[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox privacy and Tor Browser

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Firefox privacy and Tor Browser
From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
Date: Sat, 27 Mar 2010 15:39:06 -0430
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Sat, 27 Mar 2010 16:09:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:received:message-id:subject:to:content-type; bh=yjyOh8vQYQlk8sh21JFL7+doJGFtzywk8In7UXwTKuk=; b=guGriAsUeODQfzE+U1A3cGZoag0GHAFSVX+xXAmyAR9TDoxfu/EapRXC7wozVQeuuQ TGewbyi+71dPyDzX7pbWucUk9EWRbX3GeySXfgW9zk5NCQdeLBRpfvrQdRb57jLJQA8f 5XVt7coIOnvkQGdrIVEahmhgNgzCXURwVMS/E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=SG2gQ6GrRHBvKVmuThU6Lkyr/ah0+rMae7YZ45lGE6ZhZ1yqgODUfdCMLiTmbpJMnz EyAA7ZEoYK5zu2YC3qzQWyM625eQax8gAZlNfmYj3G3MMpMAsh2J9sRgh3u/hPeNSqgI nukuc011DWnGM4h92er+KLXGqDRRsd05NNj04=
In-reply-to: <a08881bc1003270947v616debe1j478c49649fcdee89@xxxxxxxxxxxxxx>
References: <44a1f4d21003270917l3254b423te57ea7d9b698fe13@xxxxxxxxxxxxxx> <a08881bc1003270947v616debe1j478c49649fcdee89@xxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

On Sat, Mar 27, 2010 at 12:17 PM, Al MailingList
<alpal.mailinglist@xxxxxxxxx> wrote:
> Google's safe browsing is just an HTTP request, so I would assume when
> tor is correctly configured it would not be in the clear.

It would be clearly visible to Tor exit nodes, and the "signature" of
such traffic would be clear to a local observer (I elaborate further
down).

> Reference 5 seems to have his tin foil hat on a little tight.

Probably a Tor user. ; )

> I'm not
> quite sure what he's saying, but the google safe browsing updates
> don't send the sites you're visiting, it simple retrieves the list of
> bad sites (more specifically a diff of the bad sites list since your
> last update). So all they can do is track that a particular user is
> updating the local black list periodically.

That's correct, but with each of those requests to update your
browser's blacklist, is sent uniquely identifying information
(including "machineid" and "userid"). This information does not change
over time, and cannot be prevented from being sent -- even in Private
Browsing mode -- unless you unsubscribe from this service in the
preferences. In effect, your browser is periodically phoning home to
Google with a uniquely identifying key that -- and this is the issue
that I think Tor developers should consider closely: -- does not
change across browsing sessions.

To illustrate why I think this is something that concerns Tor, allow
me to elaborate. There has been some discussion regarding identifying
Tor users based on correlating "signatures" of traffic observed
locally versus at exit nodes. Instead of watching website traffic, an
attacker could instead watch intermittent noise. Things like a
specific combination of RSS bookmark auto-updates, or... periodic
blacklist updates. The Google Safe Browsing update traffic occurs in
bursts and periodically, and will therefore have a very unique
signature. Furthermore, the uniquely identifying key sent to Google
unencrypted each time would allow an attacker to cross-reference exit
node traffic and identify a user across sessions.

It may seem far-fetched, but I don't think it's inappropriate to
consider these possibilities.

-- 
Mansour Moufid

Follow-Ups:
- Re: Firefox privacy and Tor Browser
  - From: Al MailingList

References:
- Firefox privacy and Tor Browser
  - From: Mansour Moufid
- Re: Firefox privacy and Tor Browser
  - From: Al MailingList

Prev by Author: Firefox privacy and Tor Browser
Next by Author: Re: Firefox privacy and Tor Browser
Previous by thread: Re: Firefox privacy and Tor Browser
Next by thread: Re: Firefox privacy and Tor Browser
Index(es):
- Author
- Thread