Panopticlick: You Are A Beautiful And Unique Snowflake

We all like to think we’re unique, but when it comes to remaining anonymous online that’s probably not such a good idea. By now, it’s common knowledge that advertising firms, three-letter agencies, and who-knows-who-else want to know what websites you’re visiting and how often. Persistent tracking cookies, third-party cookies, and “like” buttons keep tabs on you at all times.

For whatever reason, you might want to browse anonymously and try to plug some of the obvious sources of identity leakage. The EFF and their Panopticlick project have bad news for you.

The idea behind Panopticlick is simple: to try to figure out how identifiable you are even if you’re not accepting cookies, or if you’ve disabled Flash, or if you’re using “secure” browsers. To create a fingerprint of your browser, Panopticlick takes all the other little bits of identifying information that your browser gives up, and tries to piece them together.

For a full treatment of the project, see this paper (PDF). The takeaway from the project is that the information your browser gives up to servers can, without any cookies, specifically identify you.

fooFor instance, a server can query which plugins your browser supports, and if you’ve installed anything a tiny bit out of the ordinary, you’re fingerprinted. Your browser’s User Agent strings are often over-specific and tell which browser sub-sub-sub version you’re running on which OS platform. If you’re running Flash, it can report back which fonts you’ve got installed on your system. Any of these can be easily as rare as one-in-a-million. Combining them together (unless they’re all highly correlated) can fingerprint you uniquely.

You can’t necessarily win. If you disable Flash, the remote site doesn’t get your font list, but since only one in five browsers runs with Flash disabled, you’re still giving up two bits of information. If you run a “privacy-enhancing” niche browser, your chances of leaving a unique fingerprint go through the roof unless you’re also forging the User Agent strings.

I ran the Panopticlick experiment twice, once with a Firefox browser and once with an obscure browser that I actually use most of the time (dwb). Firefox runs a Flash blocker standard, so they didn’t get my font list. But still, the combination of browser plugins and a relatively new Firefox on Linux alone made me unique.

It was even worse for the obscure browser test. Only one in 1.4 million hits use dwb, so that alone was bad news. I also use a 4:3 aspect-ratio monitor, with 1280×1024 pixels at 24-bit color depth, which is apparently a one-in-twenty-four occurrence. Who knew?

fooFinally, I tried out the Tor browser, which not only routes your traffic through the Tor network, but also removes a lot of the specific data about your session. It fared much better, making me not uniquely identifiable: instead only one in a thousand. (Apparently a lot of people trying out the Panopticlick site ran Tor browser.)

If you’re interested in online anonymity, using something like Tor to obscure your IP address and disabling cookies is a good start. But Panopticlick points out that it may not be enough. You can never use too many layers of tinfoil when making your hat.

Try it out, and let us know in the comments how you fare.

Build An Amazon EC2 Gaming Rig

PC gaming is better than console gaming. Now that we’ve said something controversial enough to meet the comment quota for this post, let’s dig into [Larry]’s Amazon EC2 gaming rig.

A while ago, [Larry] bought a MacBook Air. It’s a great machine for what it is, but it’s not exactly the laptop you want for playing modern AAA games on the go. If you have enough bandwidth and a low enough ping, you can replicated just about everything as an EC2 instance.

[Larry] is using a Windows Server 2012 AMI with a single NVIDIA GRID K520 GPU in his instance. After getting all the security, firewall, and other basic stuff configured, it’s just a matter of installing a specific driver for an NVIDIA Titan. With Steam installed and in-home streaming properly configured it’s time to game.

The performance [Larry] is getting out of this setup is pretty impressive. It’s 60fps, but because he’s streaming all his games to a MacBook Air, he’ll never get 1080p.

If you’re wondering how much this costs, it’s actually not too bad. The first version of [Larry]’s cloud-based gaming system was about $0.54 per hour. For the price of a $1000 battle station, that’s about 1900 hours of gaming, and for the price of a $400 potato, that’s 740 hours of gaming.

DNS Tunneling with an ESP8266

There’s a big problem with the Internet of Things. Everything’s just fine if your Things are happy to sit around your living room all day, where the WiFi gets four bars. But what does your poor Thing do when it wants to go out and get a coffee and it runs into a for-pay hotspot?

[Yakamo]’s solution is for your Thing to do the same thing you would: tunnel your data through DNS requests. It’s by no means a new idea, but the combination of DNS tunneling and IoT devices stands to be as great as peanut butter and chocolate.

DNS tunneling, in short, relies on you setting up your own DNS server with a dedicated subdomain and software that will handle generic data instead of information about IP addresses. You, or your Thing, send data encoded in “domain names” for it to look up, and the server passes data back to you in the response.

DNS tunneling is relatively slow because all data must be shoe-horned into “domain names” that can’t be too long. But it’s just right for your Thing to send its data reports back home while it’s out on its adventure.

Oh yeah. DNS tunneling may violate the terms and conditions of whatever hotspot is being accessed. Your Thing may want to consult its lawyer before trying this out in the world.

Internet of Cowbell

If this is a sign of the times, the Internet of Things promises a lot of entertainment for hackers who can come up with wacky ideas and interactive projects. [Brandon] built a cowbell that rings when you tweet #morecowbell. Why? Because!

On the hardware side it is quite simple, and can be built in a number of different ways depending on the parts you have lying around. [Brandon] used an Electric Imp and its corresponding breakout board. A Sparkfun mini FET shield helps drive the solenoid that hits the cowbell. And because he had one lying around, he added a counter across the solenoid to count the number of times the Twitterati have rung the Cowbell.

The code for the Electric Imp consists of two parts – the “agent code” that runs on a server in the Electric Imp Cloud and the “device code” that runs on the imp itself – and is available at this Git link. Once you tweet with the hashtag, the Cowbell replies back, randomly selecting one from a list of stored responses. Would be nice to see a video of the Cowbell in action. And if it can be made to play the Salsa beat.

Rebraining an LED Marquee with a Spark Trammell Hudson’Core

Wires? Where this LED scroller is going we don’t need wires. Well, except for power but everything needs power. The 90×7 LED marquee hangs over the entrance to NYC Resistor’s laser cutter room. Thanks to a Spark Core and a bit of work from [Trammell Hudson], the sign is working and attached to the network.

The original unit called for an RS485 connection for input. Other than that there wasn’t really a reason it had been collecting dust. Closer inspection of the internals proved that the display is driven exactly as you would expect: transistors for the rows and shift registers for the columns. Well, actually the columns are split into separate shift registers for the even and odd but that doesn’t complicate things too much. GPIO takes the seven row-driving transistors, two shift register clocks, data, latch, and enable for a total of twelve pins.

The Spark Core completely replaces the Atmel 80C32X2 and its RTC by pinging the network for UTC time synchronization once per day.

[via NYC Resistor]

TwitterPrinter Keeps Track of 2015 Hack-A-Day Prize

[Mastro Gippo] is getting to be somewhat of a Hackaday legend. He didn’t win the 2014 Hackaday prize but was in attendance at the event in Munich, and to make sure he keeps up with this year’s Prize, he built this old-school printer that prints all of the updates from the Hackaday Prize Twitter account.

The device uses the now-famous ESP8266 module for connecting the printer to the Internet. It doesn’t scrape data straight from Twitter though, it looks at [Mastro Gippo]’s own server to avoid getting inundated with too many tweets at once. The program splits the tweets into a format that is suitable for the printer (plain text) and then the printer can parse the data onto the paper. The rest of the design incorporates a 3.3V regulator for power and some transistors to turn the printer on and off. Be sure to check out the video of the device in action after the break!

[Mastro Gippo] notes that this eliminates the need to have a smartphone in order to keep up with the 2015 Hackaday Prize, which is ironic because his entry into the Trinket Everyday Carry Contest was a smarter-than-average phone. We’ll be expecting something that doesn’t waste quite as much paper for his official contest entry, though!

Continue reading “TwitterPrinter Keeps Track of 2015 Hack-A-Day Prize”

Automatic Garage Door Opener Works for Your Cat

Using an Arduino or Raspberry Pi to perform a task in the real world is certainly a project we’ve seen here before, and certainly most of these projects help to make up the nebulous “Internet of Things” that’s all the rage these days. Once in a while though, a project comes along that really catches our eye, as is the case with [Jamie’s] meticulously documented automatic garage door opener.

This garage door opener uses an ATMega328 to connect the internet to the garage door. A reed switch is installed which lets the device sense the position of the door, which is relayed back to the internet. [Jamie] wrote an Android app that can open and close the door and give the user the information on the door’s status. One really interesting feature is the ability to “crack” the garage door. This is done by triggering the garage door opener twice with a delay in between. From the video after the break we’d say this is how [Jamie’s] cat gets in and out.

We love seeing projects that are extremely well documented so that anyone who wants to make one can easily figure out how. Internet-connected garage door openers have been featured in other unique ways before too, but we’ve also seen ways to automatically open blinds or chicken coops!