Delivery-Date: Sun, 27 Sep 2015 03:46:02 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DDA0C1E08A5;
	Sun, 27 Sep 2015 03:46:00 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E6D883779F;
	Sun, 27 Sep 2015 07:45:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BE2A83779F
 for <tor-talk@lists.torproject.org>; Sun, 27 Sep 2015 07:45:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 03pq4BlDhSk1 for <tor-talk@lists.torproject.org>;
 Sun, 27 Sep 2015 07:45:51 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 by eugeni.torproject.org (Postfix) with ESMTP id A687D3779E
 for <tor-talk@lists.torproject.org>; Sun, 27 Sep 2015 07:45:51 +0000 (UTC)
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG002423774.MSG 
 for <tor-talk@lists.torproject.org>; Sun, 27 Sep 2015 00:40:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1443339635; x=1443944435; i=davew@hireahit.com;
 q=dns/txt; h=Message-ID:Date:From:User-Agent:MIME-Version:To:
 Subject:References:In-Reply-To:Content-Type:
 Content-Transfer-Encoding; bh=7POp0qbgWDhpJZ++Xf1fIEuW7R2zj6/KIe
 zfuy7fHZo=; b=gN6OfNwtK+sDq+ujM6uuM2B89WBt33I3YCxVCgUpT63Y5nLIcf
 SedMBAMIss8vKgPu/rbmm/BbxWfc7b7LnpqR8/MQ5T/wxA9Kd2DLpLTSZZVppaD9
 uct/0byTZMqC3lt/n8SpnDKdwPPVDH1s9P0susneWhG00c+DxmnT7k75k=
Received: from [x.x.x.x] ([184.68.44.226])
 by VINCENT.hireahit.com ([23.19.120.58])
 (Cipher TLSv1.2:AES-SHA:256) (MDaemon PRO v15.5.1b) 
 with ESMTPSA id 43-md50000024322.msg for <tor-talk@lists.torproject.org>;
 Sun, 27 Sep 2015 00:40:34 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Sun, 27 Sep 2015 00:40:34 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <56079D70.3060209@hireahit.com>
Date: Sun, 27 Sep 2015 00:40:32 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
 rv:25.4) Gecko/20150524 FossaMail/25.1.5
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAKcCSXpdFGPLe_4vOtQuTg-MU=+Jjg2gFm3HiOeDDjFPq6Q+zA@mail.gmail.com>
 <5606BD85.2050601@gmail.com>
In-Reply-To: <5606BD85.2050601@gmail.com>
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

No, you can't just patch in a hardcoded window and screen size unless it 
reflects the actual viewport size.

JavaScript is often used to position elements using relatively absolute 
positioning based on the viewport that it understands is correct, this 
will fail if the viewport vs reported size isn't accurate. More 
importantly, it won't even work, JavaScript can detect where wrapping 
happens, and some creative 1 pixel tall transparent images could detect 
the actual horizontal width by using varying widths.


On 2015-09-26 08:45, aka wrote:
> Can't TBB devs just patch in a hardcoded 1366x768 window and screen size
> in the javascript handler?
>
> Also, if you want true undetectability you need to install a Tor
> instance and your OS for TBB in seperate VMs and setup the Tor VM to be
> a transparent router for your OS, so even if java/flash/exploit is
> executed, it doesn't leak your real IP, since even your OS in the VM is
> forced through Tor.
> The FBI used an old firefox exploit to execute native code and did plain
> IP requests to uncover users. In that configuration they would need an
> additional VM escape exploit, which raises the cost exponentially.
>
> behnaz Shirazi wrote:
>> In many different cases TBB users have to be undetectable (bypassing
>> flags, escaping from deep investigations, confusing malicious iframes
>> etc etc) when traffic flows through custom Tor exite nodes or even
>> when traffic flows directly just for the privacy TBB offers at client
>> side compared to plain Firefox.
>>
>>
>> TBB have a distinguishable User-Agent and screen size that can be
>> easily changed to something more common but it also have other
>> fingerprints that are hard to change, such as timezone=0 or
>> navigator.plugins=none or some dialogs [1] [2]. And TBB have even more
>> fingerprints that we are not aware of yet
>>
>>
>> Can someone please teach Tor users how to modify the source code and
>> compile a custom build or create browser Add-ons that subvert these
>> detection methods? There must be an option for those who urgently
>> (...) need undetectability and it doesn't require much effort to make
>> that happen.
>>
>>
>> [1]: https://www.browserleaks.com/canvas
>> [2]: https://www.browserleaks.com/firefox
>>


-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

