Delivery-Date: Thu, 01 Oct 2015 13:07:56 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6A04F1E1386;
	Thu,  1 Oct 2015 13:07:54 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6E9A537CF0;
	Thu,  1 Oct 2015 17:07:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B792237C7F
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 17:07:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BnRztqmnZFJL for <tor-talk@lists.torproject.org>;
 Thu,  1 Oct 2015 17:07:44 +0000 (UTC)
Received: from smtp11.openmailbox.org (smtp11.openmailbox.org [62.4.1.45])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 87DCC3625B
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 17:07:44 +0000 (UTC)
Received: by mail2.openmailbox.org (Postfix, from userid 1004)
 id 06C972AC0EF5; Thu,  1 Oct 2015 19:07:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1443719261;
 bh=XA3sF8wTbaGAGcaRll4B8DQHqz3cZscITdimVcvQ22A=;
 h=Date:From:To:Subject:In-Reply-To:References:From;
 b=ICthce6f1mqKsjbwBqe5QoSj6Uta14A31rbsnRRdPA2GMis7LAhzUEA2eitTnpT11
 Qj9v2URXn/Lt9qgWPTLXfT1y4nNfL1bPhL9ytvS2BnOa/aockwjhwNRGklc33fXpmH
 o1o9fxNBTKlDulESwPQ6natGroiineg8ZKdW7tLg=
Received: from www.openmailbox.org (openmailbox-b2 [10.91.69.220])
 by mail2.openmailbox.org (Postfix) with ESMTP id CCDD62AC129F
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 19:07:40 +0200 (CEST)
Authentication-Results: mail2.openmailbox.org; dkim=none
 reason="no signature"; dkim-adsp=fail (unprotected policy);
 dkim-atps=neutral
MIME-Version: 1.0
Date: Thu, 01 Oct 2015 10:07:39 -0700
From: Spencer <spencerone@openmailbox.org>
To: tor-talk@lists.torproject.org
In-Reply-To: <CABMkiz6_nnMpghj-Q4yxKZHKhAdEschZAMybGC_JHjxVR_aJWw@mail.gmail.com>
References: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
 <CABMkiz6_nnMpghj-Q4yxKZHKhAdEschZAMybGC_JHjxVR_aJWw@mail.gmail.com>
Message-ID: <cdd06fd69eeeea34b488a4cbb05718a8@openmailbox.org>
X-Sender: spencerone@openmailbox.org
User-Agent: Roundcube Webmail/1.0.6
Subject: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi,

>> 
>> behnaz Shirazi:
>> a Tor user who temporarily use a natural
>> fingerprint to become undetectable for a while won't deanonymize
>> itself nor the rest of other Tor users who use a detectable version of
>> TBB because when a natural fingerprint is used once then there will be
>> no enough information available for data miners to link pseudonyms for
>> deanonymization,
>> 

Is a 'Natural Fingerprint' like a clearnet fingerprint, in that it 
identifies you as a regular, non-tor, internet user, making you part of 
the larger herd?

>> 
>> and for sure Tor users who need undetectability won't
>> use the undetectablizer Add-on all the time hence detectable TBB users
>> won't become unique.
>> 

I see this as a blocker, as this add-on is most likely detectable, yeah? 
  If not, how, in the same, less, or maybe a bit more, amount of 
resources do you feel this could be accomplished?  Manually, this 
becomes quite the task as time progresses.  Is this something that would 
be added to a mail [something], like OpenPGP or TorBirdy are, because I 
feel like this would be detectable somehow, too.

> 
> Ben Tasker:
> Used once, sure. But over time, it's likely going to get used more than
> once,
> 

This seems to be part of the design, as one-of-a-kind fingerprints, 
through Tor exits or not, are detectable, though probably not 
identifiable.

> 
> unless you're planning on inserting some sort of randomisation to try
> and prevent that (by making some aspect different each session),
> 

Randomization, or some one click equivalent, is the only real option 
here when usability is considered; the manual effort each session is 
undesirable at the very least :)

> 
> using "UnidentifiableMode"
> 

'UnidentifiableMode' sounds like a good working name for such a feature.

> 
> Making something "Undetectable"
> is very, very hard as your margin for error is 0 (because 0.01 gives
> something that someone could use to make it identifiable). Making 
> something
> common so you can blend into the crowd makes it easier to avoid
> (potentially) costly mistakes.
> 

Making people blend into the crowd of regular internet users is best but 
only if we resolve the traffic source; i.e., Tor exits.

> 
> Blending into the crowd is not without it's value.
> 

But surely some of these fingerprints will be shared by real users.  So, 
it seems like a reasonable request, should we resolve the usability and 
*traffic issues.

Wordlife,
Spencer

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

