[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] browser fingerprinting

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] browser fingerprinting
From: Randolph <rdohm321@xxxxxxxxx>
Date: Sun, 13 Apr 2014 21:20:35 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 13 Apr 2014 15:27:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=nCjKRPuSkGsSuZu1oci3J4lDzSEwrq5d8z6jaDjaPRU=; b=VlNqIrfZKySYIIvxyFKwJCqgN2zag/t2zhFBwWIaEy64kHR7VhkQr4026qbEe72eOd x+yVSwPxtDC8C21C7wGaiGWLcjRE7XfVrOdfjfVOYnaNHkZ324mPzlS4mCFIJqTYmToY c1i0QDN/6Ep4ERVuaM9zqzIFK4u3/kv62QaFKYP3bdmcmf6KA5Y/bAXd0ldCtcQqldrg 4Hhek9DgNFP6WlQu2hHrho+vnYlcchgb/8aq0nyV2kCXOYOCKevEGE5cLrY8rRurNaBm MUOahuNvz6jNgIJTVFnS/BNgUvnXFnyzjujY1AdfUvyxN9T6wjVvhleK2gK6lxubF0Ds G3OQ==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

http://arstechnica.com/tech-policy/2010/01/even-without-cookies-a-browser-leaves-a-trail-of-crumbs/

https://panopticlick.eff.org/self-defense.php

Anonymity is quite easily broken, if cookies cannot managed (e.g. like
in certain browsers) and if javascript is enabled. As far as we see,
Firefox in the Tor bundle disables javascript, right?
Javascript allows to access the local IP address and files, which host the
local IP address. That`s why Tor and Javascript do not go together.
I miss in FireFox a dedicated cookie management.

Besides these two serious problem there is browser fingerprinting.
Incriminating are the details of a particular browser plugin setup (e.g.
only 1 in 20,830 browsers have an identical plugin load) and the list of
system fonts: 1 in 13,886).

How likely is it, that another one is like me, one of 20.830 and one of
13.886.

That leads to the question: How can Tor deliver websites without these
settings? Browsing without a browser: e.g. a screenshot in a picture viewer
would not offer these risks.

Ideas? comments? Regards
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] browser fingerprinting
  - From: Gerardus Hendricks

Prev by Author: Re: [tor-talk] [tor-relays] Is Kaspersky right to be concerned?
Next by Author: Re: [tor-talk] browser fingerprinting
Previous by thread: Re: [tor-talk] Does Tor need to be recompiled *after* the opensslupdate?
Next by thread: Re: [tor-talk] browser fingerprinting
Index(es):
- Author
- Thread