[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] CloudFlare fingerprinting

2015-03-01 16:11 GMT+09:00 Lodewijk andrà de la porte <l@xxxxxxxxxx>:

> Of course it's possible. It's way harder than just, you know, regular
> tracking! Cloudflare probably has advanced tracking in order to determine
> the likelihood of being spam. Cloudflare also gets headers and IP
> addresses, in addition to having many access points already betray the user
> a little bit. The NSA only has to make sure to listen to every Cloudflare
> in and output, and they'll get a ton of decent info.

Oh, I'm sorry, I didn't notice you meant this as tor-specific. That sure
makes it a more difficult question.  I think there is little information to
go on, given many users use a single Tor exit node, and if all goes well
that information should be inseparable. NoScript makes it much harder to
see what happens on-page, without noscript there's a lot more profiling
info (mouse movement, typing rates, scrolling, those sorts of habits). One
could investigate if cloudflare can use a tracking-cookie (or similar) to
combine visits from a single user, as that would give a lot more profiling
opportunities. I assume every request passes through cloudflare, not just
the first, so site-usage should give a much better profile than the initial

Once you've found all the side-channels and their "discerning datapoint
quantity" you could calculate how often the users of a single tor node are
separable. The data is more complex, sadly, for a full observer, as there's
far more information to go on. A partial or near-full network observer can
combine timing attacks and the like with information gathered here.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to