The ultimate Online Privacy Test Resource List

Whenever you connect with a program to an Internet resource, a web browser to a website for instance, information are revealed to the server hosting the resource.

That's automatic, and often not the only thing happening. If that site loads resources from other servers, they too gain information, and depending on what is running on the site and supported by the browser, additional information may be revealed.

Usually, information such as your computer's IP address, a user agent that reveals browser, operating system and language, and a handful of other information are revealed automatically during connections.

While there are methods available to hide or block certain information from being made known to sites you connect to, there are also methods that sites can use to find out more about you.

Online Privacy Test Resource List

ip-address-leak

Online privacy tests help you find out what kind of information your browser (or other programs) reveal.  The information itself is useful, but you can also act upon it, for instance by disabling certain features in the program you are using if you don't require them.

You find two listings below. The basic tests listing contains resources that perform simple tests (usually one) only while the advanced tests listing resources that run a series of tests.

Basic Tests

Add-ons / Plugins

NameWhatLink
Firefox Addon DetectorChecks if certain Firefox add-ons are installedhttps://thehackerblog.com/addon_scanner/
Flash Player System TestLists information about Flash Playerhttps://www.browserleaks.com/flash
Flash Player TestChecks whether Adobe Flash Player is installedhttps://www.adobe.com/software/flash/about/
Java TestTests whether Java is installedhttps://www.java.com/en/download/installed.jsp
Silverlight TestReveals information about Silverlighthttps://www.browserleaks.com/silverlight

Email

NameWhatLink
Email IP LeakFinds out whether your email provider leaks your IP addresshttp://emailipleak.com/
Email Privacy TesterTests whether your email client leaks back information to the sender of an emailhttps://emailprivacytester.com/
Email TraceRun reverse email look ups or email header traceshttp://www.ip-adress.com/trace_email/
Have I been pwnedCheck if an email account has been compromised in a data breach.https://haveibeenpwned.com/
PwnedlistCheck if your email address information have been leaked as part of an attack.https://pwnedlist.com/

HTML5

NameWhatLink
Battery Status APITests the status of the batteryhttp://pstadler.sh/battery.js/
Canvas FingerprintingChecks whether Canvas can be used to fingerprint the browserhttps://www.browserleaks.com/canvas
Hard Drive Fill TestTests whether sites can fill your hard drive with datahttp://www.filldisk.com/
HTML5 Features DetectionChecks HTML5 capabilitieshttps://www.browserleaks.com/modernizr
HTML5 Geolocation TestTries to look up your location in the worldhttps://www.browserleaks.com/geo
HTML5 TestTests the browsers HTML5 capabilitieshttp://html5test.com/
WebRTC Leak TestTests whether local or public IP addresses are leakedhttps://www.perfect-privacy.com/webrtc-leaktest/
WebRTC TestTests WebRTC capabilitieshttps://test.webrtc.org/
http://whatismyipaddress.com/webrtc-test

IP Leaks

NameWhatLink
Check my Torrent IPCheck which IP address is revealed to peers and trackers when you use torrent clients.https://torguard.net/checkmytorrentipaddress.php
Content Filters and Proxy TestTests network filters, TOR browser and local content filtershttps://www.browserleaks.com/proxy
DNS Leak TestTests whether your IP address is leaked by DNShttps://www.dnsleaktest.com/
DNS Spoofability TestComprehensive analysis of DNS resolving nameservershttps://www.grc.com/dns/dns.htm
IP MagnetReveal which IP address BitTorrent clients reveal to peers and trackers.http://ipmagnet.services.cbcdn.com/
Whois TestReveals IP address, host name, IP address location information and other IP related informationhttps://www.browserleaks.com/whois

Privacy Management

NameWhatLink
Google Account HistoryDisplay Google-related activities such as your search history or location history. Includes deletion options.https://www.google.com/settings/accounthistory
Facebook Activity LogLists your Facebook activity such as likes, posts and such. You can edit any item or remove them from the log.https://www.facebook.com/me/allactivity
YouTube Video History / Search historyDisplays videos that you have watched and your YouTube search history.https://www.youtube.com/feed/history

SSL

NameWhatLink
Bad SSLTests how the browser handles certain SSL certificates and other SSL-typeshttps://badssl.com/
FREAK Attack: Client CheckTests whether your browser is vulnerable to the Freak Attackhttps://freakattack.com/clienttest.html
Heartbleed testTests a server for the Heartbleed vulnerabilityhttps://filippo.io/Heartbleed/
RC4 Fallback TestRuns a Fallback Vulnerability testhttps://rc4.io/
How's My SSLChecks SSL support and provides a ratinghttps://www.howsmyssl.com/
SSL CheckReveals the SSL cipher used to connect to the websitehttps://www.fortify.net/sslcheck.html
SSL Cipher Suite DetailsLists all cipher suites supported by the browserhttps://cc.dcsec.uni-hannover.de/
Weak Diffie-Hellman and the Logjam AttackTests whether your browser is vulnerable to the Logjam attackhttps://weakdh.org/

Misc Tests

NameWhatLink
BrowserReconFingerprinting test based on user agenthttp://www.computec.ch/projekte/browserrecon/?s=scan
Browser Referer HeadersBrowser referer headers test suite.https://www.darklaunch.com/tools/test-referer
Do Not TrackDetects support for Do Not Trackhttps://www.browserleaks.com/donottrack
Evercookie TestChecks if persistent data can be saved to the local user system.http://samy.pl/evercookie/
JavaScript Browser InformationLots of information about the browser's JavaScript capabilitieshttps://www.browserleaks.com/javascript
Popup Blocking TestsTests how well your browser handles (blocks) popupshttp://www.kephyr.com/popupkillertest/index.html
Redirect test pageRun a series of redirect tests to find out how your browser handles thosehttps://jigsaw.w3.org/HTTP/300/Overview.html
System Fonts DetectionUses CSS+JS, Flash, Silverlight or Java to detect fontshttps://www.browserleaks.com/fonts
Universal Plug n'Play (UPnP) Internet Exposure Testhttps://www.grc.com/x/ne.dll?rh1dkyd2

Advanced Tests

NameWhatLink
Am I UniqueTests whether the browser is unique by checking the following information: User-agent, Accept, Content Encoding, Content Language, List of Plugins, Platform, Cookies, Do Not Track, Timezone, Screen Resolution, Use of local storage, Use of session storage, Canvas, WebGL, Fonts, Screen resolution, Language, Platform, Use of Adblockhttps://amiunique.org/fp
Browser SpyRuns the following individual tests: Accepted Filetypes, ActiveX, Adobe Reader, Ajax Support, Bandwidth, Browser, Capabilities, Colors, Components, Connections, Cookies, CPU, CSS, CSS Exploit, Cursors, Date and Time, DirectX, Document, Do Not Track, .Net Framework, Email Verification, Flash, Fonts via Flash, Fonts via Java, Gears, Gecko, Geolocation, Google Chrome, Google Apps, GZip Support, HTTP Headers, HTTP, Images, IP Address, Java, JavaScript, Languages, Mathematical, MathML Support, MIME Types, Mobile, Network, Objects, Object Browser, Online/Offline, OpenDNS, OpenOffice.org, Opera Browser, Opreating System, Google PageRank, Ping, Plugins, Plugs, Prefetech, Proxy, Proxy, Personal Security Manager, QuickTime Player, RealPlayer, Resolution, Screen, Security, Shockwave, Silverlight, Sound Card, SVG, Text Formatting, File Upload, User/Agent, VBScript, WAP Device, WebKit, Web Server, Window, Windows Media Playerhttp://browserspy.dk/
Cross Browser Fingerprinting TestTests locality, operating system, screen resolution, time zone, User Agent string, HTTP Accept, Plugins, Fontshttp://fingerprint.pet-portal.eu/#
IP LeakRuns the following tests: IP address, location, WebRTC IP detection, Torrent address detection, Geolocation detection, IP details, Geek details (user agent, referer, language, content encoding, document, system information, screen information, plugins, HTTP Request headershttps://ipleak.net/
IP LookupChecks IP address, browser user agent, refererhttp://www.ghacks.net/ip/
Five Star Privacy CheckerChecks IP address, location, ISP, DNs, Blacklisted or Proxy use, IP location, Script usage such as ActiveX, JavaScript, Java and Flash.http://5who.net/
Jondonym Full Anonymity TestTests IP, location, net provider, Reverse DNS, Cookies, Authentication, Cache (E-Tags), HTTP Session, Referer, Signature, User-Agent, SSL Session ID, Language, Content Types, Encoding, Do Not Track, Upgrade-Insecure-Requestshttp://ip-check.info/?lang=en
PanopticlickTests Supercookies, Canvas Fingerprinting, Screen size and color depth, browser plugins, time zone, DNT header, HTTP Accept headers, WebGL fingerprinting, language, system fonts, platform, user agent, touch support and cookieshttps://panopticlick.eff.org/
PC FlankA whole battery of tests including: Stealth Test, Browser Test, Trojans Test, Advanced Port Scanner, Exploits Test, PC Flank Leaktesthttp://www.pcflank.com/index.htm
Onion Leak TestFor CORS and WebSocket Requestshttp://cure53.de/leak/onion.php
WhoerComprehensive test suite that tests for IP address, location, ISP, OS, Browser, Anonymity settings such as DNS, Proxy, Tor, Anonymizer or Blacklist, Browser headers, whether JavaScript, Flash, Java, ActiveX or WebRTC are enabled, time zone, language settings, screen information, plugins, navigator information and HTTP headershttps://whoer.net/

Now You: Please help make this the best privacy test resource online by sharing resources not on this list already.

Summary
Article Name
The ultimate Online Privacy Test Resource List
Description
The ultimate online privacy test resource list is a collection of Internet sites that check whether your web browser leaks information.
Author
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to The ultimate Online Privacy Test Resource List

  1. Tom Hawack December 28, 2015 at 6:40 pm #

    Gorgeous. Many more than I was aware of.

    As I see it, in terms of privacy the keystone remains the user's IP. If it's not faked than all other privacy tools are somewhat useless, but if it is faked (with a good and reliable VPN) then all other privacy tools can make the difference and even the very pertinence of a hidden IP : not only a VPN user would be recognized if other tools are not active but moreover that user would be spotted as hiding himself, which is like a double slap!

    I may be wrong but, consequently, if IP is true then privacy tools aren't really worth it. Am I wrong?
    I forgot one thing though : how can a site be sure the user's spotted IP is not faked? if it has no means to be totally sure than my above argumentation would be invalidated.

    Reminds me "Secret Agent Man" sung by Austin Powers, way back in time :)

    • Pants December 28, 2015 at 8:09 pm #

      "then privacy tools aren't really worth it. Am I wrong?"

      No privacy isn't worth it. Anything that increases privacy/security and reduces tracking/fingerprinting is good. "Privacy" tools can be used to block adverts (that's not only visually nice and speedwise better, but also a security issue), "Privacy" tools can be used to enhance/strengthen your encryption.

      "Privacy" is a bit of a mixed term - IMO there are really FOUR items here: security, privacy, tracking and fingerprinting; and while they can have overlap (sometimes a lot) they are all decidedly very distinct different things, and the overlap that occurs is a result of effects, not design (eg, you use encryption (tls/ssl/pfs etc) for security reasons (to keep data secret and going to and from the correct sites), but as a consequence, you get added security (eg from MITM attacks) and added privacy (eg, among many other things, sites that use https won't leak individual page visits to your isp etc, or PFS means that broken keys (eg by the NSA) won't compromise previous communications etc.

      To answer your question about IP, it depends. In a wired article (I think it was wired) a few weeks ago, someone asked five security experts what mobile device (smartphone, tablet) would they buy/consider the most secure - and all of them first asked "In what context? is the threat from employers, from family, from states, from hackers etc"?. So there is no definitive answer, I guess is what I am saying. There are variables here - for example I could be using public wifi, I could be wardriving, I could be using a prepaid disposal mobile data stick (bought with cash by a faceless bum off the street in another city) and so on. Or I could be using an ISP not tied to my name (but tied to a company) .. or it could be tied to me directly. The ISP would still have to reveal who I am - so my privacy is pretty much OK here (assuming I follow good OpSec), and only court orders/laws would reveal who I am. So it really depends who you're trying to hide from - advertisers or state operators or the MPAA and so on.

      Its really about OpSec. For example, it would be silly for me to spoof my timezone (to the most common one, which is I think UTC +1) to reduce my fingerprint when other factors (such as locale and even date formats can contradict this) and especially my real IP would put me in another timezone completely - I would stand out.

      Bad OpSec is very common - most people would fail, instantly, immediately. Almost everyone would fail eventually. You can do it right a thousand times, but all it takes to connect the dots is one mistake. Three examples of IP ones off the top of my head 1) some guy issued a bomb treat at a university via TOR and he was the ONLY one in the entire campus who was connected to the tor network at the time 2) lulzsec dude leaked his real IP when his VPN went down for a few seconds (note to martin .. article on VPN chaining!) - and also he kept IRC logs the silly twat and 3) Dread Pirate Roberts confirmed as Silk Road operator when his monitored ISP network traffic showed him in and out of TOR at the same time as posts by DPR (there were other factors but they still had to confirm before they busted down his door etc).

      As for advertisers and IPs - screw advertisers - if they want to track me via IP ranges, it's much the same as a VPN range. The key here is not to leak them your real ID and block the JS/XSS and adverts themselves in the first place. They have enough other metrics and methods - cookies, login accounts (amazon, youtube/gmail/google, facebook etc - these are the global advertising giants - and you probably leak your IP to one or some or all of them ALL the time). Not sure a VPN would help really, they're already tracking via other means and 90% of people don't care. They're not going to work *that* hard to get an extra 2 or 3% of profiling.

      • Tom Hawack December 28, 2015 at 10:04 pm #

        Security, privacy, tracking and fingerprinting, each with its specificity and all overlapping occasionally. OK.
        A true spider's web, a multi-dimensional labyrinth. Which explains that even pros can get caught in the nest.
        Interesting comment as always, Pants.

        In fact there's no winning system. It's an everlasting race, from and towards. Or you don't run at all, which is more a fatality than a choice for most of us. I'll keep in mind the link between what me aim for, in terms of security and privacy, and the context. Define the context and know its rules, before all. Good point.

      • Jason December 28, 2015 at 11:31 pm #

        Tom, that's a good question about VPNs, and I think Pants' "it depends" answer is the best one anyone could give.

        But we can look at this backwards as well. Does using a VPN actually increase your "fingerprintability"? I would say "yes".

        Most VPN server IP addresses are actually known by large corporations and government agencies. (If they weren't known, Craigslist wouldn't be able to block VPN users the way it does...) This creates an interesting paradox for VPN users. On the one hand, they are hiding their true IP address, but on the other hand, the Googles and NSAs of the world KNOW they are hiding it. Now if you add a long list of security addons to your browser together with the VPN, without thinking about what you are doing, you will probably out like a neon sign on a dark night.

        But I still use a VPN (and recommend it to absolutely everyone) because the tradeoffs generally work in my favour. For example, while my uniqueness within a browsing session increases, my personally identifiable metadata decreases. In other words, I'm gaining user anonymity at the expense of increased fingerprintability. Plus, once I start a new VPN session, I will have a new IP address that cannot immediately be linked to my previous one, so my actions from one session to the next remain disconnected (especially if you change your time zone / user agent / screen resolution from time to time). Moreover, even if someone tracks me within a session, they don't know the content of my communications because the VPN encrypts them, i.e. I'm getting data privacy together with my anonymity.

        It's all very messy! My gut feeling is that a VPN with 2 or 3 *good* security addons and some intelligent user behaviour creates a satisfactory security blanket against mass surveillance. (Things are different if you have a determined adversary, but that goes beyond what we're talking about here.)

        Pants wrote: "note to martin .. article on VPN chaining!"
        > Another article would be on using ddwrt to cut the internet connection at the router itself when the VPN connection is lost. That's my current project...

      • Tom Hawack December 29, 2015 at 12:12 am #

        @Jason,
        " I'm gaining user anonymity at the expense of increased fingerprintability [with a VPN]" like if the cops said "We have a Bozo in town, spotted, but no idea who he is.".

        A naive question concerning the limits of Big Ears (far more numerous than those of Uncle Sam alone) : we read once in a while that it has been impossible to localize the origin of a cyber attack. This would mean that it is possible to escape totally to a government control whatever sophisticated it is once you have the knowledge, the talent and the intelligence, or does this mean that the escape is only temporary given, as Pants pointed out, that "Bad OpSec is very common - most people would fail, instantly, immediately. Almost everyone would fail eventually.". I mean, is it human failure or a technological issue in time (things can work now but never eternally) that leads to the discovery of the hiders? Are they all known, by the way?!

        I started discovering the Web in December 2000. I remember posting then my name, my email (never my real physical address nevertheless) until some users told me "Hey, beware, you're gonna have problems" (mainly with spam). Fifteen years later I've gained in caution what I've lost in spontaneity. Not sure it was a good deal.

      • Pants December 29, 2015 at 12:59 am #

        @Tom "..leads to the discovery of the hiders? Are they all known, by the way?"

        That depends who the hiders are hiding from. Answer, absolutely not, because so much data has been collected that it's almost impossible to sift thru - the needles in a haystack.

        There are some very very very smart people out there who are doing things to help. And then there are huge government resources being spent - just think of all the equipment for sale (see the intercept), think of the info from the Snowden docs which is the tip of the iceberg, think of things like an entire country's telecommunications being recorded and kept for a rolling month-long period. And all this in an ever-increasingly fast-changing technological environment. Think of IoT and all the security holes to come.

        Even using what you would consider to be safe, can lead to your downfall (I wish I could find the article). Here's one for you: a gang uses prepaid burner phones, they change them every day. They are bought from sources that will not record their faces. The phones run Cynamod or somethng. The phones use secure methods of text/voice (eg silent circle etc). They are programmed to only allow calls to each other. Software algorithms already in place can detect this pattern - i.e a select.small group of phones with previously unused or out-of-circulation numbers suddenly springing to life (cell tower connections). An example of OpSec here would be to have a Faraday bag for the phone - and only check in in public places with crowds (this would have been real tinfoil hat nutter's crackpot stuff a few years ago). Here's an example of bad OpSec - said phone red-flagged by the scary govt men is turned on at the perp's house. And the perp thought he was safe. This is an example of an immature tech - until it becomes more mainstream, it only helps to make you stand out - which is Jason's point.

        The underlying issue here is that the internet was never designed with security in mind. Neither was email. Neither were telephones. Anything done since then has been a patch, not a final solution. Add to that the fact that govts are stipulating other measures, such as data retention - or trying to, such as no anonymized domain registrants - or are being aholes, such as weakening encryption. The list is endless. Add in startups and internet companies (your ISP eg verizon/comcast - as well as google, twitter, facebok etc), your hardware/service companies (tvs, onstar road stuff, etc) and advertisers - who are all out to monetize you, and we're screwed.

        Until something becomes mainstream - it's hard to fight the good fight. After the Snowden leaks, a lot of companies implemented https (perfect forward secrecy as well, and other things such as DNSSEC etc), eg google between its own servers, all? google services, youtube .. and other large chunks of the internet. Now a large percentage of traffic (but a very small percent of sites) use encryption - this is good. Now we can hide in it - my midget & goat porn is hidden. Imagine if 20% of the world's traffic was TOR. Imagine if 50% of people used VPNs. The downside to this is govts (and companies thru lawsuits) will simply outlaw it or deter investors/use - see Australian politicians such as Brandis and others spouting off about things they don't understand - see NZs ISP Slingshot being threatened in court by Sky (TV) over their "global mode" (basically a free VPN for all slingshot users). And as fast as we close the holes, new ones open up - eg flash can die, but HTML5 poses new threats, or we have a pretty mature secure OS in Windows7 and then Windows8+10 come along with all its asshattery.

        PS: For a jolly good read I recommend two of Cory Doctorow's books (they are free from his website - http://craphound.com/ ) - "Little Brother" and its sequel "Homeland"
        - https://en.wikipedia.org/wiki/Little_Brother_%28Cory_Doctorow_novel%29
        - https://en.wikipedia.org/wiki/Homeland_%28Cory_Doctorow_novel%29

      • Jason December 29, 2015 at 2:42 am #

        @Tom: I think your friends advised you well! :)

        What you are basically describing is the unfailing memory of the internet. If you do something online, you must assume that a record of this activity will remain somewhere forever. This is why I tell my friends to be careful with their posts / searches / site visits NOW, because it will be too late to change their behaviour one day in the future when they may have a greater need for privacy. You can't go back and undue the past. The EU has tried to legislate this by forcing Google to "forget" people who want to be forgotten, but of course Google can only make these people disappear from Google searches; it cannot delete the various electronic records that are dispersed all over the internet.

        Similarly, I would apply the same principle about the internet's "memory" to data encryption. If you transmit encrypted data with your VPN today, you must assume that a copy of these data may remain somewhere for years to come, and that this copy will be easily de-cryptable at some point in the future. Whenever we hear these stories of hackers breaking into a big online company's database and stealing millions of pieces of user data, the company always assures us, "Don't worry, the data were encrypted!" Well, if I were a hacker, I'd just hold onto those gigabytes of encrypted data until technology allowed me to decrypt them. Why not? And with the pace of technological change, I probably wouldn't have to wait more than 2-5 years.

      • Tom Hawack December 29, 2015 at 10:34 am #

        @Pants, @Jason, all this is most interesting and I realize how little I know the networks compared to you guys.
        To sum up, the Web is far more complex than I ever imagined and far less defined by clear boundaries between the "good" and the "bad" guys. We are somewhere over the rainbow, beyond good and evil, in fact in an environment which corresponds to the dialectics of war, that is, different (and possibly opposed) references to what is legitimate and what is not.

        Caution for us all, curiosity as well, imagination when being aware that reality is always more than the tip of the iceberg. Knowledge, as always the best contribution to avoid paranoia. Last but not least, brotherhood, which does exist on our networks as surprising as it may seem when it is continuously confronted to the uncertainty of the cyber world.

        And the beat goes on.

  2. RG December 28, 2015 at 6:47 pm #

    Thumbs up Martin, very useful. Happy Holidays.

  3. ozar December 28, 2015 at 6:57 pm #

    Now, that is what I'd call a comprehensive resource list... thanks, Martin!

  4. Made December 28, 2015 at 7:05 pm #

    Made in Germany
    Thank you Martin

  5. Gary D December 28, 2015 at 7:33 pm #

    Another excellent article Martin. Thank you !
    After all your hard work this year, I think that it is about time for you to sit down with a few glasses of schnapps and enjoy a "Good Slide into the New Year"

  6. Onur December 28, 2015 at 8:00 pm #

    Very good Martin.

  7. Pants December 28, 2015 at 8:35 pm #

    https://emailprivacytester.com/

    "this [website] will send you a specially crafted email which uses a variety of techniques, to attempt to send information back to this server when read. It will then display the results for you."

    I've used it before, and passed with flying colors because I only allow plain text by default in my email client and don't auto download anything. I just tried it now and it seems to just queue the email to send me, and that's it .. nothing happens.

    • Martin Brinkmann December 28, 2015 at 8:47 pm #

      Great, added :)

      • Pants December 28, 2015 at 9:10 pm #

        Ahh OK .. it took a while to come through, but did eventually

    • Martin Brinkmann December 28, 2015 at 8:58 pm #

      Thanks, have added them (with the exception of two (one I had already, the other returned not found (https://filippo.io/Badfish/))).

    • Cyrus Wong March 9, 2017 at 11:56 am #

      Nice one, the popup test is really practical. I see a large of fail in Test 12 LOL...Mine passed..as I use uBlock to block popup as well~

  8. Brian December 28, 2015 at 8:59 pm #

    For the badssl site, is there an explanation as to what the results mean once clicked? Some offer a brief description, but I'd love to understand what each means in depth, if what I'm seeing is good or bad and if bad, what might be done to secure said problems.

    Great list btw

    • Martin Brinkmann December 28, 2015 at 9:31 pm #

      I'm not aware of any documentation. The tests performed check how your browser reacts when certain SSL-related configurations are encountered.

      • Pants December 29, 2015 at 11:47 am #

        It should be pretty simple to work out - red=bad, yellow=indifferent/optional/may-be-obsolete-soon, green=good

        For example, under Diffie-Hellman, if you click on the dh1024 link, you either see a page or FF blocks it with a warning.

        // 1210: disable 1024-DH Encryption
        // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
        // WARNING: may break some obscure sites, but not major sites, which should support ECDH over DHE
        user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
        user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);

        At the very top, second set down, about sha1 .. if you click sha1 2016
        - this relates to security.pki.sha1_enforcement_level where the default value of 2 only allows sha1 until the end of 2015

        Under mixed are clicks for mixed content (content from http & https)

        // 2609: disable insecure active content on https pages - mixed content
        user_pref("security.mixed_content.block_active_content", true);
        // 2610: disable insecure passive content (such as images) on https pages - mixed context
        // current default is false, am inclined to leave it this way as too many sites break visually
        // user_pref("security.mixed_content.block_display_content", true);

        And so on.

        If you click a red one and see a web page, you need to sort that out
        If you click a yellow one and see a page, it may need some investigation

  9. Brian December 28, 2015 at 10:04 pm #

    Thanks for the reply and again for the list. I'll do a little searching and if I find anything, I'll post any useful links.

  10. Jason December 28, 2015 at 10:59 pm #

    Holy cow! Thanks Martin, this list is amazing.

  11. Maou December 29, 2015 at 2:56 am #

    Nice one Martin! That's one hell of a list.
    Bookmarked!

  12. wybo December 29, 2015 at 9:39 am #

    Yet another very interesting article and a great list of resources .

    Have a great 'Urlaub' Martin.

  13. Rollo December 29, 2015 at 10:19 am #

    Browser referer test
    https://www.darklaunch.com/tools/test-referer

  14. Yossarian December 29, 2015 at 11:26 am #

    Battery of tests
    http://www.pcflank.com/index.htm

  15. Evelyn Spencer December 29, 2015 at 12:48 pm #

    https://whoer.net/
    http://5who.net/

    • Pants December 29, 2015 at 3:15 pm #

      whoer: (nice little set of checks there)
      "Your anonymity: 100%
      Your anonymity measures are safe or you don't use them"

      • Martin Brinkmann December 29, 2015 at 8:41 pm #

        I think it checks whether it can detect if you are using anonymity services. If you do and it cannot, that's good, otherwise, it is bad

    • Martin Brinkmann December 29, 2015 at 8:43 pm #

      Added, thanks a lot for those links!

  16. Pants December 29, 2015 at 3:29 pm #

    Heartbleed Test
    https://filippo.io/Heartbleed/

    Its from the same guy who set up the now defunct Superfish one (https://filippo.io/Badfish/)
    His website warrants a little reading, could be interesting

  17. b December 29, 2015 at 3:54 pm #

    Hi Martin
    how about a list of VPN providers that also offer tracker protection? I only know of disconnect.me that unfutunately do not support Linux. You posted a link on you patreonsite not that long ago with an overwiev of security/privacy minded emailproviders. something like that would be great in another thread.

  18. Noah Brodi December 30, 2015 at 7:08 am #

    A terrific list of resources for online privacy. Consider adding the following (source: http://www.cogipas.com/internet-privacy-resources/):

    - Panopticlick (https://panopticlick.eff.org/): EFF’s tool determines how unique is your browser configuration

    - Email Trace Tracking (http://www.ip-adress.com/trace_email/): reverse email trace searches

    - IPLeak.net (http://ipleak.net/), ipMagnet (http://ipmagnet.services.cbcdn.com/) & TorGuard (http://torguard.net/checkmytorrentipaddress.php): detect whether your true IP address is leaking when torrent file-sharing

    Thanks!

    • Martin Brinkmann December 30, 2015 at 11:49 am #

      Thanks Noah, added your resources (will take some time to go through the first resource which I have not done yet).

  19. b December 30, 2015 at 3:21 pm #

    thank you Martin, Wrai & Pants for the links. Appreciate.

  20. herman maldonado December 30, 2015 at 6:12 pm #

    your site, truly, never disappoints. thx (to you AND all the others) for the great info (and conversations, debates etc.) always.

  21. Rollo December 31, 2015 at 5:47 pm #

    Another popup blocking test site:
    http://www.popuptest.com/

  22. justakiwi December 31, 2015 at 8:51 pm #

    Thanks for all the links and comments here,
    this site rocks!!
    have a safe and blessed new year

  23. Andy February 4, 2016 at 1:35 pm #

    Awesome list.
    This one tests for quite a few things (including real IP, WebRTC, ad blockers and web proxies) - http://do-know.com/privacy-test.html and has password test too http://do-know.com/password-strength-test.html

    Good list of web proxies here - https://www.new-proxies.com/index.php?p=main&page=5

  24. Steve September 1, 2016 at 2:34 pm #

    Great list, but is there a list of extension and/or userscripts and/or browsers that help defeat many of the methods used by these sites? For example, one that spoofs canvases, fonts, the JavaScipt Navigator object, etc.?

  25. Anonymous September 29, 2016 at 8:05 am #

    We also need similar list to test operating system too.

    I use little snitch in Mac and Tiny Firewal in Windows.

Leave a Reply