Delivery-Date: Sat, 26 Jul 2014 17:56:47 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B83171E0A44
	for <archiver@seul.org>; Sat, 26 Jul 2014 17:56:45 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4C3632E438;
	Sat, 26 Jul 2014 21:56:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 545F72D4CE
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 21:42:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bbo1Or-QbdBa for <tor-talk@lists.torproject.org>;
 Sat, 26 Jul 2014 21:42:40 +0000 (UTC)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com
 [IPv6:2607:f8b0:4001:c03::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 358712CF84
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 21:42:40 +0000 (UTC)
Received: by mail-ie0-f174.google.com with SMTP id rp18so5168250iec.19
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 14:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=NHGxPPNYQTqhf8Q16QTtYWQqfto4xIutqyXndJ/AY/I=;
 b=SCVBa66fGdr19iwgRDJxTPMDCUF/r0yQxiKf964nsxwsTR2/vJSQNz/oLgjIv6TcJ+
 NYQHX5OgTcjyvT3FdLqN34bPTBym9J/TFvuZhtYgZMTsDrQNJZFft1DFdoWIqeCK3r+S
 EuW093Bb2zUVAOiiIPoXc4ol5raMsGeX0iNVM7pEn9u5lyKYRKOJjgTkaIdia6+idVwk
 NaI08O397K/LojoOu58ifFGvv/57Ty/zPXufu0fbABziouW7EzSq0mv475aQxm4l6DOw
 UzTzK/phOzdhtMxNq/ewS3oGeoiyScavG9uOGDiFLMLjiJ/7tguAkPY2vXWN/f+Kwftx
 oIjQ==
MIME-Version: 1.0
X-Received: by 10.50.2.42 with SMTP id 10mr17299870igr.33.1406410957503; Sat,
 26 Jul 2014 14:42:37 -0700 (PDT)
Received: by 10.64.30.194 with HTTP; Sat, 26 Jul 2014 14:42:37 -0700 (PDT)
In-Reply-To: <53D3F004.6070209@yandex.ru>
References: <53D3F004.6070209@yandex.ru>
Date: Sat, 26 Jul 2014 21:42:37 +0000
Message-ID: <CAP-DOiR1O_nNtYd-iuuAyrAS5OLdkqy=YFowa4LxDyJA6TjGPg@mail.gmail.com>
From: ideas buenas <ideasbuenas@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

How to download spoofer from Git and install it in google chrome ?


On Sat, Jul 26, 2014 at 6:14 PM, Craw <paulus.smirnov@yandex.ru> wrote:

> Hello everybody,
>
> You know, there are some various methods of fingerprinting a browser.
> Plugins and plugin-provided information are still the most useful in
> uniquely identifying a browser, but there are also some other
> information that can be used to fingerprint a Tor user, like user
> agent, screen resolution, time zone, etc.
>
> I think it can be helpful to spoof real browser profile to random
> temporary one. Each browser profile includes user-agent (browser
> name/version), platform (OS name/version), screen resolution, time
> zone (depends on country of an exit-relay, so, perhaps, mismatch of it
> can cause suspicion?). So, my suggestion is to generate random browser
> profile during each identity session, or randomly switch them after a
> chosen period of time has expired. By making this, some important info
> about users will be unreachable for an attacker and fingerprinting
> will be more difficult.
> Here's a link on open-source repository of Firefox add-one which code
> we can use for Tor Browser -
> https://github.com/dillbyrne/random-agent-spoofer
>
> Also I suggest to:
> - forbid HTML5 Canvas by default
> (http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf)
> - use only standard font set (can be used for fingerprinting)
> - set network.http.sendRefererHeader value "0" by default (allows
> sites to track referer, but some sites can be broken! add ability to
> switch on/off referer?)
>
> Let me know about your thoughts,
> Looking forward to hear from you, Pavel.
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

