The first one I tested which is my up to date copy failed spectacularly and gave up all my info.
Version 36.1.1.21
Oddly enough I have a older copy installed as a portable (Version 33.1.0.0 (portable) and it did not pass any information at all so no worries on that one.
To make sure it was not a portable vs full install I went ahead and created a portable install with the new version and it passed all my IP info just like the first one did so yes it is a new version vs old version.
So if you want to be save from prying eyes while using a Chromium based browser with your vpn you either need to use a older version or install a plugin to stop javascript from running in your browser.
On the other hand I was able to kill it in my FF based browsers in about 15 seconds…
i activated the “webRTC block” plug in and again refresh the page and my ip was gone!
no value shown on display! total blank! so assume there is no leakage…
i am protected now! ( for the time being at least…)
Don’t also forget to change your DNS servers. If you obtain DNS server addresses automatically via DHCP you’ll be using your ISPs DNS server which will leak your IP address. Change to OpenDNS servers or ComodoDNS servers instead.
Tried that link and … it’s bad… red warnings all over the place!
it detected the false IP given by ZENmate VPN plug-in BUT…
also detected my own personal IP via flash! it got me pretty good!
the site says i should deactivate the plug-in.
i tried the work around flash problem stated here and im only using the pepperflash from chrome installation. ( deactivated the adobe flash plug in in settings)
and still it does not even work on my CD… i cant see no flash videos embedded on websites!
Use flash control and quick javascript switcher extension for chrome, to hide your real IP. Zenmate suggest flash control extension on their site.
When using flash control, whitelist sites you trust to show flash content (videos as example). Also set up your browser to click and play stuff like flash content, this way you can choose to run flash on sites you trust or know is safe.
For DNS servers, i dont know if your current DNS server is secure and private or log your IP adress and so on, but i suggested non logging DNS servers in my previous post, that you can add to your router or set up for specific computers. Search google for tutorials.
Your DNS servers is bad if you search something or try to access a site, and the search redirects you to something else than the site you try to access. Thats how i understand it, reading on different forums. But im no expert, maybe someone better can explain with more detail.
If you install flash control extension and block flash on the jondo site i suggested, it should show zenmate IP and not your real IP.
OK! installed the flash control plug in and did not tweak a thing on the plug in option menu.
i leaved it as it is after installation!
So?
i turned on my ZENMATE VPN plug in and set it to a USA IP (Virginia). >:-D
went to the link you gave and Voilá!
my real IP did not show in the beginning below the fake USA IP!
HOWEVER i reloaded the flash table (middle of the page) and it showed my real IP
…SO blacklisted that JONDO site on the flash control plug in… and now it wont even show the flash table! its like … it’s not there.
as for the java table ( right above the flash table)… an error occurs…
it blocks automatically saying that my “security settings blocked the application from running!”
it only shows the red frame where the java table results should be…
So…i assume Java is blocked by CD it self perhaps?! :o
As for DNS… well i really wanted to avoid messing around with my router. if there is a way to test it easily it would be nice…
anyway i think i am much much better now.
still get some red warnings ( FONTS, HTTP session, MIME TYPES, some plug ins, etc)… but as far as IP goes… i think im ok! (for now)
its amazing how much vulnerable we are!
should i assume any of this flash vulnerability issues to be addressed in the next CD v41 release?
cause on JONDO site it seems to be a solution for every problem regarding firefox browser!
My flash in comodo STILL DOES NOT WORK at video level! but at game level it works! weird huh?
Why would CD have to address flash vulnerabilities ?
If you install adobe spyware thats your responsibility not Comodo
Have you looked at the history of adobe flash … It has always been a security and privacy problem with regular zero day exploits for many years, there have been a couple of such critical fixes to adobe software in the last week
It also breaks Chromes privilege levels ( google tried to address that problem by making their own version of flash, called pepperflash, but even then it is still a major privacy concern ) - Adobe do not care that it does this, so if you are using the full version of adobe flash / shockwave then you only have yourself to blame for undermining the Privacy and Security which Comodo Dragon is trying to give you.
The relevant bit starts at the bottom of page 27 ( trusted levels ), and continues over the page. But its worth reading page 26 aswell to understand what you are breaking with bad plugins such as flash. Then read on pages 28 / 29 / 30 / 31 ( page selection is top right of the screen )
After reading that, ask yourself what else these free plugins and games could be doing with an advanced programming language in your browser ( Action Script ) which flash provides, along with all the communications channels it opens up with third parties.
If you are going to use flash - Install Google Chrome aswell with its pepperflash. Uninstall Adobe Flash
Play games / get scammed etc in google chrome
And save your important secure browser ( Comodo Dragon ) from being undermined by plugins
Listen Internet still needs Adobe flash for to work properly on several websites!
what am i suppose to do?
pepperflash work around does not work on my CD browser on video level. but game level it works!
i have known for a long time flash layer has several bugs! fortunately HTML5 is here and is better… BUT many sites still use flash!
if i didn’t need it i would not install it! this thread showed my how vulnerable we are!
weird thing is firefox has a lot of workarounds as stated on jondo site! so should chrome!
for now i am quite good. i am using flash control plug in. … it helps a bit!
I think you did not understand the last three lines of my post which you quoted, lets try it with slightly different wording :
Install Google Chrome ( which comes with pepperflash ) ← Use this browser for games / videos
Uninstall Adobe flash / shockwave - You dont need it anymore
Use Comodo Dragon for serious Privacy and Security ← Dont ruin this with pepperflash OR adobe flash
So you now have two browsers installed.
Google Chrome ( with pepperflash ), and Comodo Dragon ( no flash )
No Adobe flash needed, anything Dragon cannot play, Google Chrome with Pepperflash can
( Actually, you will have three browsers installed, if you want Windows Update to work you still need parts of Internet Explorer installed )
Now do you understand ?
Google Chrome is less privacy, pepperflash is less privacy, if you need to use pepperflash why not use google chrome ( no need to use workarounds, keep it in google browser )
If you want good privacy and security online, then load up Comodo Dragon instead of google chrome.
This is where scriptblock is good. As long as you block that site it shows nothing, its only when you ALLOW or TEMP ALLOW with scriptblock that the page shows the real IP. So install scriptblock and only ALLOW sites you trust, and BLOCK all the other sites.
uMatrix is even better, as it works with firewall types of rules. A bit advanced for novice users, but a very good extension and a must have. Its like noscript for firefox, but for chromium based browsers.
Even with or without VPN or any extensions it only shows my local IP and not my public IP when visiting those sites… I don’t mind but I don’t understand what’s different on my system…
While blocking scripts are effective the problem is that most sites will not work correctly without them and a lot (most?) of the time there are so many scripts running on a page with names that do not really make it easy to identify what script is doing what it takes quite a bit of time to figure out which ones are necessary and which ones are just trying to pull in your info. I use no script on a couple of the FF based browsers that I use and sometimes I just give up and say ■■■■■ it I did not really want the info anyway (which is not true or I would not have gone to the site) or I just tell it to “allow all” so I can read the information which is really not a good choice either.
For sites you go to on a regular basis it is one thing but for new sites or sites you may only go to once in a great while taking the time needed to get the setting correct is sometimes just too high. Honestly not sure what the answer is but having to spend 2-3 times the actual reading time of an article just to make sure that I am not giving everyone and their brother the key to all my info is ■■■■■■■ up to say the least.
