Delivery-Date: Tue, 29 Jul 2014 23:42:22 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AE7ED1E0E43
	for <archiver@seul.org>; Tue, 29 Jul 2014 23:42:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1A794307B7;
	Wed, 30 Jul 2014 03:42:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8E49D305DD
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 03:31:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZiWZaL5ae8Mu for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 03:31:50 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 6AB69305B2
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 03:31:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=ExDlPeZGQn12Fr3H5N63yoqO/MqPj1Vn38/zycBrcAU=; 
 b=H18U1aDM7qlZzFrdx7uolAl/Lejej7mYnBGvdoKXOAG9N/f0uerfXa4envO+aVTqPpjTjSueg9zzIt61btb/V2YQYIl3guN3EnEdv2PVILluEwVqffKj+WP82ZT2sMNZZLKjuoXjuCXSYO/ei8JZvUIINxyKMNQIv+NQ4A/s/z8=;
Received: from localhost ([127.0.0.1]:47742 helo=sescenties)
 by mail2.eff.org with esmtp (Exim 4.80)
 (envelope-from <schoen@eff.org>) id 1XCKcF-00060V-GL
 for tor-talk@lists.torproject.org; Tue, 29 Jul 2014 20:31:47 -0700
Date: Tue, 29 Jul 2014 20:31:46 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140730033146.GN2152@sescenties.(null)>
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7FBDB.6050202@riseup.net>
 <20140729212809.GJ2152@sescenties.(null)>
 <53D83723.3080305@riseup.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <53D83723.3080305@riseup.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Mirimir writes:

> > For instance, suppose that you went to site A at 16:00 one day and to
> > site B at 20:00 the following day.  If site A and site B (or people
> > spying on them) can realize that you're actually the same person through
> > browser fingerprinting methods, then if someone has an approximate
> > observation that you were using Tor at both of those times, it becomes
> > much more likely that you are the person in question who was using the
> > two sites.  Whereas if the observations are taken separately (without
> > knowing whether the site A user and the site B user are the same person
> > or not), they could have less confirmatory power.
> 
> That's getting perilously close to traffic confirmation, isn't it?

Yes!  But other kinds of fingerprinting could drastically reduce the
fine-grainedness of the observations that you need in order to do a
traffic confirmation-style attack.  Instead of sub-second packet timings
or complete circuit flow volumes or whatever, you might be able to say
something like "what approximate times of day on which days was this
person using Tor at all"?

It might be interesting to think about this in terms of a paper like
"Users Get Routed" -- trying to expand understanding of the risk of
attacks, as the authors of that paper say, of "user behavior" when we
include (1) browser fingerprinting risks in relation to user behavior,
and (2) relatively limited adversaries, including some who didn't have
deanonymizing Tor users as a primary goal.

The Harvard bomb threat case, as I understand it, shows a specific
example of deanonymizing a Tor user by an adversary (Harvard's network
administrators) who did retain some data partly in order to reduce network
users' anonymity, but who didn't seem to have had a prior goal of breaking
Tor anonymity in particular.  And the data that they apparently retained
was more course-grained than what would be ideal for traffic confirmation
attacks in general.

I don't mean that the Harvard case involved browser fingerprinting
at all.  I guess I just mean that browser fingerprinting's relevance
to Tor anonymity might include increasing the information available to
limited network adversaries.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

