Delivery-Date: Thu, 01 Oct 2015 07:09:28 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AC7EA1E093E;
	Thu,  1 Oct 2015 07:09:26 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1E1EE3791A;
	Thu,  1 Oct 2015 11:09:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1FC4437918
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 11:09:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id hDKsbffIaeBP for <tor-talk@lists.torproject.org>;
 Thu,  1 Oct 2015 11:09:18 +0000 (UTC)
Received: from mail-ig0-f196.google.com (mail-ig0-f196.google.com
 [209.85.213.196])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id F0CC3378AB
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 11:09:17 +0000 (UTC)
Received: by igbgg5 with SMTP id gg5so1619068igb.1
 for <tor-talk@lists.torproject.org>; Thu, 01 Oct 2015 04:09:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type
 :content-transfer-encoding;
 bh=cKNuanKSVrTy6DUq0zBJ4zgnsz1NIOYjJ/AkBXwj6Z4=;
 b=PIxZfq3/qJ1VdoGjQ+kDuy97l6w3QaJ58hD2c06WnMaYTVSBs7i16TLhbbZQ9Fcl0y
 ufUJf+UPeqZesLVWfUcSclV2jdPeGX13yxgFW7mEVqH4VdcjjnuXStgfEmhZqDpYlRe8
 leUUsJTSUSWiZf6n4EEjrlZTFXdemSmP2Ffb+NCn5P2bo7tkuXA7i6PqQmzhcS6ua+QZ
 leNg62OLh1qg3WmXzGaFnS0sw9ef36N2o1XQXJ3/zCy9U4Coepnf62/A/1BYoaE67ICq
 RbJYMBEVf8OnW5oT3FeEcywCLMIzCa2uRHHgjqCr7xJzF/jX/6MU31CxJZu8KtASqhrr
 WHJA==
MIME-Version: 1.0
X-Received: by 10.50.111.83 with SMTP id ig19mr2338060igb.82.1443697755685;
 Thu, 01 Oct 2015 04:09:15 -0700 (PDT)
Received: by 10.107.20.72 with HTTP; Thu, 1 Oct 2015 04:09:15 -0700 (PDT)
Date: Thu, 1 Oct 2015 11:09:15 +0000
Message-ID: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
From: behnaz Shirazi <skorpino789263@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Sep 26, 2015 at 7:44 PM, Jeremy Rand <biolizard89@gmail.com> wrote:
>Maybe I'm not understanding you, but given that all TBB users are
>already distinguishable from other users since their IP address is a
>Tor exit, I'm not seeing how TorBrowser having a different fingerprint
>from other browsers is a problem.  The important thing is that
>TorBrowser users have the same fingerprint as each other, which the
>TorBrowser devs seem to be doing a good job on.

False! A unique Tor exit IP that visits site1.com then site2.com won't
compromise same person visited those sites or tow different person who
used same Tor exit IP at the same time did that, thus anonymity
remains true.

On Sun, Sep 27, 2015 at 7:40 AM, Dave Warren <davew@hireahit.com> wrote:
>No, you can't just patch in a hardcoded window and screen size unless it reflects the actual >viewport size.
>JavaScript is often used to position elements using relatively absolute positioning based on >the viewport that it understands is correct, this will fail if the viewport vs reported size isn't >accurate. More importantly, it won't even work, JavaScript can detect where wrapping >happens, and some creative 1 pixel tall transparent images could detect the actual horizontal >width by using varying widths.

Browser Add-ons can change actual view size to anything we plan.

On Mon, Sep 28, 2015 at 4:23 PM, AMuse <tor-amuse@foofus.com> wrote:
>Having a unique, or unique enough browser fingerprint would allow
>website owners and content network providers to track a TOR user across
>nodes and/or sessions. With a large enough CDN (facebook, etc) you could
>reasonably de-anonymize a user.

That is correct. But a Tor user who temporarily use a natural
fingerprint to become undetectable for a while won't deanonymize
itself nor the rest of other Tor users who use a detectable version of
TBB because when a natural fingerprint is used once then there will be
no enough information available for data miners to link pseudonyms for
deanonymization, and for sure Tor users who need undetectability won't
use the undetectablizer Add-on all the time hence detectable TBB users
won't become unique.

Undetectability is a crucial requirement for privacy protection tools
and unfortunately seems that Tor developers don't wanna put their time
on this issue. I hope other folks take this problem serious and do
something quickly.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

