Delivery-Date: Tue, 29 Jul 2014 20:12:26 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B2B051E068C
	for <archiver@seul.org>; Tue, 29 Jul 2014 20:12:24 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 24E0330789;
	Wed, 30 Jul 2014 00:12:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 23DCE3028E
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 00:07:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qeaZZIP5g4EB for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 00:07:19 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E5C002FF9A
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 00:07:18 +0000 (UTC)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id F2A4B58755
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 17:07:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riseup.net; s=squak;
 t=1406678836; bh=W98waFBqBsb0FbmdfSonZc5uMlHUm7cbW5F2fDreax0=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=EWCz+CDXAFlnG+VocbHQwGP/fEKVJfuVQJ55CK/Dl6c+gcXuMqoL+je8XUuhg+bde
 IdV3+28pBbvAjtNPiAdGQmub1fB9ZlHRQAs5acEfLoPtkV95B1TMAyL+hPq9eFSvrN
 13Sykt0vQwWUbZiLKWSI26iSJZAduAmztwoYtQuI=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir@fruiteater.riseup.net)
 with ESMTPSA id 09EBDE86
Message-ID: <53D83723.3080305@riseup.net>
Date: Tue, 29 Jul 2014 18:06:59 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7FBDB.6050202@riseup.net> <20140729212809.GJ2152@sescenties.(null)>
In-Reply-To: <20140729212809.GJ2152@sescenties.(null)>
X-Enigmail-Version: 1.6
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 07/29/2014 03:28 PM, Seth David Schoen wrote:

Thank you :)

> Mirimir writes:
> 
>> Discussions of measured entropy and stuff are too abstract for me. Maybe
>> someone can help me with a few simpleminded questions.
>>
>> About 2.2 million clients are using Tor these days. Let's say that I've
>> toggled NoScript to block by default, and that I have a unique pattern
>> of enabling particular scripts on particular sites. That is, I'm unique
>> among all Tor users. In what ways does that put my Tor use at risk of
>> being linked to IP addresses seen by my entry guards?
> 
> It means that if you go to site A today, and site B next week, the site
> operators (or the exit node operators, or people spying on the network
> links between the exit nodes and the sites) might realize that you're
> the same person, even though you took mostly or completely separate paths
> through the Tor network and were using Tor on totally different occasions.

OK, I get that. If I cared about site A and site B knowing that I'm the
same person, I'd never visit them using the same machine/VM. But that's
not the norm, of course.

> There are several ways of looking at why this is a privacy problem.
> One is just to say that there's less uncertainty about who you are,
> because even if there are lots of site A users and lots of site B users,
> there might not be that many people who use both.  Another is that you
> might have revealed something about your offline identity to one of the
> sites (for example, some people log in to a Twitter account from Tor
> just to hide their physical location, but put their real name into their
> Twitter profile) but not to the other.  If you told site A who you are,
> now there's a possible path for site B to realize who you are, too, if
> the sites or people spying on the sites cooperate sufficiently.

Expecting Tor to protect against mistakes like that is quite a stretch!
But yes, such users need maximal uncertainty.

> In terms of identifying your real-world IP address, it provides more
> data points that people can try to feed into their observations.  For
> example, if someone is doing pretty course-grained monitoring ("who
> was using Tor at all during this hour?") rather than fine-grained
> monitoring ("exactly what times were packets sent into the Tor network,
> and how many packets, and how big were they?"), having a link between
> one time that you used Tor and another time that you used Tor would be
> useful for eliminating some candidate users from the course-grained
> observations.

You're considering network adversaries here. It seems like obfuscated
bridges would be a better strategy against them. That way, they couldn't
so easily monitor Tor use.

> For instance, suppose that you went to site A at 16:00 one day and to
> site B at 20:00 the following day.  If site A and site B (or people
> spying on them) can realize that you're actually the same person through
> browser fingerprinting methods, then if someone has an approximate
> observation that you were using Tor at both of those times, it becomes
> much more likely that you are the person in question who was using the
> two sites.  Whereas if the observations are taken separately (without
> knowing whether the site A user and the site B user are the same person
> or not), they could have less confirmatory power.

That's getting perilously close to traffic confirmation, isn't it?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

