On Wed, 07 Nov 2012 21:35:40 -0600 Joe Btfsplk <joebtfsplk@xxxxxxx> wrote: > > Further, adblocker filter choices are fingerprintable. > I'm only using AdBlock as an example. But in reality, if 90% of all > TBB > - English users had [something like] AdBlock & they all used > [something like] either "Easy List" or "Fanboy's List," how easy > would it be to fingerprint one among all TBB - English users? It's not specific to AdBlock. If everybody used exactly the same fixed list it wouldn't be an issue. But not there are a zillion ad networks out there and incredible as it is some people actually click the damn things. After all, if they didn't the industry wouldn't exist. Here's a possible attack I can conceive: Let's say Alice uses the default list, but chooses to unblock ads from $ADSERVER because they frequently serve ads that relate to some niche interest she has. $WEBSITE contains information which it is illegal to possess in Alice's Orwellian island homeland. It is also one of those annoying sites that embeds ads all over the place from multiple networks and makes it impossible for neurodiverse types like her to focus; exactly the sort of thing she wants the ad blocker to intercept. Mallory controls one or more exits, and at some point has the ability to see and tamper with Alice's unencrypted requests both to $WEBSITE and to at least some of the servers on the block list. Alice's traffic stands out because requests to $WEBSITE correlate with requests to $ADSERVER, but not to the rest of the list (because she's not turned the blocker off altogether). Her other connections can now be isolated from the others by injecting some extra <img/> tags into all returned pages and looking for the same correlation (they don't have to be real resources; Mallory can just send back a pile of 1x1 gifs that nobody will notice). What happens next to Alice depends on many factors, but she certainly isn't safe. Remember that in this situation your anonymity set is restricted to people currently using Mallory's exit(s), not the entire population of Tor users. So to my mind, such fingerprinting passes the plausibility test. I'm quite out of practice at this stuff, and Mike may have had a different attack in mind. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012@xxxxxx>
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk