Thus spake misc (misc@xxxxxxxxxxx): > On Fri, 15 Feb 2008 13:38:58 -0800, Mike Perry wrote: > > > Thus spake kazaam (kazaam@xxxxxxxxx): > > > > A few comments on this. First off, the fact that window sizes factor > > into a hash means as soon as you resize your window 1 pixel, they get > > a completely new identifier, uncorrelated to the previous one. So this > > is a trivial identifier to modify on your own if you are aware of it, > > or even to change accidentally. > > > > But otherwise, I agree it is pretty interesting work, and Torbutton > > 1.1.14 will address many of these items, including a couple of modes > > of operation for masking window size, and protection against revealing > > extension installation during Tor. The ability to use chome urls to > > determine true user agent, extension presence, and platform > > information was brought to our attention courtesy of Gregory > > Fleischer about a month ago. Unfortunately, fixes for his issues and > > the window size spoofing code didn't make it into the 1.1.13 release > > because of the more serious javascript and plugin issues recently > > descovered in Firefox that that release had to work around. > > What about NoScript extension? Will that prevent gathering information > about installed plugins and other settings? Not to my knowledge. Adblock Plus has support to hide extension presence, but I believe extensions have to programmatically request it from an Adblock service. Torbutton 1.1.14 should be out early next week, and will address these issues. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgp4ZQ20HLDUX.pgp
Description: PGP signature