Delivery-Date: Tue, 29 Sep 2015 12:23:20 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BC4041E018C;
	Tue, 29 Sep 2015 12:23:18 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E6AAE378D0;
	Tue, 29 Sep 2015 16:23:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7BC90378CB
 for <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 16:23:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id KMVLO2jUzbqF for <tor-talk@lists.torproject.org>;
 Tue, 29 Sep 2015 16:23:10 +0000 (UTC)
Received: from smtp2.openmailbox.org (smtp2.openmailbox.org [62.4.1.36])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 51293378C8
 for <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 16:23:10 +0000 (UTC)
Received: by mail2.openmailbox.org (Postfix, from userid 1004)
 id 0424F2AC0A71; Tue, 29 Sep 2015 18:23:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1443543786;
 bh=DFh9E5KXTqDAOvxWfBkcyprMtlNR9I9VtRSW6W3SBeM=;
 h=Date:From:To:Subject:In-Reply-To:References:From;
 b=HhuW14q1U3oZU/Nx/kCdvns0WN3vHg75HsQQqla4+tM9oscmYq3Wq7q0nj+hMky7B
 xs1zR4jt47P526LKESZOH6TCTcgTNtGtAWqh7qvICyKpRDcF+9HuBDaczmQDONMqhk
 zKlxZJUrZbUkOgsBYRjZR8FMxV7kqB85aVudqKNI=
Received: from www.openmailbox.org (openmailbox-b2 [10.91.69.220])
 by mail2.openmailbox.org (Postfix) with ESMTP id AAA082AC11CB
 for <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 18:22:54 +0200 (CEST)
Authentication-Results: mail2.openmailbox.org; dkim=none
 reason="no signature"; dkim-adsp=fail (unprotected policy);
 dkim-atps=neutral
MIME-Version: 1.0
Date: Tue, 29 Sep 2015 09:22:53 -0700
From: Spencer <spencerone@openmailbox.org>
To: tor-talk@lists.torproject.org
In-Reply-To: <560AAAC9.4020001@gmail.com>
References: <7757388edf9790a0fad5afca48569b52@riseup.net>
 <560AAAC9.4020001@gmail.com>
Message-ID: <ee34ac587b5477071f4942da8b772079@openmailbox.org>
X-Sender: spencerone@openmailbox.org
User-Agent: Roundcube Webmail/1.0.6
Subject: [tor-talk] =?utf-8?q?New_methods_/_research_to_detect_add-ons=3F?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi,

> 
> aka:
> Every add-on installed/not installed gives you one more bit of 
> detection.
> 
> If [x] records you visiting an internet forum via TBB and
> leaking something and detect another visitor with the same 3 bits set
> looking for a train schedule, they can verify with a high confidence
> you posted that message and live in that area.
> That's why it's important that every TBB installation has the same
> Http-Header values and same add-ons.
> 

With this logic, TorBrowser users could select a unique set of add-ons 
each session, correct?

> 
> You don't need any studies, it's simple common knowledge.
> 

I second the request for some documented research, even if we do it 
ourselves.  The first thought I had was a way for people to verify their 
identity by seeing their fingerprint by visiting a website, or something 
close to what others might be looking for, though this could also be an 
off-line thing.

Wordlife,
Spencer




> pacifica@riseup.net wrote:
>> Hello afternoon / evening / morning tor-talk -- I am hoping that 
>> someone
>> can point me in the right direction. I know it is well-discussed that
>> adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
>> but I would like to review the studies myself. I'm having trouble
>> finding credible research where detection of add-ons has resulting in 
>> a
>> significant decrease in anonymity... can someone please point me to
>> those resources?
>> 
>> To be explicit, I am not concerned with "plug-ins" like Java or Flash,
>> but rather "add-ons" like HTTPS everywhere or Privacy Badger.
>> 
>> Thanks in advance.
>> 
>> pacifica
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

