[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Users profiling through personÐl banners filtering settings








-----Original Message-----
From: Kraktus <kraktus@xxxxxxxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sent: Mon, Apr 25, 2011 8:26 pm
Subject: Re: [tor-talk] Users profiling through personÐl banners filtering settings

Well, you could make this argument for any blocking activity: cookies,

_javascript_, plugins, ad-blocking, etc. If one user is blocking a bunch

of things, then they stand out because they are blocking things, and

most people aren't. You might even be able to do extensive tests to

find out what sorts of things they are blocking and find some sort of

pattern.



Take cookies for example. Imagine these scenarios:

1. User blocks all cookies.

2. User blocks all cookies except cookies from whitelisted sites.

3. User accepts all cookies except cookies from blacklisted sites.

4. User accepts all cookies.



Now, as I understand it, your argument is that any deviation from 4,

but especially selective whitelisting/blacklisting as described in 2

and 3, is a variation from the norm and hence makes a user stand out.

(I believe, it would actually either require multiple sites to

collaborate to perform such an attack, or else, as you suggested, the

exit node itself might perform the attack.)



Now, while there are some cookies that do not contain anything unique,

most cookies are used to store unique IDs. So if you accept a cookie

from a site, they are probably going to give you a unique pseudonym

they can use to track you with. On the other hand, if you refuse to

accept cookies from that site, then you are part of the anonymity

group of Tor users who do not accept cookies from that site. Yes, they

could use other techniques to narrow things down, but at least you

haven't let them give you a unique session ID. So, I think the closer

you can get to 1, without sacrificing too much usability, the better.

The more Tor users can be persuaded to do 2, the better. The more Tor

users could at least be persuaded, if not to do that, then to at least

have a blacklist of advertising domains (3), the better. Then you will

stand out less when you refuse to accept a cookie. (In Firefox, you

can use the Cookie Monster plugin to help with this.)



_javascript_ is even worse. _javascript_ often has security

vulnerabilities, so an attacker might exploit a buffer overflow or

something, and use that to reveal your identity. Even if the

_javascript_ is not exploited, it can still reveal a lot of information

about you. For an idea of what I am talking about, take a look at this

site and allow _javascript_.

http://ip-check.info/?lang=en

(That will also show you why you shouldn't allow plugins such as Java

or Flash when using Tor unless you have a fancy setup to force them

through Tor, or simply don't care about your anonymity that much, and

even then, they can still reveal a lot.)



Now, even normal, non-exploiting _javascript_ still reveals much more

specific information about my computer than simply "This user does not

permit _javascript_ from your website". So again, the more _javascript_

you block, the better. The more Tor users can be persuaded to only

allow _javascript_ from specific websites (where the usability concerns

outweigh the anonymity concerns). the better. The more Tor users can

be persuaded, if not to do that, then at least to specify websites

they don't want to allow _javascript_ from, the better. In Firefox,

NoScript can help with this.

Here's a good noscript.untrusted, if you prefer the blacklist method

or just want to minimize the chance of accidentally allowing

_javascript_ from an advertising/tracking domain:

ad.linkstorms.com adbrite.com adbureau.net addthis.com addynamix.com

adgardener.com ads.alphatrade.com ads.forbes.com ads.pointroll.com

ads.reason.com ads.space.com ads1.msn.com adsonar.com adtech.de

adtology3.com advertising.com adzones.com afy11.net blogads.com

doubleclick.com doubleclick.net facebook.net falkag.net getclicky.com

google-analytics.com googleadservices.com googlesyndication.com

hitbox.com quantserve.com scorecardresearch.com serving-sys.com

specificclick.net statcounter.com tacoda.net zedo.com

http://adbrite.com http://adbureau.net http://addthis.com

http://addynamix.com http://adgardener.com http://adsonar.com

http://adtech.de http://adtology3.com http://advertising.com

http://adzones.com http://afy11.net http://blogads.com

http://doubleclick.net http://facebook.net http://getclicky.com

http://google-analytics.com http://googleadservices.com

http://googlesyndication.com http://hitbox.com http://quantserve.com

http://scorecardresearch.com http://serving-sys.com

http://specificclick.net http://statcounter.com http://tacoda.net

http://zedo.com https://adbrite.com https://adbureau.net

https://addthis.com https://addynamix.com https://adgardener.com

https://adsonar.com https://adtech.de https://adtology3.com

https://advertising.com https://adzones.com https://afy11.net

https://blogads.com https://doubleclick.net https://facebook.net

https://getclicky.com https://google-analytics.com

https://googleadservices.com https://googlesyndication.com

https://hitbox.com https://quantserve.com

https://scorecardresearch.com https://serving-sys.com

https://specificclick.net https://statcounter.com https://tacoda.net

https://zedo.com



I feel the same way about adblocking. The fewer web logs I show up in,

the better. I don't see any reason why I should show up in the log of

website that is pretty much exclusively advertising. When I visit a

website, I only want to show up in the log for that website, not a

bunch of third party websites. Unfortunately, some websites don't work

without third-party content, so I guess unless I don't care about

usability, I have to make some compromises. Still, I have found

adblockplus very useful for blocking third party content without much

of a usability hit. EasyList and EasyPrivacy are very helpful. The

localizations are good if you visit a lot of non-English websites.

Antisocial is good for stopping tracking by social networking

websites. Malware Domains is probably a good idea for Windows users

who don't like to use anti-virus, or who only like to use it

on-demand. (That is, none of that active protection stuff.) Certain

other lists are good if you are visiting certain types of websites.

You know, there have been cases of people getting viruses from

reputable websites when an infected advertisment somehow made it in to

whatever advertiser they were using.



In short, I think the privacy benefits of blocking unwanted

cookies/_javascript_/third party content is far greater than the risk of

being profiled based on your pattern of blocking stuff, and if you are

concerned about being profiled based on your pattern of blocking

stuff, then the solution is to get more Tor users to block more of

that sort of thing.



On 10/04/2011, unknown <unknown@xxxxxxxxx> wrote:

> On Tue, 22 Mar 2011 18:26:34 +0000

> unknown <unknown@xxxxxxxxx> wrote:

>

>> Too many users dislikes of annoying web elements -- banners, popups,

>> scripts,

>> strange frames. They use a tools to blocks that elements or change webpage

>> rendering.

>>

>> Traditional programs for filtering is a local proxys -- privoxy or polipo

>> are examples with

>> close relation to Tor and used actively. This programs cannot filtering

>> SSL-content and evil site

>> can use mix of SSL-ed and non-SSL-ed banners, pop-ups, etc to determine a

>> fact

>> of using such proxy and trying to guess personal users filtering settings.

>>

>> The problem may be even worse, with or without using this proxy, even if

>> users block

>> contents within a browser itself (with Firefox plugins to block banners,

>> and scripts). Not

>> only sites, but "mans in the middles", adversarial clusters of evil exit

>> nodes

>> can does parsing traffic and modifying web contents by injecting banners,

>> misconfigured

>> cookies, incorrect frames.

>>

>> Injected traffic for various sites, in different times

>> and seances can be the way of revealing users with personal blocking

>> rules. Data

>> about blocking profiles of that users may be statistical processed and

>> correlated.

>>

>> Is it a real threat? Should Tor users stop blocking contents

>> selectively? Or they can use predefined and shared rules in analogy of

>> Torbutton?

>

> Let me describe a two examples about users blocks banners in

> privoxy/polipo/adblock/etc:

>

> 1. Webhost can see that user block russian/german/chinese/etc big portal

> banners. Webservers owner can make a conjecture about specific language of

> the user.

>

> 2. One exit or colluding exit nodes can compare banners blocking profiles

> from time to time. Profiles can be linked from different seances.

>

> Any comments?

Why does Tor Browser bundle
come with _javascript_ enabled?

>
>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk