Delivery-Date: Thu, 01 Oct 2015 07:31:30 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 516911E06C2;
	Thu,  1 Oct 2015 07:31:28 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B1B6437B6D;
	Thu,  1 Oct 2015 11:31:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6262937B6A
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 11:31:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id LNOTzR4RkW-1 for <tor-talk@lists.torproject.org>;
 Thu,  1 Oct 2015 11:31:19 +0000 (UTC)
Received: from mail-ob0-f177.google.com (mail-ob0-f177.google.com
 [209.85.214.177])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 326D637B66
 for <tor-talk@lists.torproject.org>; Thu,  1 Oct 2015 11:31:19 +0000 (UTC)
Received: by obbzf10 with SMTP id zf10so55069236obb.2
 for <tor-talk@lists.torproject.org>; Thu, 01 Oct 2015 04:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bentasker.co.uk; s=google;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=9KZMHuB8Qywm7oucr2u8NSqzV9/F64YvXJMVi4cSbG4=;
 b=hJABft0+gpLm6qCVBJLZqp0slI75z9sd43spvYRqPrvngbQnF7qpYFAOiwBhS9V9rx
 KHDHiYiGruPeCoLemR204wNQ+JapG3FTAW34IeUSZXT1/G3meLJrrtucq3uR9hojZd9n
 mfhyRSZJcIIXKt/7EuAjunxjZJTW4fPGrzDjo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=9KZMHuB8Qywm7oucr2u8NSqzV9/F64YvXJMVi4cSbG4=;
 b=XWZ2a3Gu+nV61v9y1lo/gixbMA3lxFzU3azb1SwFIBIM8rjbMrAVJzOf+JH16T0eKY
 kpO00uLPO7YZKM+R630xfRG2u0EOImnegjUV0SlwfEE4/qofFXv8N2UtJRlchGmCzyv+
 bwZ/ojFmr1c0DQNcr4MW/51+3SyFXG2KxHahdW4sX5ufV7y2WjsSsZwHfNfsFRETZBgF
 VgWDKcUALBHbWoLmmKao4Qcx9EmwjMvNbbYZkU34MCXf6cg2TheuwiFfiAREbgtMzeT7
 xZvKOt1ICP88SZX3+Ww/WarxYyPDQFIGKGQ/MQjArWuylJJB/d8EiiP9vGXWM2A706MZ
 LtVg==
X-Gm-Message-State: ALoCoQkwhi+C9kj4Tg0Xdgz7CFN2q0UAO1X1I1jLQKnUUEGDDv51ZID6lmWUV53L3t/0NdHyUweN
MIME-Version: 1.0
X-Received: by 10.182.216.203 with SMTP id os11mr5340906obc.14.1443699076780; 
 Thu, 01 Oct 2015 04:31:16 -0700 (PDT)
Received: by 10.76.180.39 with HTTP; Thu, 1 Oct 2015 04:31:16 -0700 (PDT)
X-Originating-IP: [2001:470:69d7:4ca::ffd6]
In-Reply-To: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
References: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
Date: Thu, 1 Oct 2015 12:31:16 +0100
Message-ID: <CABMkiz6_nnMpghj-Q4yxKZHKhAdEschZAMybGC_JHjxVR_aJWw@mail.gmail.com>
From: Ben Tasker <ben@bentasker.co.uk>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> False! A unique Tor exit IP that visits site1.com then site2.com won't
> compromise same person visited those sites or tow different person who
> used same Tor exit IP at the same time did that, thus anonymity
> remains true.

But if one has one fingerprint (the default TBB) and the other an
'undetectable' one, then you can easily differentiate that they are two
different users. They both came from Tor exits, so you "know" they're TOR
users, but one user changing TBB's signature means they no longer appear as
close to identical as possible.

> TBB because when a natural fingerprint is used once then there will be
> no enough information available for data miners to link pseudonyms for
> deanonymization,

Used once, sure. But over time, it's likely going to get used more than
once, unless you're planning on inserting some sort of randomisation to try
and prevent that (by making some aspect different each session), but that
randomisation then becomes a potential means to identify users who are
using "UnidentifiableMode"

> Undetectability is a crucial requirement for privacy protection tools
> and unfortunately seems that Tor developers don't wanna put their time
> on this issue. I hope other folks take this problem serious and do
> something quickly.

I don't _know_ but I suspect it's actually the opposite - thought has
previously been put into the feasibility and risk and it's been decided
that the current approach should be safer. Making something "Undetectable"
is very, very hard as your margin for error is 0 (because 0.01 gives
something that someone could use to make it identifiable). Making something
common so you can blend into the crowd makes it easier to avoid
(potentially) costly mistakes.

Remember that those who are _really_ interested in de-anonymising via
fingerprinting are _very_ good at finding means to differentiate between
requests, one tiny slip-up is all it would take to make your
"Unidentifiable" browser extremely identifiable. You'd then (potentially)
be the only client with fingerprint a, coming from a Tor exit.

Even if you didn't slip up, let's say you make your requests look almost
exactly like vanilla firefox. If you're the only user using that mode at a
given time, every request coming from an exit with your fingerprint is an
opportunity to correlate that traffic back to you. There's no immediate
proof that all that traffic is you, but volumes would be low enough that
you could then start examining requests with an aim to trying to prove it's
all one user.

Blending into the crowd is not without it's value.

On Thu, Oct 1, 2015 at 12:09 PM, behnaz Shirazi <skorpino789263@gmail.com>
wrote:

> On Sat, Sep 26, 2015 at 7:44 PM, Jeremy Rand <biolizard89@gmail.com>
> wrote:
> >Maybe I'm not understanding you, but given that all TBB users are
> >already distinguishable from other users since their IP address is a
> >Tor exit, I'm not seeing how TorBrowser having a different fingerprint
> >from other browsers is a problem.  The important thing is that
> >TorBrowser users have the same fingerprint as each other, which the
> >TorBrowser devs seem to be doing a good job on.
>
> False! A unique Tor exit IP that visits site1.com then site2.com won't
> compromise same person visited those sites or tow different person who
> used same Tor exit IP at the same time did that, thus anonymity
> remains true.
>
> On Sun, Sep 27, 2015 at 7:40 AM, Dave Warren <davew@hireahit.com> wrote:
> >No, you can't just patch in a hardcoded window and screen size unless it
> reflects the actual >viewport size.
> >JavaScript is often used to position elements using relatively absolute
> positioning based on >the viewport that it understands is correct, this
> will fail if the viewport vs reported size isn't >accurate. More
> importantly, it won't even work, JavaScript can detect where wrapping
> >happens, and some creative 1 pixel tall transparent images could detect
> the actual horizontal >width by using varying widths.
>
> Browser Add-ons can change actual view size to anything we plan.
>
> On Mon, Sep 28, 2015 at 4:23 PM, AMuse <tor-amuse@foofus.com> wrote:
> >Having a unique, or unique enough browser fingerprint would allow
> >website owners and content network providers to track a TOR user across
> >nodes and/or sessions. With a large enough CDN (facebook, etc) you could
> >reasonably de-anonymize a user.
>
> That is correct. But a Tor user who temporarily use a natural
> fingerprint to become undetectable for a while won't deanonymize
> itself nor the rest of other Tor users who use a detectable version of
> TBB because when a natural fingerprint is used once then there will be
> no enough information available for data miners to link pseudonyms for
> deanonymization, and for sure Tor users who need undetectability won't
> use the undetectablizer Add-on all the time hence detectable TBB users
> won't become unique.
>
> Undetectability is a crucial requirement for privacy protection tools
> and unfortunately seems that Tor developers don't wanna put their time
> on this issue. I hope other folks take this problem serious and do
> something quickly.
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

