[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New methods / research to detect add-ons?

Thanks aka -- I'm familiar with the conventional wisdom that add-ons make you more unique... but I am really looking for any formal study or code PoC that perhaps identifies more direct methods of detecting add-ons. Perhaps it's different for every add-on, and it probably is, especially considering some add-ons may not be reviewed for security/privacy at all. So some library would probably need to be compiled and maintained to try to exhaustively detect all known add-ons, similar to fingerprint.js.

The current logic (AFAIK) would be: if websiteA.com hasn't developed a detection technique for Add-On-X, then it can't detect it. I suspect add-ons could be detected more directly, but I have not seen any study or code to support that yet.

To be clear, I'm not arguing that TBB's design logic is flawed here at all -- I know it's not, and I can think of a _lot_ of reasons why, a couple of which you listed. Anything that distinguishes you from "the herd" is "bad" to the extent it doesn't catastrophically compromise your security.

But I'm still looking for something a bit more formal in terms of discussing a quantitative, or pseudo-quantitative impact on anonymity / privacy by add-on detection either in code PoC or academic research...

Thank you for your reply. I completely agree with TP's position on add-ons and often advocate for the same. Just playing devil's advocate... :)



On 2015-09-29 15:14, aka wrote:
Every add-on installed/not installed gives you one more bit of detection.
For example to detect HTTPS-Everywhere you start a http connection via
javascript and check if it gets automaticly upgraded to https. To detect
Adblock you check via javascript if a certain ad got loaded. To detect
Scriptblock you check if javascript got executed at all.The three
examples above give you 3 more bits, so your detection got 8 times more
If the NSA now records you visiting an internet forum via TBB and
leaking something and detect another visitor with the same 3 bits set
looking for a train scheduele, they can verify with a high confidence
you posted that message and live in that area.
That's why it's important that every TBB installation has the same
Http-Header values and same add-ons.
You don't need any studies, it's simple common knowledge.

pacifica@xxxxxxxxxx wrote:
Hello afternoon / evening / morning tor-talk -- I am hoping that someone
can point me in the right direction. I know it is well-discussed that
adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
but I would like to review the studies myself. I'm having trouble
finding credible research where detection of add-ons has resulting in a
significant decrease in anonymity... can someone please point me to
those resources?

To be explicit, I am not concerned with "plug-ins" like Java or Flash,
but rather "add-ons" like HTTPS everywhere or Privacy Badger.

Thanks in advance.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to