Delivery-Date: Sat, 26 Jul 2014 14:26:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id CEDAC1E093A
	for <archiver@seul.org>; Sat, 26 Jul 2014 14:26:41 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5EE412CC82;
	Sat, 26 Jul 2014 18:26:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EB6462A839
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 18:25:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9alnPpODAcDB for <tor-talk@lists.torproject.org>;
 Sat, 26 Jul 2014 18:25:53 +0000 (UTC)
X-Greylist: delayed 668 seconds by postgrey-1.34 at eugeni;
 Sat, 26 Jul 2014 18:25:53 UTC
Received: from forward8l.mail.yandex.net (forward8l.mail.yandex.net
 [IPv6:2a02:6b8:0:1819::8])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net",
 Issuer "Certum Level IV CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id BBF1F26E6F
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 18:25:53 +0000 (UTC)
Received: from smtp1h.mail.yandex.net (smtp1h.mail.yandex.net [84.201.187.144])
 by forward8l.mail.yandex.net (Yandex) with ESMTP id D4C6A1A41754
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 22:14:40 +0400 (MSK)
Received: from smtp1h.mail.yandex.net (localhost [127.0.0.1])
 by smtp1h.mail.yandex.net (Yandex) with ESMTP id 8DD9A134013C
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 22:14:40 +0400 (MSK)
Received: from ip210.96.ulttk.ru (ip210.96.ulttk.ru [79.132.96.210])
 by smtp1h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id FHp0VUBPit-EeWOLBEH; 
 Sat, 26 Jul 2014 22:14:40 +0400
 (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (Client certificate not present)
X-Yandex-Uniq: b0f248a8-e92e-4868-9382-bfc96a3aa858
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1406398480; bh=oxOl8oAumYW3Aun5XSaj0b0lXINw+5fzk8vouxgZm1Y=;
 h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:
 X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
 b=mukohsj1bixIdSlYCeWK3Keg761Y2CBAkw6TT6sRxZ6Rs0xv9TB7NVSkBvYX9e/TN
 eLzcOj/AjiTUOgKOBxI0Ed06LBerkp4qLlPe1gF/RZd8OotEEFG7VGkrG7ORVHk3KP
 1/S9xdl23mALqTJddz8AE+JfqcxrAjs7846QjD+c=
Authentication-Results: smtp1h.mail.yandex.net; dkim=pass header.i=@yandex.ru
Message-ID: <53D3F004.6070209@yandex.ru>
Date: Sat, 26 Jul 2014 22:14:28 +0400
From: Craw <paulus.smirnov@yandex.ru>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
X-Enigmail-Version: 1.6
Subject: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hello everybody,

You know, there are some various methods of fingerprinting a browser.
Plugins and plugin-provided information are still the most useful in
uniquely identifying a browser, but there are also some other
information that can be used to fingerprint a Tor user, like user
agent, screen resolution, time zone, etc.

I think it can be helpful to spoof real browser profile to random
temporary one. Each browser profile includes user-agent (browser
name/version), platform (OS name/version), screen resolution, time
zone (depends on country of an exit-relay, so, perhaps, mismatch of it
can cause suspicion?). So, my suggestion is to generate random browser
profile during each identity session, or randomly switch them after a
chosen period of time has expired. By making this, some important info
about users will be unreachable for an attacker and fingerprinting
will be more difficult.
Here's a link on open-source repository of Firefox add-one which code
we can use for Tor Browser -
https://github.com/dillbyrne/random-agent-spoofer

Also I suggest to:
- forbid HTML5 Canvas by default
(http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf)
- use only standard font set (can be used for fingerprinting)
- set network.http.sendRefererHeader value "0" by default (allows
sites to track referer, but some sites can be broken! add ability to
switch on/off referer?)

Let me know about your thoughts,
Looking forward to hear from you, Pavel.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

