[tor-talk] Making TBB undetectable!

[Spencer <spencerone@xxxxxxxxxxxxxxx>]

Hi,

> > Spencer:
> > The various bits that define your fingerprint.
>
> sh-expires-12-2015@xxxxxxxxxxxxxxxx:
> Basically, the countermeasure against such behavior is
> to stick a cookie with an hash of your fingerprint
> to your browser and deny you, as soon as it no longer
> matches.

Yes, but discrimination is unsupported and avoidable.

> If you try to spoof

No spoof.

> If you'd read the TBB design doc,

Quite the presumption :(

> you'd understand that the
> choice that was made, using a pretty real and pretty common
> user-agent, and some measures were added.

And as a result, Tor Browser owns up to its ID with no spoofing, as Tor 
Browser users appear a Tor Browser users.

> using tor to connect
> to another semi-public entity (like an open proxy)
>
> The only case, were that makes sense to me is for trolling sites

Or using the internet.  What if the OP is tired of being rejected from 
visiting sites due to IP badlists and uses said proxy to appear like a 
clearnet user so as not to be restricted.  Google products (except for 
Google Images) require this.  Ix Quick and Startpage feature this.

> if you are so unhappy with TBB.

Again with the presumptions :(:(

> The demanded

Discussed

> feature makes
> absolutely no sense for a TBB usecase or threatmodel.

Will you link to the use cases and threat models in the documentation?

> You fail to understand

Fail often to succeed sooner :)

My thought is that this is being mentioned in multiple places and, if 
there is any merit to undetectability, we should challenge it fully to 
see; not settle with what we have and use "good enough" as an argument.  
I suggested a formal proposal as the next step.

Wordlife,
Spencer

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk