[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] New methods / research to detect add-ons?
Thanks aka -- I'm familiar with the conventional wisdom that add-ons
make you more unique... but I am really looking for any formal study or
code PoC that perhaps identifies more direct methods of detecting
add-ons. Perhaps it's different for every add-on, and it probably is,
especially considering some add-ons may not be reviewed for
security/privacy at all. So some library would probably need to be
compiled and maintained to try to exhaustively detect all known add-ons,
similar to fingerprint.js.
The current logic (AFAIK) would be: if websiteA.com hasn't developed a
detection technique for Add-On-X, then it can't detect it. I suspect
add-ons could be detected more directly, but I have not seen any study
or code to support that yet.
To be clear, I'm not arguing that TBB's design logic is flawed here at
all -- I know it's not, and I can think of a _lot_ of reasons why, a
couple of which you listed. Anything that distinguishes you from "the
herd" is "bad" to the extent it doesn't catastrophically compromise your
But I'm still looking for something a bit more formal in terms of
discussing a quantitative, or pseudo-quantitative impact on anonymity /
privacy by add-on detection either in code PoC or academic research...
Thank you for your reply. I completely agree with TP's position on
add-ons and often advocate for the same. Just playing devil's
On 2015-09-29 15:14, aka wrote:
Every add-on installed/not installed gives you one more bit of
For example to detect HTTPS-Everywhere you start a http connection via
examples above give you 3 more bits, so your detection got 8 times more
If the NSA now records you visiting an internet forum via TBB and
leaking something and detect another visitor with the same 3 bits set
looking for a train scheduele, they can verify with a high confidence
you posted that message and live in that area.
That's why it's important that every TBB installation has the same
Http-Header values and same add-ons.
You don't need any studies, it's simple common knowledge.
Hello afternoon / evening / morning tor-talk -- I am hoping that
can point me in the right direction. I know it is well-discussed that
adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
but I would like to review the studies myself. I'm having trouble
finding credible research where detection of add-ons has resulting in
significant decrease in anonymity... can someone please point me to
To be explicit, I am not concerned with "plug-ins" like Java or Flash,
but rather "add-ons" like HTTPS everywhere or Privacy Badger.
Thanks in advance.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to