# Short perC privacy analysis



## Handsome Dyke (Oct 4, 2012)

FYI PerC works without Javascript. Disabling scripts (via browser settings I mean, not via an add-on that is another potential privacy concern) eliminates a lot of the problems.


----------



## The red spirit (Sep 29, 2015)

Saiyed En Sabah Nur said:


> FYI PerC works without Javascript. Disabling scripts (via browser settings I mean, not via an add-on that is another potential privacy concern) eliminates a lot of the problems.


And yet it doesn't. I just tried that out and perC no longer works correctly. Entering my sign in data causes it to crash. Other websites no longer work correctly. Entirely ditching Javascript is a dumb idea, but there are add-ons that let you partially disable it. As result you still have a functional site, yet without unwanted crap. If I remember correctly it may be uMatrix that does that, maybe NoScript.


----------



## Handsome Dyke (Oct 4, 2012)

The red spirit said:


> And yet it doesn't. I just tried that out and perC no longer works correctly. Entering my sign in data causes it to crash. Other websites no longer work correctly. Entirely ditching Javascript is a dumb idea, but there are add-ons that let you partially disable it. As result you still have a functional site, yet without unwanted crap. If I remember correctly it may be uMatrix that does that, maybe NoScript.


No, it is not a dumb idea. It works for me just fine. Maybe you are on mobile. I've used perc on desktops and laptops without javascript for years. I already knew that add-ons exist; I mentioned them. Add-ons have access to your browser and what you are doing in it, so they pose other security concerns.


----------



## The red spirit (Sep 29, 2015)

Saiyed En Sabah Nur said:


> No, it is not a dumb idea. It works for me just fine. Maybe you are on mobile. I've used perc on desktops and laptops without javascript for years. I already knew that add-ons exist; I mentioned them. Add-ons have access to your browser and what you are doing in it, so they pose other security concerns.


They only pose those concerns if their creators do. Especially these add ons, I think that we should trust them. After all what's the point of their creators to do harm to us, when they pretend to help us? I would rather create some sign in storage add on, which could steal passwords, seems to be way easier.

I wasn't on mobile, I was testing that with latest Ungoogled Chromium build (my burner browser for testing out all sketchy stuff). After disabling Javascrip perC issue happened, DuckDuckGo's bar with settings and search menus disappeared, local news site no longer had pictures. Every page I opened was broken.

Just to clear my doubts I tried it out in Opera. Well, perC worked, but I was already signed in. Anyway other problems aren't gone. So it's not really wise to disable it entirely.


----------



## master of time and space (Feb 16, 2017)

I have 
10 x trackers on Noscript
1 x ublock origin
10 x cookies installed in cookie autodelete
and wait for it
77 x scripts in Umatrix
and I do have a really clean page


----------



## attic (May 20, 2012)

I never really get any ads here for some reason  Fist I thought it was that I had ghostery, a trackerblocker of some sort, but I have not bothered to get stuff like that since I got a new computer, but I still don't get any ads. Perhaps the trackers have found I am not worth it as I buy so little stuff, haha.

When I did have ghostery there were a long long list of things here though, longer than almost any other page I visited.

edit: saw now that firefox has something builtin now that block googletrackers etc. there were four now, three google-somethings and one facebookconnect-thing
- A big plus is it seems PerC is now give the safelock symbol instead of the "warning, warning!"-symbol


----------



## The red spirit (Sep 29, 2015)

*Security alert*

Lately I have been messing with Windows XP and I couldn't resist seeing what old browsers are still capable of. naturally among them there was Internet Explorer 8. Besides totally expected broken websites, to me it was mind blowing how much those old warez cared about privacy. Opera 9.10, IE 8 kept warning me with a messages, that would be almost unthinkable today. "Your connection isn't secure and it's possible that somebody might be snooping your activity". Not only such message raises concerns, but what is worse is that today you are bombarded with those on every single website. 

Not many people cared about your own privacy in XP days, many people didn't even have internet connection either, but I feel that really bad that such crucial element of security was completely bulldozed and ignored. Instead, browsers don't even notify user, automatically ignore such human necessity and only to some sometimes somebody cares to research such topics as internet privacy.

This is really sad.


----------



## Electra (Oct 24, 2014)

The red spirit said:


> uBlock origin is universal blocker. Not only it blocks trackers, it also has ability to block scripts, ads, badware, malware and you can configure it to block even more stuff with custom filter setups, but let's not get there. By default it finds 15 things on forum's main page and 17 things in any subforum. It shows higher number than there are in its own list, most likely due to putting tasks (or connections) under same umbrella. Also depending on blocker, blocking sensitivity and capabilities will variate. Brave only blocks 5 cross-site trackers. Most likely it misses something that uBlock Origin doesn't.
> 
> If you are into networking, then you should try to type _tracert google.com_ into command prompt. It will show you your full path from your computer to google.com website. It shows every single individual address that your computer has to connect in order to reach google's website and it shows how much time it takes to do each "hop" (leap of data from one computer to another). You should also try writing _netstat_ into command prompt to see with what connections it has to establish for internet to work. Both commands don't need administrator rights. You can find more of this stuff here:
> 11 networking commands every Windows admin should use


_tracert google.com_
Ok so I got 7 jumps then, on number 8 it timed out, then it jumped more jumps until it had jumped 12 times. I have no idea why my computer goes through these jumps or who these are except from 3 of them.
_netstat
_it first says local adress 18 times then something interesting happend, after the usual adresses (xxx.x.x.x:xxxxx) comes new adresses with 2 numbers in between xxx.xxx.x.xx:xxxxx
I have no idea how to interpret the difference.


----------



## The red spirit (Sep 29, 2015)

Electra said:


> _tracert google.com_
> Ok so I got 7 jumps then, on number 8 it timed out, then it jumped more jumps until it had jumped 12 times. I have no idea why my computer goes through these jumps or who these are except from 3 of them.
> _netstat
> _it first says local adress 18 times then something interesting happend, after the usual adresses (xxx.x.x.x:xxxxx) comes new adresses with 2 numbers in between xxx.xxx.x.xx:xxxxx
> I have no idea how to interpret the difference.


It isn't exactly rare for internet providers to have complicated networks, thus more jumps, higher delays. Also, it's possible that local internet provider's servers have to "go" to other countries to reach requested address, in this case google.com. It is in USA, I think and if you live in France for example, then your request first travels to your local ISP (internet service provider) then to other countries until it reaches transatlantic internet lines and then action happens in USA. And all this happens in fractions of second, which is a bit mind bending. 

You may have heard of ping, it basically says how big delay between your computer and server is. If it takes too long for your request to travel, your sent "ping", which is a packet or set of packets, gets lost. Therefore server can't send you ack, which means acknowledged (it confirms, that data packets were received). If nothing happens in expected amount of time, then packets must be resent. In such case you get "timed out" error. I hope it makes it a bit clearer, but remember, that this packet and ack stuff only happens if TCP is used (Transmission control protocol). It is used in most of internet, when it matters more to have reliably transport data, instead of just transporting it as fast as possible (UDP protocol cuts out ack step).


----------



## Electra (Oct 24, 2014)

The red spirit said:


> It isn't exactly rare for internet providers to have complicated networks, thus more jumps, higher delays. Also, it's possible that local internet provider's servers have to "go" to other countries to reach requested address, in this case google.com. It is in USA, I think and if you live in France for example, then your request first travels to your local ISP (internet service provider) then to other countries until it reaches transatlantic internet lines and then action happens in USA. And all this happens in fractions of second, which is a bit mind bending.
> 
> You may have heard of ping, it basically says how big delay between your computer and server is. If it takes too long for your request to travel, your sent "ping", which is a packet or set of packets, gets lost. Therefore server can't send you ack, which means acknowledged (it confirms, that data packets were received). If nothing happens in expected amount of time, then packets must be resent. In such case you get "timed out" error. I hope it makes it a bit clearer, but remember, that this packet and ack stuff only happens if TCP is used (Transmission control protocol). It is used in most of internet, when it matters more to have reliably transport data, instead of just transporting it as fast as possible (UDP protocol cuts out ack step).


That is right 
I used these commands a lot when I used Linux, but it is many years ago now. Ping I have also used when I was playing world of warcraft and there was a lag. Also it was relevant when I used a program called vireshark to see if someone stole packages (sniffed them for information, a hack method) if I remember correctly. So if someone was hacking me then I should see a huge packageloss over some time I think, but offcourse there could be other reasons for the packageloss too. I did not know about the UDP protocall but that was interesting too! Do you know if one can choose between using a TCP or UDP?


----------



## The red spirit (Sep 29, 2015)

Electra said:


> Do you know if one can choose between using a TCP or UDP?


Generally no. Only seen that in torrent software and even then there were only 2 options.


----------

