unique than you might want it to be because a unique profile helps other to identify you.

Your Internet Service Provider (ISP) sees a lot

Your internet service provider (ISP) processes all your internet traffic. All your data first goes through the ISP’s servers before being sent on to the internet. If you don’t encrypt your data, your ISP can access all this information. In fact, most ISPs are legally obliged to store user data for a set time, so intelligence services can request information if necessary. The best way to prevent your ISP from storing information about you is by encrypting your internet traffic, for example with a VPN.

If you’re already using a VPN currently, then the internet service provider shown by our tool likely isn’t your actual ISP, but that of the VPN server you’re using. Because a VPN encrypts all your data, no one, except the VPN provider, will be able to view this data. Fortunately, there are enough reliable VPN providers with a strict ‘no log’ policy. This means they’ve taken measures so even they can’t see your browser activity anymore.

What kind of connection are you using?

Wi-Fi logo on phone screenThe type of internet connection you use indicates how your data is sent and how you’re identified on the internet. There are several protocols that can control this. The type of protocol you use, says a lot about your connection. There is, for example, a difference between IPv4 and IPv6, which indicates the type of IP address your connection is using. IPv6 was introduced because the number of unique IPv4 addresses was running out.

There is also a difference between using HTTP or HTTPS. These two protocols allow communication between you and the server of a website. The difference is that HTTPS is a lot more secure than HTTP. When a website uses HTTPS, all communication is secured by TLS or SSL. This added layer of security ensures that communication can’t be intercepted that easily by third parties. Therefore, they won’t be able to see what you do exactly on that website, for example when you are filling in a user name and password to log into an account.

Use a secure operating system

If someone knows what operating system you’re working with, they also know more or less what kind of device you’re using. This information can be especially useful for hackers: the more they know about your device, the easier it is for them to find a way to steal your data or hack into your device. Leaked information allows hackers to better prepare their attack.

Browser and extensions

Automatically sharing information about your browser could potentially be dangerous as well. Depending on your browser, hackers may choose to use certain targeted tactics to invade your device. That’s why it’s important to use a secure and properly configured browser when you go online.

It’s very easy for others to figure out what kind of browser you’re using when you visit a website. If you’ve installed the Tor browser, for example, websites may not know who or where you are, but the site owners can see you’re using Tor. They might even block your access to certain pages in order to thwart Tor users.

Just like with many other snippets of online information, details about your browser can aid in creating a unique fingerprint. The more unique the browser you use, the more easily identifiable you are. This doesn’t just apply to the type of browser you’re using, but also to the settings within that browser. Do you use a spell checker or specific browser extensions? Do you use Google or a different search engine? All of these factors make your fingerprint more unique and allow websites to track you online.

WebRTC could leak your IP address

WebRTC and WebGL are relatively new features designed to make your browser more effective. WebRTC affects the functionality of your webcam or microphone while browsing. It makes online communication much easier. For example, it allows you to talk to your friends while using the browser version of Discord within seconds.

Unfortunately, while WebRTC can be very useful, it might also leak your real IP address, even when you’re using a VPN. If the IP address our tool has picked up under the heading ‘WebRTC Leak’ differs from IP address under the heading ‘IP address’, this probably means you’re using a VPN that doesn’t protect you from WebRTC leaks. In this case, your IP address can still be traced. But it’s also possible that you have WebRTC disabled in your browser.

NordVPN and ExpressVPNPrevent WebRTC leaks with a VPN: An effective and simple way to prevent WebRTC leaks is using a reliable VPN. Not every VPN is up to the task, but two VPNs with decent WebRTC leak protection are:

Prevent WebRTC leaks through your browser settings: If you happen to be using Mozilla Firefox, then you are able to adjust some settings which help you prevent WebRTC leaks. You have to turn off a feature called ‘RTCPeerConnection’. Follow the steps below:

  1. Type in the following in the address bar in your Firefox browser: about:config
  2. You will receive a warning from Firefox stating there are security risks involved when changing the configuration. Accept this warning and you will be shown a search field. Now you type in: media.peerconnection.enabled
  3. Use the button on the right side of the screen so ‘true‘ is changed into ‘false

WebRTC control firefox

Now you have to repeat step 2, but this time you type in: media.navigator.enabled. Also, make sure to toggle this one to ‘false’. These steps only work on Firefox, on other browsers like Chrome you need a VPN application or a browser extension.

Scriptsafe

Prevent WebRTC leaks in Chrome and Firefox with browser extensions: WebRTC is automatically enabled when using Chrome. You will need a browser extension to manage your WebRTC settings in Chrome. Some of these browser extensions are also available for other browsers, like Firefox. We’ll list some solid browser extensions to manage your WebRTC settings:

WebGL creates an accurate fingerprint

Although WebGL doesn’t leak your IP address like WebRTC, WebGL is an important indicator of your fingerprint. This feature enhances the graphics in your browser and is supported by JavaScript. With WebGL, you don’t need any other plug-ins or extensions: it automatically ensures your video card is optimally used in your browser.

WebGL statistics include all kinds of information about your video card, operating system, and browser. This data will still be there, even if you try to spoof it. Often, one can gain a fairly unique picture of any internet user by looking at WebGL data alone. Combine that with any other data you find, such as your language settings, time zone, and resolution, and you’ll have a unique digital fingerprint that can be tracked all over the web in no time. With this kind of tracking technology, your IP address is hardly needed anymore.

Manage WebGL settings: The options to manage your WebGL settings are limited. If you are using the Chrome browser, then you can type in chrome://flags/ in the browser search bar. After you press Enter, you will reach a menu with Google’s experimental features. You can search for WebGL functions here and either enable or disable them.

Chrome experimental settings

JavaScript and malware

JavaScript is a programming language that’s widely used. It ensures web pages are displayed correctly and allows them to be interactive. In this day and era, many websites don’t even work anymore when you turn off JavaScript. Our tool was also made with JavaScript, so the chances that you’ll see ‘disabled’ as a result are almost zero.

Although JavaScript is incredibly important on the world wide web, it also comes with a couple of security risks. Sometimes malware makes its way to devices by hiding in JavaScript codes, allowing hackers to intercept data traffic. A hacker might, for example, gain access to your financial data by injecting malicious code into the JavaScript on the digital banking environment. Therefore it’s important to be careful with JavaScript and consider to what extent you want to allow it. When browsing risky websites, such as those on the dark web, we’d advise you to disable JavaScript altogether. The Tor browser allows you to easily disable JavaScript.

Enable or disable JavaScript in Google Chrome (desktop)

To manage JavaScript in the Chrome browser on your desktop, follow these steps:

  • Click the three vertical dots in your browser
  • Click on ‘Settings
  • Click on ‘Privacy and security
  • Click on ‘Site settings
  • Click on ‘JavaScript‘. Here you can indicate whether you want to allow or block JavaScript by default for all websites. You can also indicate your JavaScript preferences for specific websites here.

Enable or disable JavaScript in Google Chrome (Android mobile)

To manage JavaScript in the Chrome browser on your Android device, follow these steps:

  • Click the three vertical dots in your browser
  • Click on ‘Settings
  • Click on ‘Site settings
  • Click on ‘JavaScript‘. Here you can indicate whether you want to allow or block JavaScript by default for all websites. In addition, you can indicate to deviate from the default settings for specific sites.

Enable or disable JavaScript in Mozilla Firefox

To manage JavaScript in the Firefox browser (desktop), follow these steps:

  1. Open the Firefox browser and type in the following in the address bar: about:config
  2. Click on Enter. You will now get a warning from Firefox that you should be careful with changing your Firefox configuration as it can affect security. Accept this and you will see a search bar. Here you type in: javascript.enabled
  3. If JavaScript is enabled, it will read “true”. If JavaScript is disabled, it will be “false”. With the button on the right you enable or disable JavaScript.

Javascript firefox

Enable or disable JavaScript in the Tor browser

The Tor browser is based on the Firefox browser. In Tor you can click on the three horizontal lines at the top right and then choose “Options”.

Tor Options

Then choose Privacy & Security in the menu on the left and scroll down. Here you can then choose Standard, Safer or Safest. To block JavaScript on non-encrypted websites, choose Safer. To disable JavaScript for all websites, choose Safest. Be aware that with the latter option many sites will function sub-optimally, but this offers the greatest degree of security.

Safety levels Tor

Additional security measures are often required for surfing with Tor, because Tor offers you little protection by default compared to other browsers. Tor prioritizes an ultimate free internet experience by default. This means that you can visit almost any site through Tor, no matter how dangerous or debatable that site may be. There are (of course) substantial security risks attached to this. It is therefore recommended that you have your JavaScript settings in Tor (as well as other security settings and precautions) in order.

Clear your cookies

Computer cookies on screenCookies are tiny files websites can store in your browser. This allows third parties to follow you online. In some cases, this is very useful. You might no longer have to log in on the same website every time you visit. The cookie on your browser remembers your login details and gives you immediate access. As soon as you press enter, you’ll automatically be logged into your account.

The downside of cookies is that they can be used to track your online behavior. The information they collect can be used against you, even in seemingly small ways. If you visited a particular page on an online store to look at a nice pair of shoes, for example, cookies will keep track of this. You’ll likely soon start seeing advertisements offering the same or similar shoes all over the internet. This is a marketing technique that is aimed at trying to sway you to buy these products anyway.

Since these legal online tracking practices can really affect your online experience, it’s wise to regularly empty your cache. This will delete all cookies stored in your browser. As a result, you may have to log in to your favorite websites all over again, but you’ll at least be rid of all those personalized ads.

Your screen resolution affects your digital fingerprint

The results that appear in our tool under screen resolution indicate the size of your monitor and your screen. Websites need this information to decide what data to send to your device. After all, they can’t show the same version of their website on a smartphone as on an extra-wide computer screen.

Any details about your screen’s resolution can, however, also be used in browser fingerprinting. Unique screen sizes in combination with unique language and time settings, for example, can paint a very accurate picture of who you are and when you visited certain sites.

Browser permissions

Your device is often full of sensors, hardware, and smart meters. With browser permissions, you determine which functionalities of your device the browser has access to. A distinction is made between the following browser permissions:

  • Geolocation: With this permission, the browser has the option to find out the location of a user.
  • Midi: Some user agents have music devices, such as synthesizers, keyboard and other controllers, and drum machines connected to their host computer or device. The widely adopted Musical Instrument Digital Interface (MIDI) protocol enables electronic musical instruments, controllers and computers to communicate and synchronize with each other. MIDI does not transmit audio signals: instead, it sends event messages about musical notes, controller signals for parameters such as volume, vibrato and panning, cues and clock signals to set the tempo, and system-specific MIDI communications (e.g. to remotely store synthesizer-specific patch data).
  • Background-fetch: A method to allow large uploads and downloads in the background.
  • Background-sync: A method for synchronizing web applications in the background.
  • Accelerometer: The browser collects information regarding acceleration in every direction (X, Y en Z-axis of a device).
  • Gyroscope: The browser monitors the rate of rotation around the device’s local three primary axes.
  • Magnetometer: This specification defines a concrete sensor interface to measure the magnetic field in the X, Y and Z axis.
  • Clipboard write / clipboard-read: These permissions regulate the browser’s access to the clipboard.
  • Notifications: Display notifications to the end-user, typically outside the top-level browsing context’s viewport.
  • Camera: The browser can access your device’s camera.
  • Microphone: The browser can access your device’s microphone.
  • Push: The Push API enables sending of a push message to a web application via a push service. An application server can send a push message at any time, even when a web application or user agent is inactive. The push service ensures reliable and efficient delivery to the user agent. Push messages are delivered to a Service Worker that runs in the origin of the web application, which can use the information in the message to update local state or display a notification to the user.
  • Speaker: A specific permission based on HTMLMediaElement.setSinkId(). This permission is usually not supported yet by many browsers.
  • Ambient-light-sensor: A sensor to monitor the ambient light level or illuminance of the device’s environment.
  • Display-capture: Allows the browser to capture part or all of a screen for streaming, recording, or sharing the footage.
  • NFC: Near Field Communication (NFC) enables wireless communication between two devices at close proximity, usually less than a few centimeters. It’s used for electronic payments, amongst other things.

Do Not track

With the ‘Do Not Track’ function in your browser you indicate that you do not want to be followed by external parties when browsing, such as advertisers. If you enable ‘Do Not Track’, a request will be included in your browsing traffic. The outcome of this depends on whether a website responds to the request and how the request is interpreted. For example, some websites may respond to this request by displaying advertisements that are not based on other websites you’ve visited. However, many websites will continue to collect and use your browsing data, for example, to improve security, deliver content, services, advertisements, and recommendations on their websites and generate statistical reports.

You can activate ‘Do Not Track’ through your browser settings, but some adblockers also activate the ‘Do Not Track’ function as well.

  • Activate or deactivate Do Not Track in Chrome of Firefox.
  • A good ad blocker of which we can confirm it supports ‘Do Not Track’ is Privacy Badger.

User Agent

De User Agent is a string of data in the form of a header. Several variables that we discuss in our tool, are sent as part of the User Agent. For example your operating system and the type of browser you are using.

The User Agent gives away quite a lot of information about you already, contributing to your unique browser fingerprint that enables others to identify you.

Referrer

The referrer is the page you came from when you clicked through to the page with our tool. This can be another page on VPNoverview.com, but can also be an external website. If you are on website X and click on a link to website Y, website Y can see from the referrer which site you originally came from (website X). This can pose a privacy risk, depending on what additional information is available to the website you’re visiting.

Final Thoughts: Is It Possible to Avoid Being Followed Online?

Our tool gives an impression of the kind of information third parties might use to identify or track you online. All it took for you to share this information with our tool was browsing our website and clicking a button. Each system has its own unique settings and combinations of features, so there are in fact some differences between websites in how much information they register about you. Just keep in mind that almost every internet user can be observed when browsing the web, to an extent.

With the growing popularity of browser fingerprinting, tracking your IP address is no longer the only way websites, governments, and other parties can track your online behavior. Fingerprinting is a very invasive practice that can hardly be stopped. As a web user, you have little control over who collects and stores your information and who is able to follow your online moves. No matter what you do, you’ll likely still have a unique profile that people can track if they really want to.

This doesn’t mean you should give up, however. Your online privacy and safety are important and should be guarded as much as possible. When you use a VPN that doesn’t allow for WebRTC leaks, your real IP address will remain hidden. Combined with a good adblocker, this already makes a huge difference. You can also spoof your data or intentionally use generic browser settings to make your fingerprint less unique.

Computers are complex and tracking techniques continue to become more and more invasive. Still, with the right knowledge and tools, you’ll be able to protect yourself on the internet. Hopefully, our tool has provided some insights into what information websites could potentially be gathering about you.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of VPNoverview.com. Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.

More articles from the ‘Anonymous Browsing’ section

Comments
Leave a comment
Leave a comment