Delivery-Date: Sat, 26 Sep 2015 15:10:40 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 25B8D1E045A;
	Sat, 26 Sep 2015 15:10:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 14FA636931;
	Sat, 26 Sep 2015 19:10:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9A30136922
 for <tor-talk@lists.torproject.org>; Sat, 26 Sep 2015 19:10:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xEhosvMdIw9x for <tor-talk@lists.torproject.org>;
 Sat, 26 Sep 2015 19:10:29 +0000 (UTC)
Received: from mail-io0-x241.google.com (mail-io0-x241.google.com
 [IPv6:2607:f8b0:4001:c06::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 78A8736917
 for <tor-talk@lists.torproject.org>; Sat, 26 Sep 2015 19:10:29 +0000 (UTC)
Received: by ioiz6 with SMTP id z6so12875852ioi.3
 for <tor-talk@lists.torproject.org>; Sat, 26 Sep 2015 12:10:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=hdw6C7KF8Vfhn8WhlQESsxFBys/12HXl4prBHHN2uSk=;
 b=jdt2ll/py5IGO9Y9mYU0r1te1zG6rLt6IJSiB1Xv25Ga2c8aaakluhY89tGrq6HV8g
 Fw4IoxfY83WCQQ/1vccKcYv9NO7QU7U+L2ecoCy3kcrAEat3tth2zSqBTmPdjUqRhkQ3
 Vd+yJZY55c/UbryL1xw9pBmQIsXWlul2aPC+IjsBim/d1CpyqqgbCF69OA1A4dtVasUD
 UCbpKDqc8CvbjFZqAUVduiE4VZAn8OyMIEwuAwSj+/FCHTXXbBhQp/a2IsZORbbS3KhT
 p7+l6/mWasNf64+KQe2feuGjtEkcR2Bhfp5+KEn/Qn7TZMs4bc9gfyjImRg4LfyvktHi
 h6fw==
MIME-Version: 1.0
X-Received: by 10.107.17.206 with SMTP id 75mr13809917ior.140.1443292727801;
 Sat, 26 Sep 2015 11:38:47 -0700 (PDT)
Received: by 10.107.20.72 with HTTP; Sat, 26 Sep 2015 11:38:47 -0700 (PDT)
Date: Sat, 26 Sep 2015 22:08:47 +0330
Message-ID: <CAKcCSXq6=L85ndL_dtnVg=szY6mCyUFhfLrNOaB9nhKqqKnT_A@mail.gmail.com>
From: behnaz Shirazi <skorpino789263@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>Can't TBB devs just patch in a hardcoded 1366x768 window and screen size
>in the javascript handler?

Anonymity for Tor devs is a priority and they don't like give
different browser fingerprints to their users  because that plan makes
Tor users in each web service more unique as very few people actually
use Tor at each website, however uniqueness of user won't deanonymize
it right away, it depends on using same unique fingerprint on another
webservice that will confess user's identity and let attacker link the
pseudonymous identity to a real identity that used same browser
fingerprint.

An optional tool that allows users temporarily make their TBB
undetectable whenever they need doesn't hurt anonymity of Tor network
at all.

I believe writing a browser Add-on that contains several common
profiles (desktop tablet and mobile configurations) or let users
manually define what their browser should return in response to data
requests, would be ridiculously easy.

And there is no need to wait for Tor developers to build such a
tool/guide, any third party can help.

>Also, if you want true undetectability you need to install a Tor
>instance and your OS for TBB in seperate VMs and setup the Tor VM to be
>a transparent router for your OS, so even if java/flash/exploit is
>executed, it doesn't leak your real IP, since even your OS in the VM is
>forced through Tor.

No I don't talk about anonymity, I'm asking to fix detectability.
destination website shouldn't be able to detect user is using TBB,
some people think only problematic guys use TBB and Detecting it cause
a lots of problems in different scenarios (in my own case, for some
reasons i'm worry about QUANTUM_INSERT like programs that can
automatically attack me if they think i'm a suspicious user)

And there is no need to play flash/java in the game, lots of ordinary
people are uninstalling those malware-vectore plugins. Java is dead
and flash has to die, too.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

