Andrew Lewman wrote: > On 01/30/2010 08:40 PM, 7v5w7go9ub0o wrote: >> Given the implications of panopticlick, have you any interest/plans >> in making Torbutton fingerprints even more indistinguishable (e.g. >> give every user a windows I.E. fingerprint) > > Just to highlight what Mike said, > > "As an aside, since there are already some questions in #tor and > #tor-dev, I want to point out that Torbutton's obfuscation features > are only intended to make you appear uniform amongst other Tor users. > Tor users already stick out like a sore thumb because of using exit > IPs, and the small numbers relative to the rest of your vistor base > will make Torbutton's obfuscated settings appear very unique compared > to regular visitors." > > All Tor users should look the same. Not the same as all Tor users > look like the rest of the Internet. You already know it's a tor user > because of the easily identifiable exit relay ip address. It should > be hard to tell if there is 1 tor user or 1 million from the other > information gleaned about the browser. >
Agreed; first of all TOR users should look the same.......... 1. FWICT, the TORBUTTON obfuscation occurs only on the User Agent response. To make us look the same, ISTM the HTTP_ACCEPT Headers should also be standardized. Perhaps all of the fields tested by panopticlick could be standardized - reporting that JS is active even if it isn't (or vice versa)? Obviously there will be additional tests beyond those of panopticlick. 2. Given it is the goal for all TOR users to look the same, there seems a parallel argument for all TOR users to also be as indistinguishable as possible from the dominant other on the net (I.E. 7 on XP?) - just in case some signature collector doesn't correlate with the tor exit, but can tell we were TOR because we bare the TORBUTTON signature. It just seems to me that the panopticlick signature trick is now out of the bag, and it will become widely implemented. Best would be for ALL browsers to appear the same and be indistinguishable. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/