[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Making TBB undetectable!


Is a 'Natural Fingerprint' like a clearnet fingerprint, in that it identifies you as a regular, >non-tor, internet user, making you part of the larger herd?

behnaz Shirazi:
I don't understand what do you mean by âclearnet fingerprintâ ?

I have been defining fingerprint as any bit of info that can identify you, which can be any number of things. I have been defining clearnet fingerprint as the identifying bit of info defining someone as a clearnet user, such as a common User Agent.

Fingerprint is generated locally inside the browser, it is about TBB
not the onion routers.

This would be a Tor Browser fingerprint, but I understand you mean fingerprinting of Tor Browser to differentiate between Tor Browser users.

Connecting to a website directly or via a
public Tor exit node as proxy gives one bit of information (true or
false flag) to destination website but we don't include this bit in
the fingerprinting attack.

By choice, though, yeah?  It still seems valuable.

I see this as a blocker, as this add-on is most likely detectable, yeah?

As far as I know you can't fetch installed Add-ons by javascript, it
only works for plugins. Detecting
Add-ons is done by side channel attacks.

We just change details a browser return to calls in a way that caller
can't recognize it is telling the truth or not.
of course it
won't cause a detection if user choose a mobile device profile


You should draft this into a proposal, with some visuals of the interface and experience flows, and submit it to the list in search for a developer, unless you can bust this out yourself? I can help anyway that I can. If you are interested, hit me up off-list.

Otherwise, unless there is something more tangible, I feel like people will keep arguing that Tor is fine as-is :)


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to