PrivacyGirl.com

Browser Information

You are giving out private information every time you visit a website. Here is a sample of what you've been telling the world.

Don't panic... this is a very benign webpage. NO Java applets or ActiveX controls have been or will be downloaded to your computer without your permission. The only cookie that's been set is "testCookie" with a value of "true" and expires when you close your browser. Also... as a matter of policy, I regularly delete all access and referer logs. None of the private information shown on this page is stored anywhere. The ONLY logs that are kept are mail and error logs, so I can see if anything's broken or if some evil bot or other miscreant is trying to attack the site.

If you're intrested in how all this was done... please read the "How'd she do that?" section at the bottom of this page.

Want to view the WHOIS database for 38.107.191.100 ?
Enter the code below into the text box and click Submit. The code consist of 5 letters and is NOT case sensitive.

      What is this for? Click here to find out.

Want to see what plug-ins are installed on your browser?
Click the button below and see which ones are detected.

How'd she do that?

Please don't email me and ask for the code... I'm not going to do the work for you. I will point you to where I found the information and how I implemented everything you see on this page.

The IP address, port number and referer are Apache variables REMOTE_ADDR, REMOTE_PORT and HTTP_REFERER. You can access them with Perl, PHP, or even Server Side Includes (.shtml). You can find a list of Apache variables along with HTTP header variables at www.zytrax.com.

You can get the Hostname with either Perl or PHP. The function call for both languages is "gethostbyaddr". You shouldn't rely on the REMOTE_HOST variable because most of the time it's empty. Just Google perl gethostbyaddr or php gethostbyaddr and you'll find out how.

Location along with Latitude and Longitude are from a geolocation database. There are several commercial programs available, but since I don't have a lot of money and this site is free... I used the less accurate (but free) GeoLite City from MaxMind. It works well and comes in both Perl and PHP flavors. They even update their free database monthly.

It sounds strange, but I got the country flags from the CIA Factbook "Flags of the World". It's a good reference on countries of the world... who would know better then the CIA? Anyway... after downloading the flag gif's, I scaled and converted to png in-batch using ImageMagick.

The Language comes from HTTP header variable HTTP_ACCEPT_LANGUAGE while OS and Browser come from header variable HTTP_USER_AGENT. These variables are then processed with Harald Hope's outstanding PHP Language Detection and PHP Browser & OS Detection scripts.

Screen, Color depth, Java, JavaScript and Cookies enabled were all done with JavaScript. Java enabled was checked with the JavaScript function 'navigator.javaEnabled()' although it could have been done with a Java applet. I used JavaScript to test for Cookies because if the cookie were set manualy in the header, it couldn't be read (or checked) until the next page load. By using JavaScript, I was able to write the cookie and test for it in one function. Please check out the page source to see exactly how these test were done.

The map is from Google Maps API. You need to sign up in order to get a key that will work for your site. Google doesn't require any personal information, just an email address and the site URL. It was very easy to setup and they give several examples. Also... the API directly accepts Longitude/Latitude from the geolocation database.

The Real IP Address was done with a Java applet (duh). I WILL NOT download or run anything on someone's computer without knowing exactly what it does and ONLY with their permission. So... that's why I sat down and wrote my first Java applet. Although I found Java to be a robust and capable language, it's not how I make my living. So... this will probably be my last Java applet. Anyway, the applet uses JSObject and JavaScript to POST (not GET) back the information via a form. Most 'Real IP' applets use the GET form method that writes your information to their access log. As matter of policy, I regularly delete all access and referer logs, even so... I didn't think it was right to use GET. I did find a lot of good information from Réal Gagnon's Real's HowTo site. If you're looking for an out-of-the-box solution, then you should look at Lars Kindermann's MyAddress Java Applet. Also, Jeremiah Grossman shows on his blog, how to use JavaScript to invoke Java Classes directly (Mozilla based browsers only).

There are many CAPTCHA programs available on the web for free. I used the PHP script Securimage written by Drew Phillips.

The WHOIS lookup is done with Open Source PHPWhois PHP class. The PHPWhois project admins are Mark Jeftovic and David Saez and is maintained at SourceForge.net. In order to get WHOIS to work the way I wanted required some extra work. The gethostbyaddr function returns the FQDN of REMOTE_ADDR (such as 123.456-nat.myisp.net.au) and I wanted to WHOIS the 'Domain.TLD' (such as myisp.net.au). Extracting the TLD from the FQDN was a bit daunting, since there are currently about 270 TLD's, not counting ones like net.au or co.uk. So... I ended up using "split a full domain name" code snippet from one of the Webdigity tutorials. You'll need the mySQL database of TLD's that can be downloaded here. Thanks to Olaf (last name unknown) for his tutorial and code snippet.

Listing installed plugins is a lot easier for non-IE browsers... you can use JavaScript 'navigator.plugins' array to list all installed plugins. IE though is more difficult. Although IE supports 'navigator.plugins' array, it's always empty. For IE you need to use a VBScript to check for ActiveX controls. Apple has a decent plug-in Detection write-up on their Developer Connection site that covers this topic.

- Angel