[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] torbutton user agent update scheme idea

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] torbutton user agent update scheme idea
From: Justin Findlay <jfindlay@xxxxxxxxx>
Date: Sat, 09 Nov 2013 13:45:52 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 09 Nov 2013 15:45:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=bSBk/B3O5MKQCS8wDXCM3vbU0Xx4DFQ7FnrOVYwrtug=; b=w2Eaf4/gB3qypN4mraqEa/E3ewPC3nQOch0f7/338XvigE8Hb1SAPewZKLJj5mbeNo PRR+yJRC1q+9m2sIuOy1TL11pCHkKoZEbLOw9gOV3PHSZ4nQrgtTPT+7/e5Dsv7xmQ/u wtB7OHNaKhZ8ya1sQuKBRVXdh5GxKtwME/qdXfoBoojwRHfjfn0SF/ZY5hBwmfUd476U j1XoECzpm+d1AQI/pRP8CMLdU4NXysWlCztxtjZRR0HkCRhd3Jlm7zxJAIMcPSYEPqWn hayYBeyR9PCKH/MtEkfS59uWxQXQ1IcSjAnuV9c5Y1vg8kcI5s5anP7jS3AXM5WeD1qY c24w==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

Sorry for always picking random stuff from the volunteer page, buthaving read this,


<quote>

Programs like Torbutton aim to hide your browser's UserAgent string byreplacing it with a uniform answer for every Tor user. That way theattacker can't splinter Tor's anonymity set by looking at that header.It tries to pick a string that is commonly used by non-Tor users too, soit doesn't stand out. Question one: how badly do we hurt ourselves byperiodically updating the version of Firefox that Torbutton claims tobe? If we update it too often, we splinter the anonymity sets ourselves.If we don't update it often enough, then all the Tor users stand outbecause they claim to be running a quite old version of Firefox. Theanswer here probably depends on the Firefox versions seen in the wild.Question two: periodically people ask us to cycle through N UserAgentstrings rather than stick with one. Does this approach help, hurt, ornot matter? Consider: cookies and recognizing Torbutton users by theirrotating UserAgents; malicious websites who only attack certainbrowsers; and whether the answers to question one impact this answer.

</quote>

I think the best answer is simple, although a little more than trivialto implement.

If you want to anonymize the user agent, you need to mimic the useragent changes made by normal users across the web, and I'm positing thatin any statistically significant sample of web users, the behavior willbe similar and simple enough on nearly all orders of magnitudeavailable, i.e., normally distributed in any analytical dimension.

Think about the natural evolution of a typical web user's user agent.What are the factors that will result in a change of user agent?


1) A user may have more than one browser that they use on the same computer,

2) they may use the web on more than one device (phone, tablet, laptop,desktop),

3) and typical, stochastic upgrade patterns.

For (1) and (2) there is not much torbutton could do to coordinatereasonable obfuscation among multiple version, logical, space, and timeseparated instances without way more effort than would be profitable.In fact, (1) and (2) ought to naturally provide most if not all theanonymizing that can reasonably be accomplished from torbutton'sperspective without any action at all on torbutton's part.

For (3), though, there is something that could be done by torbutton.Some factors to consider in constructing a stochastic user agent updaterare:

- which browsers automatically upgrade themselves?
- which browsers bother the user to upgrade?
- what are the typical user response patterns towards browser upgrades?

Remember, we're thinking about a single browser on a single system. Ifthere are things going on for that user external to this (reinstallwindows, upgrade ubuntu, get a new computer, etc.) those effects arealready accounted for by (1) and (2).

Some investigative questions/statements to lead an analysis on thiscould be something like:


'what is the distribution of browsers for human web users?'

'what is the distribution of systems and system versions for human webusers?''what are the significant correlations on the cartesian product of thesetwo dimensions?'

'how do the browser versions in this product space evolve through time?'
...

'2/3 of firefox users are on windows and their upgrade habits follow atemporal distribution that is a spike followed by an exponential decayof order 2.3','0.8 of the remaining firefox users are on linux and their update habitsare dominated by package management systems',

etc.

Then, upon finding the most significant trends in browser updatepatterns, construct a mechanism for torbutton that mimics them on a peruser basis: Once a user installs torbutton, it samples (selects) abrowser from the distribution of browsers and then follows thatbrowser's typical upgrade pattern. The problem with this idea, I guess,is that torbutton will have to phone home to find out when browserupdates are adopted by users so that it can make its change at theexpectation value or whatever.

The goal being to distribute torbutton users according to thedistribution of all web users among all user agents, you must first findout what that latter distribution is and how it is likely to evolve.This second part is not so bad as it seems because I'm guessing thatsome forward standard deviations of the expectation value in thetemporal sense will occur late enough after the browser update thattorbutton can push it out to most installed instances (it's not going tohappen before, causality and all).



Justin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] recreated website png diagrams as svg
Next by Author: Re: [tor-dev] Apple App Store Redux
Previous by thread: Re: [tor-dev] recreated website png diagrams as svg
Next by thread: Re: [tor-dev] Notes on HS revamping
Index(es):
- Author
- Thread