Delivery-Date: Tue, 29 Jul 2014 16:27:23 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4565D1E0AC2
	for <archiver@seul.org>; Tue, 29 Jul 2014 16:27:21 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 801A330296;
	Tue, 29 Jul 2014 20:27:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0B29B30290
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 20:22:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fB4ngOxcvABS for <tor-talk@lists.torproject.org>;
 Tue, 29 Jul 2014 20:22:44 +0000 (UTC)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com
 [IPv6:2a00:1450:400c:c00::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 9CE992FFBA
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 20:22:44 +0000 (UTC)
Received: by mail-wg0-f48.google.com with SMTP id x13so188145wgg.19
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 13:22:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type;
 bh=iZrAsKJF2z88LvbbJzpKKT1a5xGjPEKtP3UqZbGrWsA=;
 b=Kv0z7naurmNVGB5tBXLGpVwvKp02ozcqZ5JgZ4Wbsv2L6jpR6FEwDcFzcrfzQSm7wt
 4EzpzF4feZCp4Q+FhrmDjpCKrQdVH9b7A6jHvcUyKImJw2a+lWln2/y5zUpHalKhvqM7
 2W3ku59B/kiCtWhgPgl6DtNE6OXEShfhZtRurCVySvP4oj9dzt15F893LWXASvsjOiJg
 IKsTZlppXC9or//kIY2FiBvWRHmJ6GO6/tLph4WEr8l0eg/+sD5DGc6d+/NfkwowVxNW
 HKlYe4AR8YJdDnjLnBO5LCO2hoJI1KohenLt3+cJRYTvLTpvDmyoD7DXMKjrg93KrPLR
 0gAw==
X-Received: by 10.194.174.66 with SMTP id bq2mr7001146wjc.96.1406665361461;
 Tue, 29 Jul 2014 13:22:41 -0700 (PDT)
Received: from [192.168.1.11] (ANice-652-1-261-11.w86-203.abo.wanadoo.fr.
 [86.203.124.11])
 by mx.google.com with ESMTPSA id dc3sm3333290wib.9.2014.07.29.13.22.40
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 29 Jul 2014 13:22:40 -0700 (PDT)
Message-ID: <53D80292.10800@gmail.com>
Date: Tue, 29 Jul 2014 22:22:42 +0200
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D3F004.6070209@yandex.ru>
 <201407291809.54908.openpgp@openmailbox.org> <53D7CE6D.1080408@riseup.net>
 <201407291920.05291.openpgp@openmailbox.org>
In-Reply-To: <201407291920.05291.openpgp@openmailbox.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


Le 29/07/2014 19:19, OpenPGP a =E9crit :
> But I like the idea of fake domain(s) :)
> Wouldn't it be possible to implement by any way with TBB (as a part how-t=
o in
> TBB web/blog ? ;)

In theory yes but you will then have a kind-of TBB fingerprint. It was =

designed to have the Tor protocol inside browsers so they do the Onion =

Proxy by themselves without the need of a local server, the browser =

intercepts itself with the complicity of a server only passing =

information related to the fake domain using SSL/TLS, the rationale for =

this "self-interception" is that you can not tell to the browser "please =

send everything you want to fetch through the Tor circuits I have set up =

with the Tor network on websocket x", so the messages are going through =

the normal socks proxy interface with the fake domain and coming back =

through websockets (via socks proxy too) and then are redirected through =

the websockets Tor circuits established with the ORs with the real =

domain which is then protected by the Tor protocol.

For fingerprinting, in one word, you will have the one of a normal =

browser, so likely to be unique but subject to change and be unique =

again, but not a fingerprint that could be linked to the Tor Browser.

> Btw, am I right to suppose that for not to be fingerprintined when I am
> sometimes on some sites asked to allow the canvas, simply not allow to ?
>
> Thanks.
>
>
>> Mirimir:
>> On 07/29/2014 10:09 AM, OpenPGP wrote:
>>> Hi all,
>>>
>>> has anybody tried the solution mentioned in http://www.ianonym.com ?
>>> I'm just reading all the stuff and information but feel a bit lost :p h=
ow
>>> to set it al and use it ;)
>> My word, that is complicated!
>>
>> But even so, if only a few use it with Tor, they probably stand out.
>> More generally, the greater the diversity of anonymization options, the
>> less anonymity there is :(
>>
>>>> Aymeric Vittesal:
>>>> ...
>>>> Or unless you use something like http://www.ianonym.com, it was design=
ed
>>>> to defeat all forms of tracking/fingerprinting with the fake domain
>>>> concept and hide your destination even with https.
>>>>
>>>> Since it takes control over the whole web page, the js interactions are
>>>> sandboxed with a script to "tame" the page, a prototype was working but
>>>> maybe it's a bit too complicate...
>>>>
>>>> Regards
> ?
>
> ______________________________
> http://www.openpgp.org
> https://www.gnupg.org
> _________________________________________________________________________=
_________
>
>

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

