[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New methods / research to detect add-ons?



Every add-on installed/not installed gives you one more bit of detection.
For example to detect HTTPS-Everywhere you start a http connection via
javascript and check if it gets automaticly upgraded to https. To detect
Adblock you check via javascript if a certain ad got loaded. To detect
Scriptblock you check if javascript got executed at all.The three
examples above give you 3 more bits, so your detection got 8 times more
targeted.
If the NSA now records you visiting an internet forum via TBB and
leaking something and detect another visitor with the same 3 bits set
looking for a train scheduele, they can verify with a high confidence
you posted that message and live in that area.
That's why it's important that every TBB installation has the same
Http-Header values and same add-ons.
You don't need any studies, it's simple common knowledge.

pacifica@xxxxxxxxxx wrote:
> Hello afternoon / evening / morning tor-talk -- I am hoping that someone
> can point me in the right direction. I know it is well-discussed that
> adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
> but I would like to review the studies myself. I'm having trouble
> finding credible research where detection of add-ons has resulting in a
> significant decrease in anonymity... can someone please point me to
> those resources?
> 
> To be explicit, I am not concerned with "plug-ins" like Java or Flash,
> but rather "add-ons" like HTTPS everywhere or Privacy Badger.
> 
> Thanks in advance.
> 
> pacifica
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk