[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Real basic questions for linux



You can only go so far in attempting to blend all the users together
into one indistinguishable group, so the Tor Browser Bundle's job is
to give it the best possible shot.  It can't possibly do everything,
catch all cases, or correct your unique fingerprint of spelling
mistakes.  However, it still gives you the best possible shot of any
other available method, period,  even if you are the God of Browser
Configuration.  It has nothing to do with skillset and everything to
do with reliably making everyone statistically too close in
configuration to make unique identification reliable.

Doing anything but using the stock Tor Browser Bundle works against
you, but in a very subtle, non-obvious, Chinese finger-trap sort of
way:  You aren't using TBB like everyone else is, so you are uniquely
identifiable across web sites and exit nodes because you are doing
something (anything!) else, regardless of specifically *what* it is
you are using.  The more you change things further, the more unique
you make yourself, unless you make everyone *else* do exactly what you
are doing, too.

If TBB does indeed send your real screen resolution (that may have
been accounted for, I don't know), you may be part of a group of
57.68% (or whatever the real figure is) of users running TBB at, say,
1280x1024, but that group is still a heck of a lot larger than one
user out of all users doing something entirely different altogether,
so TBB is still the smarter choice of the two.

On 1/3/12, Chris <tmail299@xxxxxxxxxxx> wrote:
>> On 03/01/12 16:44, Øyvind Sæther wrote:
>>> Just ignore the Browser bundle bullshit, that's for stupid Windows
>>> users and pointless on *nix systems.
>>
>> There's a good reason still to use the Tor Browser: it provides a
>> "standard" environment which is the same as every* other Tor user's.
>> Safety in numbers is never truer than with anonymity; compare with the
>> Black Bloc tactic often used at demonstrations. If everyone looks the
>> same it's much harder to identify individuals.
>>
>> As soon as you use your own browser (stock Firefox, LWP::UserAgent,
>> whatever) you reduce your anonymity group substantially. If you're
>> unlucky you may have a unique browser fingerprint. And surprisingly you
>> don't need to be that unlucky for it to happen. Modern browsers leak A
>> LOT of information. And building a custom browser that doesn't leak will
>> make you stand out even more - unless we all use the same custom
>> browser, of course...
>>
>
> I think you nailed it. The key is consistency between  users. There are
> enough differences even with users running the same software. The TBB runs
> on multiple platforms with multiple screen resolutions and multiple
> different updates that even with the TBB you can stand out as unique. It
> has occurred to me that it may be wise to dedicate a computer to Tor
> entirely and not use it for anything non-Tor necessary. At least then it
> isn't possible or much more difficult to fingerprint users between Tor and
> non-Tor use. Even then there could still be ways to fingerprint and
> connect a user. Your ISP, your modem, and other latency or surfing
> particularities. Do you always spell a particular set of words wrong? Or
> do you always spell every word right?
>
>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk