[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Maybe Firfox isn't the best choice for privacy?



Thus spake kazaam (kazaam@xxxxxxxxx):

> Hi, I found this article called "total recall on firefox":
> http://0x000000.com/index.php?i=520&bin=1000001000 it describes a
> method of calculating hashes for a surfer depending on which plugins
> he uses. While I think that this wouldn't allow to determine one
> person it could decrease the user-group in which you want to hide
> yourself.
> 
> What do you think about this?

A few comments on this. First off, the fact that window sizes factor
into a hash means as soon as you resize your window 1 pixel, they get
a completely new identifier, uncorrelated to the previous one. So this
is a trivial identifier to modify on your own if you are aware of it,
or even to change accidentally.

But otherwise, I agree it is pretty interesting work, and Torbutton
1.1.14 will address many of these items, including a couple of modes
of operation for masking window size, and protection against revealing
extension installation during Tor. The ability to use chome urls to
determine true user agent, extension presence, and platform
information was brought to our attention courtesy of Gregory
Fleischer about a month ago. Unfortunately, fixes for his issues and
the window size spoofing code didn't make it into the 1.1.13 release
because of the more serious javascript and plugin issues recently
descovered in Firefox that that release had to work around.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgptxXb0sienD.pgp
Description: PGP signature