[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11949 [Torbutton]: Randomize Browser Fingerprint..

Subject: [tor-bugs] #11949 [Torbutton]: Randomize Browser Fingerprint..
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 14 May 2014 05:17:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 May 2014 01:17:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11949: Randomize Browser Fingerprint..
-------------------------+---------------------------
 Reporter:  mt2014       |          Owner:  mikeperry
     Type:  enhancement  |         Status:  new
 Priority:  blocker      |      Milestone:
Component:  Torbutton    |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------------
 TorBrowser still can be easily fingerprinted:

 1. check your fingerprint ID here & copy it to notepad:
 http://fingerprint.pet-portal.eu/
 http://www.browserleaks.com/canvas

 2. Do whatever you can to delete your trace (dom storage, html5 storage,
 cookie, flash cookie, reinstall browser)

 3. check your fingerprint once more from above sites. 99% it will still be
 same!

 Most advertising company loves this kind of static fingerprinting, so they
 can track their user. , especially by big company like google. I have many
 clients who experienced opening adwords account then for whatever reason
 their account is banned for life by google, then they open new account by
 using all new identity (brand new unrelated browser, new credit card
 identity with different name, new address, new internet connection, the
 only difference is using same computer), you know what happend? couple
 days later this brand new account banned because they know it is old user
 that they banned before. Sometimes I dont know how can they find out, but
 as far as I know this guys is really really good when fingerprinting
 everysingle user they have. the only failproof solution is also using
 completely new computer or using new virtual computer using VPN provider.

 Static fingerprint like this also threatening small privacy browser like
 torbrowser & jondofox, if big companies feel that this privacy browsers a
 threat they can just easily blocked all access by this browsers using
 their fingerprint. User will fell it is browser's bug then change another
 browser. It happens with opera once. This opera browser was growing fastly
 couple years ago and it becoming a threat for google chrome growth, so
 google blocked all access to most google service by opera browser then
 recommend big 4 browser instead.

 http://dev.opera.com/blog/google-browser-sniffing-and-the-open-web/

 Now what happens? opera becomes google's bootlicker. Now they agree
 whatever google wants them to do. See all opera browser you will notice
 many google product is there now. Even opera now uses Google's Blink as
 their engine.

 maybe TorBrowser should randomizing some browser data per browser session
 like using "Firegloves", "Random Agent Spoofer" & "IpFlood" addon? This
 asddon works by randomizing some browser data such as timezone, screen
 dimension, useragent, etc.

 RAS also send fake "X-Forwarded-For" & "Via" Header (Usually used by
 transparent proxy to let the sites know the real ip address), if we send
 this fake header, the site will think that our real ip address is just a
 transparent proxy server.


 Thank you for taking the time to read this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11949>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #11949 [Firefox Patch Issues]: Randomize Tor Browser Fingerprint (was: Randomize Browser Fingerprint..)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11949 [Firefox Patch Issues]: Randomize Tor Browser Fingerprint
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #11948 [- Select a component]: we're not going into work out with
Next by Author: [tor-bugs] #11950 [- Select a component]: TOR Not loading.
Previous by thread: [tor-bugs] #11948 [- Select a component]: we're not going into work out with
Next by thread: Re: [tor-bugs] #11949 [Firefox Patch Issues]: Randomize Tor Browser Fingerprint (was: Randomize Browser Fingerprint..)
Index(es):
- Author
- Thread