[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Making TBB undetectable!


Ben Tasker:
The problem you have there, is what to randomize,

The various bits that define your fingerprint.

but natural's hard to fake

No need to spoof traffic if using real fingerprint variables.

When we're talking about making the browser unidentifiable as TBB, the very
act of having something in the fingerprint that changes to prevent
correlation between sessions provides an avenue by which it can be
identified as TBB:

I feel like behavior will address the examples for this argument.

Making people blend into the crowd of regular internet users is best but
only if we resolve the traffic source; i.e., Tor exits.

That's quite an issue to solve though. [Attackers can] map out Tor exits...

True, but we can come up with other ideas than using the public Tor exits.

the aim isn't to hide that you're using Tor
from your destination, and successfully doing so would (IMO) be a pretty
non-trivial task

But it is, and I agree :)

Those are a list of the requests we know are differentiators, it doesn't mean that others won't be discovered, you'd need to gamble that anything found is publicly disclosed when it's found, rather than kept quiet by an

But this is the case for everybody everywhere.

What you're essentially asking for is a browser that behaves
like TBB (i.e. the various privacy protections) whilst pretending it
behaves like a Google Nexus (for example). It's not that it'd be impossible to do, but one tiny mistake or oversight takes you straight back to being
finger-printable, and almost uniquely so if very few are using
Unidentifiable Mode.

With the fingerprint, isn't it only valuable over multiple sessions, and if others aren't also using that same ID?

So, you can fairly easily poll for various add-ons. Not sure it'd affect
your add-on, but seemed worth mentioning.

I don't see this being an add-on as much as being in the settings options (which can probably be detected?) where the User Agent is located. The User Agent would be a nice way to simplify the various IDs.

The IDs can be open-source and added to other browsers as a standard way of providing detectability.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to