[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] New methods / research to detect add-ons?


Every add-on installed/not installed gives you one more bit of detection.

If [x] records you visiting an internet forum via TBB and
leaking something and detect another visitor with the same 3 bits set
looking for a train schedule, they can verify with a high confidence
you posted that message and live in that area.
That's why it's important that every TBB installation has the same
Http-Header values and same add-ons.

With this logic, TorBrowser users could select a unique set of add-ons each session, correct?

You don't need any studies, it's simple common knowledge.

I second the request for some documented research, even if we do it ourselves. The first thought I had was a way for people to verify their identity by seeing their fingerprint by visiting a website, or something close to what others might be looking for, though this could also be an off-line thing.


pacifica@xxxxxxxxxx wrote:
Hello afternoon / evening / morning tor-talk -- I am hoping that someone
can point me in the right direction. I know it is well-discussed that
adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
but I would like to review the studies myself. I'm having trouble
finding credible research where detection of add-ons has resulting in a
significant decrease in anonymity... can someone please point me to
those resources?

To be explicit, I am not concerned with "plug-ins" like Java or Flash,
but rather "add-ons" like HTTPS everywhere or Privacy Badger.

Thanks in advance.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to