Testing Tools
Sites
'''Duplicated from The Tor Designs Docs.
- http://samy.pl/evercookie
- Use 'New Identity' to clear them, and make sure they're gone.
- http://html5demos.com/web-socket
Decloak.net is the canonical source of plugin and external-application based proxy-bypass exploits. It is a fully automated test suite maintained by HD Moore as a service for people to use to test their anonymity systems.
Deanonymizer.com is another automated test suite that tests for proxy bypass and other information disclosure vulnerabilities. It is maintained by Kyle Williams, the author of JanusVM and JanusPA.
The JonDos people also provide an anonymity tester. It is more focused on HTTP headers and behaviors than plugin bypass, and points out a couple of headers Torbutton could do a better job with obfuscating.
Browserspy.dk provides a tremendous collection of browser fingerprinting and general privacy tests. Unfortunately they are only available one page at a time, and there is not really solid feedback on good vs bad behavior in the test results.
The Privacy Analyzer provides a dump of all sorts of browser attributes and settings that it detects, including some information on your original IP address. Its page layout and lack of good vs bad test result feedback makes it not as useful as a user-facing testing tool, but it does provide some interesting checks in a single page.
Mr. T is a collection of browser fingerprinting and deanonymization exploits discovered by the ha.ckers.org crew and others. It is also not as user friendly as some of the above tests, but it is a useful collection.
Gregory Fleischer has been hacking and testing Firefox and Torbutton privacy issues for the past 2 years. He has an excellent collection of all his test cases that can be used for regression testing. In his Defcon work, he demonstrates ways to infer Firefox version based on arcane browser properties. We are still trying to determine the best way to address some of those test cases.
Xenobite's TorCheck page checks to ensure you are using a valid Tor exit node and checks for some basic browser properties related to privacy. It is not very fine-grained or complete, but it is automated and could be turned into something useful with a bit of work.
Others