[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

> Date: Wed, 8 May 2013 08:57:48 +0200
> From: Lunar <lunar@xxxxxxxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?
> Message-ID: <20130508065748.GA975@loar>
> Content-Type: text/plain; charset="us-ascii"
> Joe Btfsplk:
>> OK, thanks for detailed reply.  Now that the "adversary" has a
>> fingerprint of my machine (therein lies the problem - the data being
>> given out), unless they're the gubment & I'm a bad guy (or living in
>> a represses society), what are they going to do w/ that info?
> This means that the anonymity is broken. Your browser can be uniquely
> identified among the others. In a repeated manner, across Tor circuits,
> Tor Browser sessions and system reboots.
> --
> Lunar

Here's a likely example of what Lunar is talking about. If you visit this
link you will be presented a survey form.

The javascript for that page creates a string listing:
1) every plugin for your browser
2) fonts that match his list of fonts.
3) The screen height of your system
4) the screen width of your system.
5) the timezone offset.
6) a timestamp:randomnumber string.

These strings added to hidden input fields and submitted to the browser
when someone agrees to participate.

The person doing the survey is likely collecting browser fingerprints to
identify duplicate entries by people using proxies.  That person
conducting the research is simultaneously the researcher and a blogger who
has been known to express quite a bit of hostility toward category of
human subjects he has invited to participate in his survey.

Obviously, fingerprints when collected are used for whatever purpose the
person collecting them wishes to use them form.

tor-talk mailing list