To a site like Panopticlick, that probably helps your chances because many of its detection methods are JavaScript-dependent.
ISP have different heuristics, though. They can see your entire unencrypted traffic stream and build up a different profile of your PC.
Disabling JS might disable many of those heuristics, but depending on the others users on that same IP, it alone might make you stand out more. For example, if yours is the only laptop in a cafe of 30 people with JS turned off, and then twenty minutes later they detect another computer with JS turned off five miles away, they may very well assume it’s the same person, especially if your browsing habits are different from the local population.
Similarly, while using VPN may cloak your browsing from the authorities, the very fact that you’re using a VPN is detectable and makes you stand out among the general population.
Confidentiality and anonymity are different things.
And, MAC addresses aren’t always unique. Though the combination of MAC address (if it was obtainable) and browser fingerprint could be pretty specific.
Not exactly, but they would be able to see that exactly the same browser was used, OS, resolution and a bunch of other identifiers. Taken together, they are a nice fingerprint, but not completely unique.
Also… I guess somebody should point out that since the bad guys in this scenario have ISP-level access, they don’t even need to rely on passive detection. They can actively inject a trojan into your next download, or actively inject an exploit into your next PDF/image/Flash/webpage/whatever and track you that way.
The basic use case for fingerprinting is web sites that want to cross correlate your visiting in an invisible fashion. They leave no cookie, and you never have any idea that they can guess that you are the same person visiting a number of apparently different sites. This could easily include government agencies - and agencies not from your government. The ability to track “subversive” and other “undesirable” activities is available despite apparent anonymity.
MAC address is probably visible to a javascript mechanism if it tries hard enough. Although javasript is supposed to be reasonably sandboxed, so much information is lying about in odd places that it would not surprise me that on many operating systems it is possible to snarf it. But it is just another set of bits in the uniqueness set.
There is probably a role for a plugin for browsers to try to limit the effectiveness of some of these identifying tricks. Sorting the results of any set of values into a standard order would significantly reduce the information carried.
Huh? On a free WiFi network, isn’t there a good chance the ISP owns the router in question?[sup]*[/sup] The router’s connection logs would almost certainly include the MAC addresses, and these logs would then be considered “ISP records” for the purposes of the OP.
That said, I’m amazed that for this thread it took 20 posts before someone came up with the correct answer…
[sup]*[/sup]I’m aware that there are some cloud-style WiFi networks where anyone with an Internet connection can sign up to participate as a node, though in my experience these are rarely free.
Unless you take specific steps to anonymize your machine, it can be identified to a fairly high degree of confidence based on the data it leaks. Taken in aggregate, this data almost uniquely identifies your computer.
ISP have different heuristics, though. They can see your entire unencrypted traffic stream and build up a different profile of your PC.
So encrypt your traffic stream. My ISP doesn’t even get DNS information from me when I browse. Look into TOR.
Only problem is that some sites block a number of TOR exit nodes because hackers and spammers use 'em. I have that problem periodically with this site.
Is that the case? I know there are sometimes ISP-supplied wireless routers, but do they have remote access to those logs? (I’m leaving out the possibility that they’ll physically come and check, because if they did they could obviously see you…)
In the context of the OP, using Tor would pretty much shatter anonymity while granting increased confidentiality.
A normal setup consists of a modem (cable or fiber) plus a router. However since most newer modems have built in routers, it’s easy to confuse the two.
I use my own router since it handles gigabit ethernet and 802.11n wireless (wireless N). I plug that into one of the modem/router ports.
As for MAC addresses, AFAIK, the router has no reason to transmit those to the WAN side of the network (i.e., the internet side where your ISP lives). Of course if you use the modem’s built-in router, there’s no way to be sure that ISP cannot access it from there.
*In the context of the OP, using Tor would pretty much shatter anonymity while granting increased confidentiality. *
Yes and no. Depends on how many others are using TOR. The number is probably small, so from that standpoint the computer becomes unique.
However it is unique in an anonymous way; the ISP simply will not be able to profile it. So, if there is some issue with LEO, or the ISP, or whoever, and the OP has been moving around to coffee shops in the area and browsing through TOR, then if OP is confronted he can say: “not me” and it can’t be proven otherwise unless he was the only one in the entire area who ever used TOR. How likely is that? Dunno. Tell me the area and I’ll take a WAG at it.
If, OTOH, OP IS browsing through coffee shops, TOR provides absolute protection against MITM attacks or wifi eavesdropping.