Silo for Research (Toolbox) equips InfoSec professionals with powerful tools to securely and discreetly conduct online research. Operating within a disposable, cloud-based browsing environment, Silo for Research protects local machine resources while helping researchers avoid attribution exposure
To support misattribution, Silo for Research has the option to modify key browser fingerprint elements — such as the reported operating system, browser version/type, and language preferences. These adjustments can be configured centrally via the Browser Fingerprint Management panel in the Silo Admin Console, or applied in a more limited fashion directly within the Silo for Research browser session
Browser Fingerprint Management Definitions
Misattribution — the act of changing web server facing characteristics of your browser session, as a way to obfuscate your true identity, or to influence how web content is presented (e.g., Desktop vs Mobile). Within the context of Silo for Research, the characteristics that can be changed are geo-location, OS brand and version, browser type, version, and language
User Agent String (UAS) — a string of text passed to a web server at the beginning of an HTTP session to identify various attributes of a browser
More Info: Browser User Agent
(IP) address Geolocation — the process of identifying a person’s location by IP address
More Info: https://support.authentic8.com/support/solutions/articles/16000027683
Language Settings — determines the default language displayed by the browser in the Accept-Language request-header
Technical Details
Options pertaining to Browser Fingerprint Management are available here: https://support.authentic8.com/support/solutions/articles/16000026579-how-to-create-a-toolbox-launcher
Egress Location
controls the server region where your Internet traffic emerges from
Browser Fingerprint
allows for the configuration of the User Agent string, platform (OS), language, and time zone
- UA String may be set to any of the preset values —or— custom. Any valid UAS value is accepted in the custom field
- Platform may be set to Windows, macOS or Linux
- Language may be set to any language setting you like
- More about Language Tags
- More about Accept-Language request-headers
- Time zone
Important: The default settings are set to apply the local Language and Timezone based on the egress node location
Configuration
Browser Fingerprint Management options can be managed within the Silo for Research (Toolbox) configuration pane within the Web Apps section of the Silo Admin Console. Additionally, it is possible to change the UA settings directly within an active Silo for Research session.
The policy to allow in-session changes to the UAS value is done through the Silo for Research Web App shortcut configuration
Admin Console Settings
The following menu is shown in the Browser Fingerprint section of a Silo for Research web app:
If the settings are left as-is, the system will automatically use the default settings as defined by the native Linux operating system, along with the language and time zone of the selected egress node. The option to allow in-session changes to the UA string can be managed below.
Click the Customize Browser Fingerprint checkbox to activate the Allow in session user agent switching option
The following options are available:
- User Agent — choose one of the predefined UA settings, or select Custom User Agent to specify a custom Browser User Agent value
- Platform — select from Windows, macOS or Linux
- Language — enter a valid Language Tag
- Timezone — select an appropriate or preferred timezone
In Session User Agent Changes
If in session user agent switching is enabled, end-users will be able to click the flag icon from the Toolbar, followed by Change. This will display a drop down list of available User Agent string values — selecting a UAS entry will apply the change immediately
Browser Fingerprint Management and Misattribution Use Case
Non-attribution web browsing is the de-facto state for all Silo for Research sessions. When enabled, end-users have the option to change the characteristics of their browsing session in order to appear as something they are not. However, the intent of these features is not to guarantee complete misattribution in all scenarios. Rather, the intent is to make the changes sufficient enough to pass a cursory review of web logs, or other information to help avoid detection. This is especially true when Java or Flash are enabled in the browsing session
If properly configured, these technologies allow the web server to perform a more rigorous analysis of the web client attempting to establish a connection. Please note that a browser mismatch can be detected with websites that employ an advanced browser detection measure
For example: a Safari browser running on Windows, with certain Linux fonts installed. To a discerning eye, these would stand out and seem suspicious but at a cursory glance, they may go unnoticed
Silo for Safe Access Native Environment
Both Silo for Safe Access and Silo for Research (Toolbox) sessions originate from Linux servers running a customized version of Chromium. The default settings are based on this environment when no custom Browser Fingerprint is specified
Native Language + Timezone Settings
Both Native Language and Timezone settings will be inherited from the egress node location. This promotes the most natural setting for the browser session
Please contact Support for any additional questions