All Projects → CHEF-KOCH → Online Privacy Test Resource List

CHEF-KOCH / Online Privacy Test Resource List

Licence: other
Privacy Online Test and Resource Compendium (POTARC) 🕵🏻

Projects that are alternatives of or similar to Online Privacy Test Resource List

Torwall
Tallow - Transparent Tor for Windows
Stars: ✭ 346 (+87.03%)
Mutual labels:  tor, tor-network, privacy
Docker Tor Hiddenservice Nginx
Easily setup a hidden service inside the Tor network
Stars: ✭ 145 (-21.62%)
Mutual labels:  tor, tor-network, privacy
Onionbrowser
An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
Stars: ✭ 1,702 (+820%)
Mutual labels:  tor, tor-network, privacy
Youtube Local
browser-based client for watching Youtube anonymously and with greater page performance
Stars: ✭ 112 (-39.46%)
Mutual labels:  tor, privacy
Archtorify
Transparent proxy through Tor for Arch Linux OS
Stars: ✭ 100 (-45.95%)
Mutual labels:  tor, privacy
Ssh keyscanner
ssh public host key scanner using shodan
Stars: ✭ 102 (-44.86%)
Mutual labels:  tor, fingerprint
Tinytor
A tiny Tor client implementation (in pure python).
Stars: ✭ 80 (-56.76%)
Mutual labels:  tor, privacy
Block
Let's make an annoyance free, better open internet, altogether!
Stars: ✭ 1,849 (+899.46%)
Mutual labels:  privacy, ransomware
Knowledge
文档着重构建一个完整的「前端技术架构图谱」,方便 F2E(Front End Engineering又称FEE、F2E) 学习与进阶。
Stars: ✭ 1,620 (+775.68%)
Mutual labels:  canvas, dom
Private Tor Network
Run an isolated instance of a tor network in Docker containers
Stars: ✭ 125 (-32.43%)
Mutual labels:  tor, tor-network
Sprite Wxapp
spritejs 小程序版
Stars: ✭ 138 (-25.41%)
Mutual labels:  canvas, dom
Upribox
Usable Privacy Box
Stars: ✭ 153 (-17.3%)
Mutual labels:  tor, privacy
Onionr
Private Decentralized Communication Network 🎭 🧅
Stars: ✭ 84 (-54.59%)
Mutual labels:  tor, privacy
Canvaskeyframes
最简单的序列帧动画canvas插件
Stars: ✭ 83 (-55.14%)
Mutual labels:  canvas, dom
Torpy
Pure python Tor client implementation
Stars: ✭ 104 (-43.78%)
Mutual labels:  tor, tor-network
Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+572.43%)
Mutual labels:  detection, fingerprint
Ansible Relayor
An Ansible Role for Tor Relay Operators
Stars: ✭ 165 (-10.81%)
Mutual labels:  tor, tor-network
Poopak
POOPAK - TOR Hidden Service Crawler
Stars: ✭ 78 (-57.84%)
Mutual labels:  tor, tor-network
Wahay
an easy-to-use, secure and decentralized conference call application (this repository is a mirror of an internal work repository)
Stars: ✭ 79 (-57.3%)
Mutual labels:  tor, privacy
Personal Security Checklist
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021
Stars: ✭ 2,388 (+1190.81%)
Mutual labels:  checklist, privacy

- POTARC -

Privacy Online Test And Resource Compendium© (short: POTARC) project original created under the MIT license (2016 - present) by CHEF-KOCH and community.

HitCount Matrix Twitter Follow Discord

Privacy Online Test And Resource Compendium

The list is designed to show all available and useful online/offline tests in order to build strategies to harden your OS/Internet/Browser configuration against fingerprinting methods. Some of those services might collect only data to hand/sell it to 3th-party developer or people which pay for it to use it for 'bad' things, such services are (if known) marked and aren't preferable added - so keep this in mind before you request a site.

POTARC itself is more a community driven project because everyone can contribute to it and no pull request or discussion will be rejected, only with good reasons like spamming, etc. This project does not accept any donations because we all doing this in our free time and it's up to everyone to provide some information or not, from my perspective the information should be available for free.

Keep in mind that reducing the fingerprint doesn't mean you're secured against all attacks (including new upcoming ones) because security is a process and not something you gain by installing the correct extensions, plugins or programs.

Contribution

See CONTRIBUTING.md.

Before you create a new issue ticket, ensure you read the issue template and check if the things you like to request aren't already on the to-do list.

Table of Contents

How to handle these information and test results?

Collection of device fingerprints from web clients such as browser software mostly relies on the availability of JavaScript or similar client-side scripting language for the harvesting of a suitably large number of parameters. Overall this means if only one or a small of things are detectable it not automatically reveals your real identify, but all together can be pretty dangerous in order to expose you or your security setup. Keep in mind that it's not a good idea to share the results or to leak information which setup you exactly use.

The document section is for research and evidence purposes, topics without any proof are not reliable and the project doesn't accept any submissions without any documents or research based on the matter.

Keep in mind

Some of the integrated services & pages collect the results and store it offline and some other pages even sell the results to 3rd-parties! I'm not responsible for this behavior, the list added an indicator in order to inform you.

Research documents

I'm not the original author of any uploaded .pdf file in this repository, nor do I claim I wrote them. The documents are not under any license and the credit goes to the people which orignally written them. The documents are only mirrored here because several search engines (sadly) delete or hiding content behind proxies/VPN's, or the original link simply vanishes. All research documents are untouched. Please contact me via eMail if you don't like it and I'm going to remove them from this repository.

Known Fingerprinting Techniques

Info regarding Fingerprinting & filter lists

Some if not all (or most) findings are automatically getting submitted to Easylsit/EasyPrivacy and Disconnect filter lists which means they are blocked in almost all ad-blockers and Browser based (integated) ad-block solutions.

Already fixed within the Browser or OS (ensure you use the latest product [always!])

  • Browser based download attacks by exposing sensible information, there are several anti-fingerprinting techniques to expose you via drive-by.
  • CPU & Mouse wheel fingerprinting which needs to be fixed also within the OS.
  • First-party cookies in general, daily pages like e.g. Amazon/Facebook (as an example) need cookies to function probably (addons/filter-lists may help to whitelist/bypass certain restrictions). Some pages like Facebook already started to track user via first-party cookies.
  • HTML5 based attacks which inclduing stuff like Canvas, fonts & more (will never be fixed, you have to use in order to spoof such data, however "configuration hardening" might help to reduce the surface attack level).
  • HTTP Public Key Pinning (HPKP) sniffing attacks (removed/fixed in Chrome 72+ & Firefox 56+)
  • Network layer based leaks (OSI leaks) e.g. MAC address leakage (EUI64). Disabling/blocking IPv6, if not necessary/needed is usually enough. See RFC 3041 & (leak test)
  • Classic PopUps aren't possible anymore (if not Canvas/JS related). Normally you'll see a permission dialog or can control this behavior directly via Browser settings. Some Browsers also come with their own Ads-blocking feature.
  • Third-party cookie "isolation" or blocking
  • Tor network attacks - several fingerprint methods are still possible.
  • WebRTC since Chrome 48+ and Firefox 42+, both getting an new menu to allow it per-page (whitelist). There exist also for both several addons, workarounds to compile it without WebRTC support). Unofficial Chromium builds also come without WebRTC or sync.
  • * Detection of incognito mode
  • Adobe Flash (EOL), replaced by HTML5 (which has it's own weaknesses [see below])
  • File Transfer Protocol (FTP) - Will be removed soon or later from every Browser.
  • OpenSSL fixed (HeartBleed,CloudBleed...)
  • SSL / TLS (ciphers) [if you only browse on pages like GitHub ~ you can even more harden it] TLS 1.3 (3.0+) is the new common default and most platforms abandoned TLS 1.0/1.1/1.2.
  • SensorID fingerprinting attacks fixed in iOS 12.2+ and it will be fixed in Android Q.
  • Coin Mining
  • BatteryAPI based fingerprinting attacks
  • Spectre & Meltdown Via OS & BIOS patches. Almost all modern Browser also protecting their memory against exfiltration attacks.
  • Several timing based attacks are too ineffective for an advertiser/attack to abuse (in the real world).

Obsolete Add-ons & Plugin Tests

Page or Addon Description Collects or sells user data?
Firefox Addon Detector ://URI detection No
Flash Player System Test Checks if and what version or Adobe Flash Player is installed No
Adobe official Flash Player Test Official Adobe Flash Player Test Yes collects statistics and sells them.
Java Test Official Java Browser verification page. Yes collects statistics and sells them.
Unofficial Microsoft Silverlight Test Browserleaks Silverlight Test Page No

eMail Test

Page or Addon Description Collects or sells user data?
Email IP Leak Test Checks if your email provider shows your real IP address to its recipients. No
Email Privacy Tester Checks email addresses Yes see here
Email Trace Checks email addresses Yes
Have I Been Pwned? (Svalbard) Database which checks if you affected by several holes No
Pwnedlist Database which checks if you affected by several holes Yes - Currently down
Check Your GPG Fingerprints Check if your GPG key is leaked or not No
Have I Been Sold? Quickly check if your email has been sold. No, database lookup needs JS
Is someone spying on you? Same like Have I Been Pwned? it checks your pass/email against a database No
Secure eMail The website lets you look at your email security from a casual glance to an in-depth scrutiny. Yes

Data Healt Tracking/Fingerprinting

Page Description Collects or sells user data?
Data health individual Risk Check Too unique to hide checks (based on your data health data) what exactly could have been shared with third-parties. N/A

Phishing

Page Description Collects or sells user data?
KnowBe4 Login to get your phishing test template Yes
Are you leaking Windows/VPN Login-Data? Understanding the Windows Credential Leak Flaw and How to Prevent It No
Insecure Tab Phishing PoC page Check for insecure opened Tabs No

Browser Prerender & Feature Test

Page Description Collects or sells user data?
Prerender test Prerender resource test No
Web platform's features check Test which Web Feature your Browser supports Yes, StatCounter & caniuse.com
Third-Party redirection test Third-party redirection Test site - Pass if not redirected No

Ad-Blocker Test

Page Description Collects or sells user data?
Prerender test Cosmetic filtering: Test your blocker No
Adblock Tester Various tests against ad-blockers N/A

Window Measurements

Page or Addon Description Collects or sells user data?
Inner Window Measurements Detects the Browser Window Size No

Cloudflare

Page or Addon Description Collects or sells user data?
Cloudflare Phishing Test Detects if 1.1.1.3 is working correctly No
Cloudflare Porn Test Detects if 1.1.1.3 is working correctly No
Report false positives or missinf domains to Cloudflare DNS Team Report false/positives or missing domains No, needs JavaScript

Certificate Test

Page or Addon Description Collects or sells user data?
Revocation Awareness Test Certificate based revocation test No
Check Provider-TLS Check provider TLS certificates N/A
Intermediate CA Cache Fingerprinting Intermediate CA Cache Fingerprinting No
TLS Fingerprint.io Collect anonymized TLS Client Hello messages from the University of Colorado Boulder Yes, the collected data are not sold (used for research)
RIPE NCC Analyze IPs, Domains, ASN and check certificates among other infos Yes
TLS Certificate Health Checker + Shell script + Hardenize Analyze IPs, Domains, ASN and check certificates among other infos No

Crypto-mining detection and Malware

Page or Addon Description Collects or sells user data?
MALWARE DETECTED WITH THREAT EMULATION Check if your security setup is ready against crypto mining and other threats Yes

Mozilla (Firefox) specific test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Windows Hello Test Page Check if Firefox 66+ supports Windows Hello No Yes
Windows Hello Test Page (mirror) This site is designed by Duo Labs to test the new W3C Specification Web Authentication No Yes
Windows Hello Test Page (mirror) Check if Firefox 66+ supports Windows Hello No Yes
Windows Hello Test Page (mirror) Check if Firefox 66+ supports Windows Hello No Yes
Tracking Protection Test page for Firefox's built-in Tracking Protection No Yes
Phising Protection Test page for Firefox's built-in Phising Protection ("Web forgeries") No Yes
Malware Protection Test page for Firefox's built-in Malware Protection (attack page) No Yes
Malware Protection Test page for Firefox's built-in Malware Protection (attack page) No Yes
Firefox Stoage Test Test if your IndexedDB file is broken or corrupt No Yes
Mozilla Plugin Privacy Test Database The tests attempt to determine whether plugins passively gather data about users browsing habits No No (Open Source)
Cloudflare ESNI Checker Can not only be used with Firefox but was designed for test reasons, it automatically tests whether your DNS queries and answers are encrypted Yes, statistics Yes
Show Shield Studies (Beta) Show ("detect") current Mozilla Shield Studies No Yes
Platform/GFX/WebRender Where Where have we shipped WebRender? No No
Website FPI test & source code Test whether First Party Isolation works No No
Madaidan.github.io & source code Use JavaScript to check your system time, unless other tests it does not determine the time from the system timezone No Yes
WebGPU compute demo Firefox (Nightly) WebGPU compute demo, it needs dom.webgpu.enabled = true N/A N/A
Lazy Loading Test Page Firefox Firefox 75 Lazy loading images test page No Yes
dom.disable_window_open_feature test Window.open with features can test several things e.g. whenever Firefox interacts with where the newly created browsing context was opened No No

Browser Referrer Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Test Browser Referer Headers Check your link referrer, form, image, script and JavaScript referer. No Yes
Referrer Test This page is a simple test of who referred you to this page. No Yes

Chrome/Chromium Tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Chrome 76+ escape key-generated popups test Read here for more infos No No
CRXcavator Submit a Chrome Extension ID to scan the extension No Yes
Safe-Browsing Test Page Works in Firefox, Chrome/Chromium No No
Ben Kennish's Web Site Mixed content test page No Yes

Incognito Detection

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Check if the Chrome is in Incognito Mode Small JavaScript test to detect Chrome's FileSystem API No Yes
Check if Firefox is in Private Mode Small JavaScript test to detect Firefox Private Mode No Yes

DNS Rebinding

Page or Addon Description Collects or sells user data? Requires activated JavaScript
DNS Rebinding Demo Checks if you're vulnerable to rebinding attacks Partial, the source code is given but the demo page collects open statistics, they don't sell the data Yes

DNS-over-HTTPS (DoH)

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Cloudflare's Browsing Experience Security Check page The web page will now perform a variety of tests to see if you are using Secure DNS, DNSSEC, TLS 1.3, or Encrypted SNI. Yes Yes
Cloudflare Browser DoH support test Yes Yes

HTML5 based features test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Basic HTMl5 Video and Audio tester HTMl5 Video and Audio tester No No
Battery Status API Checks if you browser supports Battery Status API No No
Battery Status API Another Battery Status API Test No Yes
Canvas Fingerprinting Checks your Canvas Fingerprint N/A Yes
Canvas.toBlob test Checks your Canvas Blob Fingerprint N/A Yes
Canvas Blocking Detection Detects if you block Canvas No No
get.Image Canvas test Checks your get.Image Fingerprint N/A Yes
HTML5 Features Detection Detects which HTML5 features your Browser is capatible of N/A Yes
Hard Drive Fill Test Hard Drive Fill Test (local Storage) Yes Yes
HTML5 Geolocation Test HTML5 based Geolocation Test No Yes
HTML5 Test Official HTML5 test landing page No Yes
HTML5 Security Cheatsheet HTML5 Security checklist N/A Yes
WebRTC Leak Test Perfect Privacy WebRTC Leakage Test Yes Yes
WebRTC Leak Test WebRTC Leak Test No Yes
WebRTC Test WebRTC Official test N/A Yes
WebRTC What's My IP Check WebRTC IP Check Yes Yes
WebRTC check by PrivacyTools.io WebRTC IP Check No, source code is here. No
Web RTC Chrome vulnerability check See (Bug 709952) No No
Anonymster WebRTC check Another WebRTC check No Yes
AutoPlay test Test if your Browser blocks Video/Audio autoplay No Yes
Fraud detection API demo Fraud detection API, which has a 99.5% identification accuracy No Yes

Password Stealing

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Demo page](https://senglehardt.com/demo/no_boundaries/loginmanager/) Background Info can be found here, the demo basically checks whether your browser's built-in login manager will automatically fill an invisible login form. No No

CSS Fingerprint Tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Crooked Style Sheets Crooked Style Sheets fingerprinting test page No Yes (Source Code)
CSS Exfil Vulnerability Tester Tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage No Yes

IP, DNS & Magnet Leak Tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
GeoTek Datentechnik - Web Privacy Check Basic Web Privacy Check No Yes
DoiLeak Checks if you real IP is leaking behind Proxy/VPN N/A Yes
IP Leak Most well-known IP leak check Yes Yes
DNS Leak Test Most well-known DNS leak check Yes Yes
Content Filters and Proxy Test Check your filter list and Proxy configuration N/A Yes
DNS Spoofability Test Is your DNS spoofed? Yes Yes
IPv4/IPv6 Discovery / Detection Test Checks your current IPv4/IPv6 configuration N/A Yes
Whois Test Basic Whois Test for Windows Users No Yes
Mirai Vulnerability Scanner Basic Network Vulnerability Scanner N/A Yes
Galhi US Test Simple IP check No No
Check your current IP Yet another IP checker alternative N/A No
ipx.ac Offers IPv6, Geo, DNS, WebRTC FlashIP, Battery, user-Agent and more tests No No
DNS spoofing test DNS Nameserver Spoofability Test no No

Account Management

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Google Account History View, manage or delete your Google Account History N/A No
Facebook Activity Log View, manage or delete your Facebook Account History N/A No
YouTube Video History / Search History Check your YouTube Account Feed History N/A Yes
Microsoft Account Credentials Leak vulnerability check Microsoft Account Credentials Leak vulnerability check Yes Collects and stores the results Yes
Webbkoll Checks website reputation and additional security related infos No No
Browser Extension and Login-Leak Experiment Browser Web Beacon test Yes see here No
Hide my Footprint Checks your Browser footprint Yes Yes
Browsers leak installed extensions PoC Detect installed Extensions No No
Information Disclosure on IE Check if Internet Explorer leaks sensible Information Yes No
ETag ETAG (Cookieless Cookies) Test Yes stores results in an offline database Yes
Overview of all supported Two-Factor Auth (2FA) pages Lists all 2FA supported pages N/A No
ASN Blocklist Lists and shows ASN Providers N/A No
Nextcloud Security Scan Nextcloud Security Scan Yes Yes
Test your IPv6 connectivity Open Source IPv6 test No No
IP Duh eTag, Ip and other checks Yes N/A
Zscaler Security Check Yes Yes
GRC GRC Fingerprints check N/A No
CSS Keylogger with no CSP This site has no Content Security Policy to protect against CSS injections, and demonstrates a keylogger using only injected CSS with React as the controlled JavaScript framework. N/A No
HTTP Request & Response Service Check eTAg N/A No
Browser Audit Several browser tests N/A Yes
FP Central Statistics to Fingerprints (global), Tor, JavaScript tests etc No, it's open source. Yes
PoC for cookieless tracking via cache It can't be defeated except by periodically clearing your Browser cache. Original Article No No, source code.
Third-Party redirection test Check for enable-framebusting-needs-sameorigin-or-usergesture Chrome flag (third-party redirection) No No

Resource:// URIs leak Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Arthured Elstein resource:// URIs leak information page resource:// URIs leak information test page N/A No
Resource://URI Resource://URI check for Firefox N/A No

Web API Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Permission Site A site to test the interaction of web APIs and browser permissions. No Partial, source code
Browser Storage Abuser Experiment for your browser storage limitation on LocalStorage, SessionStorage, WebSQL Database, IndexedDB API and FileSystem API. No + source code Yes
PWA.rocks Test if your Browser supports Progressive Web Apps (PWA) No Partial
Permission Site Test if your Browser supports specific permissions such as Camera, Location, Fullscreen and other privacy critical APIs No Yes
Realtime detection of XSS with Casper Csper will help guide you through the process of installing a simple report-only CSP policy (HTTP Header). (addon/test maybe planned) No No
Are you anonymous? No + source code Yes
Ping Spotter Detect Beavon API hidden PINGs & CSP Reports No Yes

SSL/TLS, RSA & SSH Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Bad SSL Check against Bad SSL attack N/A No
FREAK Attack - Client Check Client-side FREAK attack check N/A No
Heartbleed Test Heartbleed attack Test N/A No
RC4 Fallback Test Is you browser still using obsolete and weak RC 4? N/A No
How's My SSL Check your SSL or anothers page SSL configuration Yes Yes
SSL Cipher Suite Details SSL Cipher Suite Check which also shows lots of Details N/A No
Weak Diffie-Hellman and the Logjam Attack Diffie-Hellman attack Test N/A No
The ROBOT Attack ROBOT Attack Test and Tool No No ROBOT Attack checking tool (Open Source)
SSH Audit Check your SSH configuration and audit it No No (Open Source)
Fortify SSL / TLS check Yes, 1 week. Yes
Symantec Symantec SSL Check Yes, 1 month. Yes
Fingerprinting TLS clients with JA3 A website qhich explains and demonstrate Fingerprinting on TLS CLients No Yes (Open Source)
Vulmap Vulmap Online Local Vulnerability Scanners Project No No (Open Source)
Badsec An online domain permutation, certificate transparency lookup utility. N/A Yes
ja3er Check your Browser MD5 & JA3 Fingerprint. N/A No

Do Not Track (DNT), Evercookie, Headers & Javascript bases tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
BrowserRecon (Header/HTTP) Test Browser Header Check N/A No
What Is My Referer? Check your Browser Referer Yes Yes
Browser Referer Headers Another Browser Referer Check N/A No
Do Not Track Test Does my Browser sends DNT? No Yes
Evercookie Test Evercookies Test N/A No
JavaScript Browser Information Basic JavaScript Browser check Yes collects an offline database Yes
Popup Blocking Tests Test your Browser against popups N/A Yes
Redirect Page Test Redirect Page Test Yes collects an offline database Yes
System Fonts Detection Test Detect which Fonts your Browser sends away No Yes
FluxFonts Browser Font Test Page N/A No
JavaScript/CSS Font Detector CSS and JavaScript based Font Detector N/A Yes
Universal Plug n'Play (UPnP) Internet Exposure Test Detect UPnP based leaks No No
JavaScript: PasteJacking PasteJacking Test No No
Punycode converter Punnycode Converter Tool No No
Unique Machine Is your Machine unqiue? No No Source Code
Mozilla Observatory Yes Mozilla collects all tests in a database 'to improve their products' they also use their findings in Ghostery (Clicks) and other products No
PrivacyScore Which Score has your privacy setup? Yes Yes
CryptCheck Simple Domain, TLS, SSH checks No No
Qualys SSL Labs SSL Test, eMail and Domain tools N/A No
securityheaders.io URL/Domain Scan sponsored by Sophos N/A No
Hardenize Header, Browser check Yes collects data and shares them No
Google Chrome drive-by exploit tester Drive-by test for Chrome weakness No No
The Privacy.net Analyzer Basic Header check which also provides several other tools Yes collects an offline database No
Spectre Vulnerability Check Spectre Vulnerability Check No but holes a offline database it's unclear if it's sold or shared No
Are You Trackable? How trackable is your Browser? No No Source Code
Ubercookie Test Ubercookie test Yes collects an offline database No
CSS Exfil Vulnerability Tester The page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage. If you are vulnerable, one way to protect yourself is to install the CSS Exfil Protection plugin for your browser. No No
CSS History Leak CSS History Leak check N/A No
Third Party Fingerprinting test Basic Third Party Fingerprinting test page No Yes
WTF? "A practical demo of privacy violation using local service detection on a website for product recommendations." No Yes & localhost
Webtest app Website speed test (beta) N/A No
AMTSO Test A testwebsites which provides multiple tools (tests). N/A Yes

Paste-jacking Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Demo Copy-paste the example line and run it into a terminal window to check if you're vulnerable No No
Another demo See here for more details. No No

DNSSEC & EDNS Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
DNSSEC Resolver Test Test the Resolver if it supports DNSSEC N/A No
DS Algorithm Test Check if DNSSEC is weak against DS N/A No
Internet.nl eMail, connection, website and other checks Yes Yes
DNSSEC resolver algorithm test // No Yes
Cloudflare tools Several tracing tools, read here for more information. Yes Yes
Check my DNS DNS & DNSSEC check No Yes
DNS randomness DNS & DNSSEC check NA Yes
DNS Spoofability test DNS Nameserver Spoofability Test No No
DNSTrace dns recon & research, find & lookup dns records No Yes
EDNS test EDNS Compliance Tester No No

Government Network measurement software

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Austria Official Austria Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Croatia Official Croatia Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Cyprus Official Cyprus Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Czech Republic Official Czech Republic Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Breitbandmessung Official German Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Denmark Official Denmark Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
France Official France Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Greece Official Greece Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Hungary Official Hungarian Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Italy Official Italian Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Lativa Official Lativa Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Lithuania Official Lithuania Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Norway Official Norway Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Poland Official Poland Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Portgual Official Portugal Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Romania Official Romania Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Slovak Repualic Official Slovak Repualic Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Slovenia Official Slovenia Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Sweden Official Sweden Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
Netherlands Official Netherlands Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes
United Kingdom Official UK Internet Speed Test Yes collects an online database shares and sells them to ISP's and others you need to agree in everything before you can use it Yes

Mouse Rate/Fingerprint Check

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Enotus mouse test Original Tracking speed and polling rate test No No Page down but mirrored here under /Offline
Outerspace's Max IPS logger Tracking speeds and will show if theres negative/positive acceleration when you hit a certain speed N/A No
Mouse Rate Checker Simple polling rate detection N/A Yes
Mouse reaction time tester Online mouse reaction test Yes collects an online statistic database No

Keyboard Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Javascript Key Event Test Script Basically a JS keylogger check N/A Yes
JavaScript Event KeyCode Test Page Another keystroke test N/A Yes
Keyboard Event Viewer N/A No

Advanced Fingerprint Tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
5who Multiple tests N/A Yes
Am I Unique? Is your Machine / Browser unique? N/A Yes
Are you anonymous? Similar like Am I Unique? but open source N/A Yes (Source Code)
Audio Fingerprint Test The original audio fingerprint test No Yes (Source Code)
Browser 'auto-download' Security Vulnerability Check Chrome, IDM and other Downloader against a security attack N/A No
Browser Spy Multiple Browser Tests N/A Yes
BrowserPlugs Check your Browser fingerprint with 3 different test scenarios N/A Yes, for the first test
Browserprint check Another advance fingerprinting check No Yes - Currently (?) Offline
Browserprint.Info Another JavaScript based Fingerprinting Test Yes collects stats and stores them in a database Yes
Check2IP One of the oldest advance Browser/IP tests No Yes only for advance tests but also works without
Cross Browser Fingerprinting Test Multiple Browser Test N/A Yes User must to disable its ad-blocker!
Device Info Canvas, Battery Status, ActiveX, City, CPU, Country, Connection type, Device detection & more. N/A Yes
FingerPrintJS2 Check your Browser fingerprint N/A Yes
HTML5 Canvas Fingerprinting Canvas HTML5 API Browser Test N/A Yes
Jondonym Full Anonymity Test The first and original anonymity test No Yes
Onion Leak Test Check your .onion N/A Yes
Panopticlick The most well-known Browser Fingerprint check by EFF Yes collects stats and stores them in a database Yes
PC Flank Random Browser Check N/A Yes
Popup Test Check how good your Browser performs against Popups N/A Yes
Privacy Analyzer IP, browser fingerprinting test N/A Yes
Privacy Check Another overall Browser header/leak test Yes Yes
Punycode See the Article N/A No
Tenta-Test Browser Privacy Test by Tenta VPN Browser Yes Yes
Whoer Advance Browser check Yes Sells the results Yes for advance information and tests
What's my fingerprint Similar like amiunique.org but FOSS. Data collection but they are used for a school project only Yes (Source code)
Luminous: JavaScript events blocker test Demo website to test Luminous addon/extension but also works to test other addons/extension No Yes

HTTP Strict Transport Security (HSTS)

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Chromium's HSTS preload list submission website Chromium's HSTS preload list submission website N/A N/A
HSTS sniffly A practical timing attack to sniff browser history using HSTS in Chrome and Firefox. Please disable HTTPS Everywhere for best results. N/A N/A

Tor Network & Fingerprint Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
TorCheck at Xenobite.eu Advance Tor Network Check No Yes
Tor Fingerprint Test Basic Tor Network Check N/A No
pseudo-flaw.net Torbutton testing No No

Cryptography Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Shattered SHA1 attack SHA1 collusion attack example No No

ISP Throttling check

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Internet Health Test Test if your ISP is throttling you N/A No
BitTorrent Traffic Shaping Check if your ISP is throttling BitTorrent Traffic N/A No
The Internet Health Test Test if your ISP is throttling you Yes collects an database and possible sells it (needs confirmation) No
Switzerland Tool from EFF to check if your ISP blocks or interfering into VOIP traffic No No
Test if your ISP is blocking or throttling BitTorrent Traffic Check if your ISP is rate limiting or blocking BitTorrent traffic Yes No
P2P Port Test Check if the common P2P ports are open or closed, the website provides other tests too Yes No

Web Search Engine which can show & Inspect the Source Code

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Source Code Search Engine Inspect the Page Source Code Yes logs and collect databases Yes

Cookie Leak Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Test if you leak cookies (after disabling them) Cookie test to check if your extensions which are supposed to block cookies doing their job No No

Firewall Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Test your Metal Check your firewall online against known ports Yes logs and collect databases Yes
Port Checker Check your Firewall against known or custom ports Yes logs and collect databases Yes
ShieldsUp! Check your Firewall against known or custom Ports No No
PenTest yourself. Don't get hacked Check your Firewall against a pre-made list N/A No
HackerWatch Check your Firewall against a pre-made list Yes collects an statistic offline database Yes
Hacker Target Check your Firewall against a pre-made list Yes collects an statistic offline database Yes
CanYouSeeMe.org Basic Firewall Port test Yes, under GDPR No

Torrent Leak Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
ipMagnet Magnet IP expose check N/A No
Check My Torrent IP Check which IP your Torrent Network sees Yes collects a statistic database No
I know what you downloaded Check what your peer sees about you N/A No
IP Magnet Test Allows you to see which IP address your BitTorrent Client is handing out to its peers and trackers! No No

Ransomware Decrypter

Page or Addon Description Collects or sells user data? Requires activated JavaScript
NoMoreRansom Official against Ransomware page for help, decrypter and information N/A No
Free Ransomware Decryptors - Kaspersky Lab Kaspersky's Ransomware Help Page N/A N/A
Avast Free Ransomware Decryption Tools Free Ransomware Decryption Tools by Avast N/A N/A
Emsisoft Decrypter Tools Emsisoft Decrypter N/A N/A
Trend Micro Ransomware File Decryptor Tool Several decrypter powered by TrendMicro N/A N/A
Heimdal Decrypter Tools Bunch of decrypter utilities N/A N/A
Free Ransomware Decryption Tools Decrypter tools by Avast N/A N/A
Download All Known Ransomware Decryption Tools MDS collection of all known Ransomware decryoter N/A N/A

Identify Theft Check

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Have I Been Pwned Check if your identiy (email etc.) was used/stolen by someone else Yes collects an database (need confirmation if sold to 3rd-parties) Partial
Shodan.io Search for devices, vuln. etc Yes collects an database (need confirmation if sold to 3rd-parties) Yes
New York Attorney General Eric Schneiderman tool Tool which check fake comments based on a database of known fakers Yes collects an database (need confirmation if sold to 3rd-parties) N/A
Censys.io Get the information you need to prevent threats and improve overall security. N/A Partial
ZoomEye Cyberspace Search Engine No Partial

Browser Benchmarks

Keep in mind that a Browser Benchmark doesn't reflect the real-world performance of a website, as explained over here.

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Speedometer JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
ARES 6 JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
Motion Mark JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
JetStream JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
Lite Brite JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
Octane JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
Dromaeo JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes
Acid 3 JavaScript based Browser Benchmark Yes collects an database (need confirmation if sold to 3rd-parties) Yes

Sandboxes Virus/Malware/HTTP Analyzer

Page or Addon Description Collects or sells user data? Requires activated JavaScript
BitBlaze The BitBlaze Binary Analysis Platform No, it's open source No
Hybrid Analysis + Mirror Free Malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology N/A Yes for the WebInterface.
Jevereg Jevereg analyses the behavior of potential malicious executables N/A No
Sunbelt Sandbox Dig Deep with Malware Analysis Yes Tracks IP, collects data and sells them. Yes
ThreatExpert ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode. N/A N/A
ViCheck Advanced Detection Tools to Stop Malware N/A No
detux Multiplatform Linux Sandbox N/A No
Nviso Nviso APK scan N/A Yes
Java Script Beatify Beautify, unpack or deobfuscate JavaScript and HTML, make JSON/JSONP readable, etc. N/A Yes
PDF Examiner Scan PDF files N/A No
Rex Swain's HTTP Viewer See exactly what an HTTP request returns to your browser N/A N/A
JSUNPACK jsunpack was designed for security researchers and computer professionals N/A N/A
Google VirusTotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. Yes, see privacy policy. N/A
Jotti Jotti's malware scan is a free service that lets you scan suspicious files with several anti-virus programs. Yes, see Privacy Policy. N/A

Online Link Checkers

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Dr.Web Online Scanner URL link checker Yes Yes
Google Safe Browsing Change putyourlinkhere.com to url you want to check! Yes, see here. Yes
Google Safe Browsing Testing Links The tests are safe to use, it basically checks your Browser settings Yes, for some tests
Norton Safe Web Look up a site. Get our rating. Yes, see privacy policy Yes
URL Void Website Reputation Checker Tool Yes, see terms and privacy Yes
vURL Online Quickly and safely dissect malicious or suspect websites Yes, IP address of the requesting computer is recorded along with the URL accessed. Stored for 1 week. No
Online Link Scan Prevent infection and data theft with Online Link Scan. N/A N/A

Online IP Scanner Visualizer

Page or Addon Description Collects or sells user data? Requires activated JavaScript
GreyNoise Visualizer Tracks every IP + mass scanning/attacking the Internet and Visalize them No No
TCPIPUtils now DNSLytics One of the biggest and oldest IP/Domain tracking service Yes Yes

Opt-Out of targeting based Ads

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Stop Targeting Ads at Me Helps you turn off targeted ads on 41 websites, apps, and devices No Yes
Your Online Choice Take control over your ad choices Yes Yes
YourAdChoices WebChoices checks whether your browser can set opt out requests Yes Yes
Simple Opt-Out A (HTTP only) website which allows you to out of data sharing by 50+ companies No No

Intel Security Tests

Page or Addon Description Collects or sells user data? Requires activated JavaScript
RIDL and Fallout: MDS attacks Information & utility for Windows/Linux to check against MDS attacks No No, it's a info website + tool (Source Code)

Progressive Web Applications (PWA) Tracking Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Persistent Web Apprehension Cookie respawn which makes it impossible to clear website identifiers No

Browser Audit Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Browser Audit Test Test your Browser for known holes and display an overall score N/A Yes
Privacy test Test your Browser tracking and fingerpritning holes Yes Yes

HTTP/3 Test Servers

Page or Addon Description Collects or sells user data? Requires activated JavaScript
HTTP/3 test servers Documentation for early HTTP/3 testing (with curl and more) No No, the URL however do require JavaScript unless you use curl

SmartScreen Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
SmartScreen Test Test if SmartScreen and Safe-browsing are working (the website is not malware) No No

VPN comparison charts

Page or Addon Description Collects or sells user data? Requires activated JavaScript
VPN Chart (always updated) TheBestVPN Comparison Chart for 2019 Yes (via Google Docs) Yes (website function breakage)
VPN Comparison by That One Privacy Guy VPN chart porovided by by That One Privacy Guy No No

Check if a website is disguising third-party trackers as first-party trackers

Page or Addon Description Collects or sells user data? Requires activated JavaScript
TrackingTheTrackers A free analysis tool to check if a website is disguising third-party trackers as first-party trackers. No No

EULA/GDPR/Terms

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Terms of Service; Didn't Read Rate and label website terms & privacy policies, from very good Class A to very bad Class E, also provides Browser extensions. No No
PrivacySpy Aims to track privacy, which rates, annotate and archive privacy policies No Yes

I2P based Fingerprint Test

Page or Addon Description Collects or sells user data? Requires activated JavaScript
Similar like "AM I unique" I2P checkup page. No Yes
Fingerprinter A I2P fingerprinting test No Yes
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].