Introduction:
Imagine some Michael from the USA who wants to pay for an iPhone. He enters the shop, sees payment through the PP, registers the account and pays. Michael does not keep track of his self-registration, does not swing with purchases of tea and other offal, he comes in and pays. Michael does not need to gain the trust of the PP, read entire threads on such forums before buying something for himself. So how can we seem to be Michael and not Boris in the eyes of an antifraud.
1. Ports
Imagine that you are an anti-fraud. Sit looking at orders and then a person who has 80,443,3389,22 open ports wants to buy from you. Just looking at these ports it is already clear what this person is planning. socks, proxy.
Solution: we use the RDP on which we configure the firewall or on the tunnel we raise the firewall.
2. Two-way ping and belonging to a hosting provider.
Two-way ping detects tunnels, VPNs and socks based on the ping and time difference received in the loop.
Solution: before the tunnel, vpn or socks, add TOR.
Belonging to a hosting provider – well, I think it's clear here, we don't use tunnels, socks, vpn hosting providers, consider if the ip belongs to the hoster, then it's in black.
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now. Just keep in mind that they need to be checked and fixed.
From yourself: do not use the DNS from Google, as your actions are logged.
4. OS language and timezone = cardholder
Of course, we include it, because we have nothing to fear and we can pay for goods from our account. In general – do not arouse suspicion
I recommend checking for leaks via browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here, no whoers and other sites that cause pale yellow.
We walk around google and Facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same. I haven't tested it on RDP yet, so check it on RDP and unsubscribe
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization. Let's say that you go to the site of a software company and they take an audio fingerprint from you. Then, after a successful case, you turn off the virtual machine and go to YouTube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint. Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e entered the PP under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e entered YouTube under the ip 192.168.1.100 (The ip from which you came to YouTube)”
2) PP or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and OS fingerprint
Uptime is the time that your vpn, socks, or tunnel is online.
Agree it's strange that Michael's computer has been running without a reboot for half a year
Solution: go to the tunnel console and write reboot
OS fingerprint – in simple language, each OS has different packages. That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration. There is a simpler solution to this problem, but it is still at the testing stage.
Imagine some Michael from the USA who wants to pay for an iPhone. He enters the shop, sees payment through the PP, registers the account and pays. Michael does not keep track of his self-registration, does not swing with purchases of tea and other offal, he comes in and pays. Michael does not need to gain the trust of the PP, read entire threads on such forums before buying something for himself. So how can we seem to be Michael and not Boris in the eyes of an antifraud.
1. Ports
Imagine that you are an anti-fraud. Sit looking at orders and then a person who has 80,443,3389,22 open ports wants to buy from you. Just looking at these ports it is already clear what this person is planning. socks, proxy.
Solution: we use the RDP on which we configure the firewall or on the tunnel we raise the firewall.
2. Two-way ping and belonging to a hosting provider.
Two-way ping detects tunnels, VPNs and socks based on the ping and time difference received in the loop.
Solution: before the tunnel, vpn or socks, add TOR.
Belonging to a hosting provider – well, I think it's clear here, we don't use tunnels, socks, vpn hosting providers, consider if the ip belongs to the hoster, then it's in black.
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now. Just keep in mind that they need to be checked and fixed.
From yourself: do not use the DNS from Google, as your actions are logged.
4. OS language and timezone = cardholder
Of course, we include it, because we have nothing to fear and we can pay for goods from our account. In general – do not arouse suspicion
I recommend checking for leaks via browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here, no whoers and other sites that cause pale yellow.
We walk around google and Facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same. I haven't tested it on RDP yet, so check it on RDP and unsubscribe
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization. Let's say that you go to the site of a software company and they take an audio fingerprint from you. Then, after a successful case, you turn off the virtual machine and go to YouTube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint. Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e entered the PP under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e entered YouTube under the ip 192.168.1.100 (The ip from which you came to YouTube)”
2) PP or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and OS fingerprint
Uptime is the time that your vpn, socks, or tunnel is online.
Agree it's strange that Michael's computer has been running without a reboot for half a year
Solution: go to the tunnel console and write reboot
OS fingerprint – in simple language, each OS has different packages. That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration. There is a simpler solution to this problem, but it is still at the testing stage.
