Delivery-Date: Mon, 06 Jun 2016 10:28:27 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,BODY_URI_ONLY,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 527BF1E0950;
	Mon,  6 Jun 2016 10:28:25 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 12D5FE0932;
	Mon,  6 Jun 2016 14:28:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9C378E0A51
 for <tor-talk@lists.torproject.org>; Mon,  6 Jun 2016 14:27:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Yw1v-1eM7LPl for <tor-talk@lists.torproject.org>;
 Mon,  6 Jun 2016 14:27:58 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2C323E0378
 for <tor-talk@lists.torproject.org>; Mon,  6 Jun 2016 14:27:58 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id CF3401A1EAD
 for <tor-talk@lists.torproject.org>; Mon,  6 Jun 2016 14:27:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1465223274; bh=aOgG0a96Mng2x6gL4mc9mk9SJsK46oy45IVBwlVUoQc=;
 h=Date:From:To:Subject:In-Reply-To:References:From;
 b=sMNBdAy9nBa65RrV55zyzQHHm76OW700TTWxbrTX6DMCxCSohcqTlBTtH6oiO3+pA
 Fhv22Uva8p6AkzI7S1zas7XSVkds6ChNucgZaf/0X9j9knXgH6yvYsuxcjaeH/TNi/
 UAHwtYvbbJPz7ckocooP9U3jGrL9roB6K0gaC4Ks=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: notfriendly) with ESMTPSA id B52A6400AE
MIME-Version: 1.0
Date: Mon, 06 Jun 2016 10:27:54 -0400
From: Not Friendly <notfriendly@riseup.net>
To: tor-talk@lists.torproject.org
In-Reply-To: <CAJ8LpWrF93bRWW76Gn3DZHvM5EihvT+S2bnYsf--b1gLEsFmHQ@mail.gmail.com>
References: <20160606115506.CE4D4E10E7@eugeni.torproject.org>
 <CAJ8LpWrF93bRWW76Gn3DZHvM5EihvT+S2bnYsf--b1gLEsFmHQ@mail.gmail.com>
Message-ID: <7d13ef85db6572a876ff3be76ee23bd4@riseup.net>
Subject: Re: [tor-talk] Browserprint fingerprinting website
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2016-06-06 08:41, Nurmi, Juha wrote:
> Hi,
> 
> On Mon, Jun 6, 2016 at 2:47 PM, <cube@browserprint.info> wrote:
> 
>> Hello, I'm the creator of a new fingerprinting website,
>> https://browserprint.info
>> Think Panopticlick but with a lot more tests.
>> Many of the tests are even designed specifically to catch the Tor 
>> browser
>> bundle out, for instance the Math/Tan function returns a different 
>> value
>> based on what your underlying operating system is, so it's easy to 
>> detect
>> when a browser is lying in their user-agent string.
>> 
> 
> This is clever! I didn't know about this. I see that 64bit Linux 
> machine it
> produces the value -1.4214488238747245 and on windows 
> -4.987183803371025.
> 
> TorBrowser should not let you to detect the operation system.
> 
> 
>> I would greatly appreciate if you visit the site and fingerprint
>> yourselves since it will help me refine the techniques and improve the 
>> site.
>> 
> 
> We will visit your site. Interesting work.
> 
> 
>> I'm adding more tests every week and if you have any ideas or 
>> suggestions
>> I'd love to hear them.
> 
> 
> Thanks!
> 
> Best,
> Juha
This is very interesting. It's worth looking into whether Tor Browser 
should disable these types of behaviors (since it could identify the 
user's OS). It'll take time but I think updates to stop the 
fingerprinting techniques in the mentioned website are possible.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

