[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Making TBB undetectable!
Hi,
Ben Tasker:
The problem you have there, is what to randomize,
The various bits that define your fingerprint.
but natural's hard to fake
No need to spoof traffic if using real fingerprint variables.
When we're talking about making the browser unidentifiable as TBB, the
very
act of having something in the fingerprint that changes to prevent
correlation between sessions provides an avenue by which it can be
identified as TBB:
I feel like behavior will address the examples for this argument.
Spencer:
Making people blend into the crowd of regular internet users is best
but
only if we resolve the traffic source; i.e., Tor exits.
That's quite an issue to solve though. [Attackers can] map out Tor
exits...
True, but we can come up with other ideas than using the public Tor
exits.
the aim isn't to hide that you're using Tor
from your destination, and successfully doing so would (IMO) be a
pretty
non-trivial task
But it is, and I agree :)
Those are a list of the requests we know are differentiators, it
doesn't
mean that others won't be discovered, you'd need to gamble that
anything
found is publicly disclosed when it's found, rather than kept quiet by
an
adversary.
But this is the case for everybody everywhere.
What you're essentially asking for is a browser that behaves
like TBB (i.e. the various privacy protections) whilst pretending it
behaves like a Google Nexus (for example). It's not that it'd be
impossible
to do, but one tiny mistake or oversight takes you straight back to
being
finger-printable, and almost uniquely so if very few are using
Unidentifiable Mode.
With the fingerprint, isn't it only valuable over multiple sessions, and
if others aren't also using that same ID?
So, you can fairly easily poll for various add-ons. Not sure it'd
affect
your add-on, but seemed worth mentioning.
I don't see this being an add-on as much as being in the settings
options (which can probably be detected?) where the User Agent is
located. The User Agent would be a nice way to simplify the various
IDs.
The IDs can be open-source and added to other browsers as a standard way
of providing detectability.
Wordlife,
Spencer
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk