How to avoid WebTracking ?

If you surf through a Proxy, you're not directly tracked. They only know the IP of the proxy. But it does not avoid to get information about your network. Another way to "fake your IP identity" is to surf through a host, far from your network, www.anonymizer.com provide this service freely but it's slow (and you're are not sure that you're really anonymous ...). You can write your own program as well, and run it on a host on which you have access. It has to transfert your HTTP request ... good for Real Hackers...

How does a HTTP server get IP,... ?

When you ask for a web page, the HTTP server get in your request the following variable :

REMOTE_HOST, REMOTE_ADDR, HTTP_USER_AGENT, HTTP_REFERER. So it know about HOSTNAME, IP ADDRESS, BROWSER & PLATFORM and REFERRER.This Web page use a CGI script to display your IP and Hostname.

How to find out IP without CGI?

You can try a JavaZOOM Applet which use the Java.net Package (download here freely). The GetLocalHost() method allows to display the HostName and the HostAddress. But Java implementation on IE4.0 seems not allowing this method ?!?! . Nevertheless there is another way to get them but only with Netscape. You can use the "LiveConnect" Technology to interface Java and JavaScript, you call Java Object from Javascript, but it would crash under IE...

How do you steal an email ??!!???

An Email is can be sent thanks to a FORM. Fortunately, the browser should ask your agrement. Moreover, we can steal your email if you're using Netscape 4.0x. It's a security hole found by Nando (he has found much more, very impressive but its site is closed now). Have a look to BUGTRAQ archive.

What 's the dark side of WebTracking ?

Each visit can be recorded, logged. Hence statistics can be done. So a site you use to visit can know about evolution of your OS and your browser. They can guess if you're a Microsoft addict, a Linux knight, an Unix pro, a MAC lover, a BEOS user ...They can follow the your relationship (or the one of your company) with computer sciences evolution. Time could be logged as well so they know about your habits. They know the pages you're interested in, "products" you like because they know exactly what pages you asked and which links you followed. They also know how you get to their site thanks to the referer so they can make statistics about their popularity. Finally, they know your IP. To be more precise they know the IP address of the host that ask the page. Usually it's your host itself, but it can be a proxy (the proxy server of your company) or another host you control in order to be hidden (are you a hacker ?). So in 90% they know your IP, the hostname can be checked quite simply thanks to DNS. They can learn more by consulting the InterNIC database, they can find out the name, the phone number, the email of your network administrator. And ,of course, the geographical location of the network.