Thus spake kazaam (kazaam@xxxxxxxxx): > Hi, I found this article called "total recall on firefox": > http://0x000000.com/index.php?i=520&bin=1000001000 it describes a > method of calculating hashes for a surfer depending on which plugins > he uses. While I think that this wouldn't allow to determine one > person it could decrease the user-group in which you want to hide > yourself. > > What do you think about this? A few comments on this. First off, the fact that window sizes factor into a hash means as soon as you resize your window 1 pixel, they get a completely new identifier, uncorrelated to the previous one. So this is a trivial identifier to modify on your own if you are aware of it, or even to change accidentally. But otherwise, I agree it is pretty interesting work, and Torbutton 1.1.14 will address many of these items, including a couple of modes of operation for masking window size, and protection against revealing extension installation during Tor. The ability to use chome urls to determine true user agent, extension presence, and platform information was brought to our attention courtesy of Gregory Fleischer about a month ago. Unfortunately, fixes for his issues and the window size spoofing code didn't make it into the 1.1.13 release because of the more serious javascript and plugin issues recently descovered in Firefox that that release had to work around. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgptxXb0sienD.pgp
Description: PGP signature