[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting




On 7/29/2014 12:16 AM, Ben Bailess wrote:
There are some built-in protections in TBB that keep honored requests for
known fingerprinting data to a minimum, so the TBB does not function like a
normal browser in this instance.

It most notably limits the high entropy factors -- responses for fonts and
plugin microversions. And as long as you obey the nice Tor devs and don't
install any additional plugins, then plugin microversions won't be
unique/identifiable either. *So enabling JS really isn't quite as big* of a
step out into the light as it would be in say Chromium or Firefox, which
has no protections against HTML5 canvas fingerprinting (or anything by
default) for instance.
[Emphasis Added].  Don't know about enabling JS not being "big."
This isn't a "feeling" topic or discussion (general statement, not aimed at anyone). Either we use facts (as best understood) to make decisions on this, or we don't.

I'm no expert on fine details of this, but over a long time of checking TBB, Firefox, JonDo Fox, etc., on multiple test sites, it's always clear that far more info is available when JS is enabled. The EFF says ~ 33 bits of identifying info (ii) are needed to accurately identify the same browser / machine at multiple sites.

Even if that's just a ball park figure, when I visit Panopticlick, BrowserSpy.dk & others (many times, many browser versions, spread out over a yr +) , the difference in bits ii when JS is enabled or disabled, goes from well below 33 bits (in mid 20's) to well over 40 bits.
It's the same in vanilla Fx.
In vanilla Fx & NoScript - JS disabled, test sites might show * 24 bits of ii *. Nearly as good as TBB w/ JS disabled. Well under EFF's threshold to accurately identify a browser / device. Enable JS in vanilla Fx & it shoots to * > 43 bits ii * (again, essentially the same as TBB under same scenario).

That appears to mean that vanilla Fx & NoScript w/ JS disabled, is no more * identifiable * as "the same browser" than TBB w/ JS disabled. So either EFF's (& others) estimation on what's needed to identify a browser is considerably off, or enabling JS is a * BIG * deal.


So if allowing at least some JavaScipt is inevitable, then I think the Tor
devs have the right idea -- assume that some use of JS is a foregone
conclusion and protect the users from the additional exposure to
fingerprinting in a way that makes them all look as similar as possible.

If the user prefers to have more privacy / security by forsaking some
anonymity by disabling JavaScript and thereby making him/herself
identifiable as a smaller subset of overall Tor Browser users, that's
his/her option.
Yes, in a smaller subset. But, what good is being in a larger set of Tor users (that leave JS enabled), if doing so allows sites / trackers to clearly identify the same browser at multiple sites, or even end to end of Tor circuits, for advanced adversaries? "Hiding" in a crowd, where you're still clearly identifiable doesn't make much sense.

Back to one main school of thought: * an adversary needs X bits of identifying info * to accurately identify the same browser at multiple sites, or end to end in Tor circuits. Do you want to be in a large crowd, where everyone reveals well over the required bits ii needed to accurately identify each one? Or be in a smaller crowd, but users can't be individually identified - end to end, or site to site?

Unless this business of "necessary bits of identifying info to identify the same browser" is inaccurate & blown out of proportion. That's where I have to rely on * real * experts. Not on feelings or supposition. Either the results from repeated tests I've done, separated by many months, are meaningful or they're not. Either ~ 33 bits of info (or anything close) will allow identifying a browser, or it won't.

  But in that instance, said user should probably be using
Tails to remedy those sorts of problems since Tails addresses even more
fingerprinting issues.

If Tails, or any other means is needed to provide anonymity (while still being able to actually use the web), then those should be a part of Tor / TBB. Unless the only goal is to hide destinations from ones ISP, then providing only part of what's needed in TBB for reasonable anonymity is... *"Here's a browser / network that'll hide your IPa. BTW, if you use it w/ JS, you can be identified at each end of a circuit and at each website."*
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk