Re: [tor-talk] TorBrowser spoofed screen size?

[Joe Btfsplk]

On 3/5/2014 7:52 PM, Soul Plane wrote:

I tried TBB 3.5.2 in Windows XP at 120 dpi and browserspy says I'm at 96.
Yes, that's screen "resolution," or just resolution.  It's of some 
significance, but it's not the same as "screen (or monitor) size."
Screen size is what I meant (like 1280 x 720, etc.).  That's the value 
I'm asking what TBB is now supposed to spoof (what IS that value).


Note:  it may? be working correctly for me (dunno)... except, since 
neither I nor millions, keep their system DPI set at default (in 
Windows, often 96), then the TBB spoofed screen size, modified by the 
DPI adjustment, gives a VERY weird number (sort of like:  1657 x 841, 
1920 x 892 etc.).  So weird, it's probably FAR more noticeable / unique, 
than just showing my real screen size, or somehow? spoofing my own 
(believable) value.


But, EVEN WHEN  I reset my system to 96 DPI, reboot - TBB still shows a 
weird value - like 1920 x *933* (just an example).

NO one has a screen size w/ those odd numbers.  That's the issue.

Try checking your screen size at these sites (they do thorough jobs, in 
varying degrees).
They're quite well known.   At BrowserSpy.dk, must click each test 
separately.  There, the test is "screen."
You may have to enable javascript (if turned off) in NoScript, for some 
sites to detect certain browser or system values (a lesson unto itself 
about JS giving up info).


But, at least *parts* of many sites won't work w/o java script - a 
double edged sword.


Browser check sites:
From JonDoFox group: IP check 
Panopticlick-EFF.org_Browser.Uniqueness 
BrowserSpy.dk_Browser Privacy Tests 

I've never checked the resolution before so I don't know how it compares to 
earlier versions.
I can't remember what TBB was reporting, the last time I checked on one 
of those sites.
For those using system default DPI values, TBB may be correctly spoofing 
a fairly common is size (or not).


If others would, please check to see if it's spoofing a "common" screen 
size, or a weird one.
If you report a "sort of" size back here, please state if you use 
default OS DPI value, or higher / lower.


I read a bunch on Trac, but *never found* the final draft for what 
size(s) they'd show.  I'm pretty sure none of the choices were 1920 x 869.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TorBrowser spoofed screen size?

[Soul Plane]

I tried TBB 3.5.2 in Windows XP at 120 dpi and browserspy says I'm at 96.
However I went to whatsmyip.org and clicked the 'more info' option and it
shows what appears to be a unique browser resolution. I've never checked
the resolution before so I don't know how it compares to earlier versions.

There's a ticket about DPI here:
https://trac.torproject.org/projects/tor/ticket/8076

If there is a thorough fingerprint page somewhere I would like to know what
it is so I can see what information differs between clients. Aren't Tor
Browser users supposed to look the same?


On Wed, Mar 5, 2014 at 7:56 PM, Joe Btfsplk  wrote:

> I'm sure I recently checked what screen size TBB (Windows) was giving out.
>  Which ever version I checked it in, test sites did NOT show my actual
> monitor size.
>
> Now, in TBB 3.5.2, my actual screen size seems to show on several browser
> test sites.
> Even extracted TBB again, into clean folder & re-checked.  Still shows my
> *actual* screen size on test sites.
>
> I thought decision was made / implemented to report same screen size for
> everyone?
> This is a problem - for couple reasons, for me.
>
> IF... I set Windows system DPI slightly > default of 96 (else it's too
> damn small), then w/o TBB properly spoofing screen size, sites will detect
> a size that's NEITHER the same as other TBB users, nor a "standard" size.
> Changing Windows' DPI setting will make my detected screen size an
> "oddball" size - that almost no one has.
>
> Anyone else notice TBB isn't spoofing a "default" screen size anymore, or
> have ideas why it isn't spoofing mine correctly?
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] TorBrowser spoofed screen size?

[Joe Btfsplk]

I'm sure I recently checked what screen size TBB (Windows) was giving 
out.  Which ever version I checked it in, test sites did NOT show my 
actual monitor size.


Now, in TBB 3.5.2, my actual screen size seems to show on several 
browser test sites.
Even extracted TBB again, into clean folder & re-checked.  Still shows 
my *actual* screen size on test sites.


I thought decision was made / implemented to report same screen size for 
everyone?

This is a problem - for couple reasons, for me.

IF... I set Windows system DPI slightly > default of 96 (else it's too 
damn small), then w/o TBB properly spoofing screen size, sites will 
detect a size that's NEITHER the same as other TBB users, nor a 
"standard" size.
Changing Windows' DPI setting will make my detected screen size an 
"oddball" size - that almost no one has.


Anyone else notice TBB isn't spoofing a "default" screen size anymore, 
or have ideas why it isn't spoofing mine correctly?

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TIMB - Tor Instant Messaging Bundle

[Andrew F]

On Wednesday, March 5, 2014, M. Ziebell 
wrote:

> If have a question to the TIMB Project,
> I'm not sure if this is the correct mailing list, if not I'm sorry.
>
> In this Roadmap/summary:
>
>
> https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB
>
> You mention that your planing/trying the Bundle around the Mozillas NSS
> lib with some JS-C Wrapper for OTR.
>
> Possible that I mistake something but I'm not a friend of the idea of
> an messenger basend on JS and NSS.
>
> 1. As far as I understand it would just use web techniques and NOT be
>one, so this article may not apply.
>
> http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/
>
> 2. The Tor Browser Bundle already depends on NSS. IMHO it is true to
>say that there security bugs in the lib, just because security is so
>damn complex.
>Considering these two statement I would advise against NSS and build
>the Bundle around an other LIB, for diversity.
>
>
> I'm sorry for the clumsy language or if I offend anybody/anyone. Highly
> likely that I'm not getting everythin..
>
>
> Sincerely,
>
> M
> --
> tor-talk mailing list - tor-talk@lists.torproject.org 
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor Weekly News — March 5th, 2014

[Lunar]

Tor Weekly News  March 5th, 2014


Welcome to the ninth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Tor 0.2.4.21 is out
---

Roger Dingledine announced the release of Tor 0.2.4.21 [1], whose major
new feature is the forced inclusion of at least one NTor-capable relay
in any given three-hop circuit as a defence against adversaries who
might be able to break 1024-bit encryption; this feature was first seen
in the latest alpha release (0.2.5.2-alpha) three weeks ago [2], but is
here incorporated into the current stable series.

You can find full details of this release’s other features and bugfixes
in Roger’s announcement.

   [1]: https://lists.torproject.org/pipermail/tor-talk/2014-March/032242.html
   [2]: 
https://lists.torproject.org/pipermail/tor-talk/2014-February/032150.html

Tor in Google Summer of Code 2014
-

As has been the case over the past several years, Tor will once again be
participating [3] in Google’s annual Summer of Code program — aspiring
software developers have the chance to work on a Tor-related project
with financial assistance from Google and expert guidance from a core
Tor Project member. Several prospective students have already contacted
the community with questions about the program, and Damian Johnson took
to the Tor Blog to give a brief summary of what students can expect from
the Summer of Code [4], and what the Tor Project expects from its
students.

In particular, Damian encouraged potential applicants to discuss their
ideas with the community on the tor-dev mailing list or IRC channel
before submitting an application: “Communication is essential to success
in the summer of code, and we’re unlikely to accept students we haven’t
heard from before reading their application.”

If you are hoping to contribute to Tor as part of the Summer of Code
program, please have a look through Damian’s advice and then, as he
says, “come to the list or IRC channel and talk to us!”

   [3]: https://www.google-melange.com/gsoc/org2/google/gsoc2014/tor
   [4]: https://blog.torproject.org/blog/tor-google-summer-code-2014

Two ways to help with Tails development
---

One of the most interesting upcoming additions to the Tails operating
system is the ability to thwart attempts at tracking the movements of
network-enabled devices by spoofing the MAC address on each boot. As
part of the testing process for this new feature, the Tails developers
have released [5] an experimental disk image which turns it on by
default, alongside a step-by-step guide to trying it out and reporting
any issues encountered. However, as the developers state, “this is a
test image. Do not use it for anything other than testing this feature.”
If you are willing to take note of this caveat, please feel free to
download the test image and let the community know what you find.

Turning to the longer-term development of the project, the team also
published a detailed set of guidelines for anyone who wants to help
improve Tails itself by contributing to the development of Debian [6],
the operating system on which Tails is based. They include advice on the
relationship between the two distributions, tasks in need of attention,
and channels for discussing issues with the Tails community; if you are
keen on the idea of helping two free-software projects at one stroke,
please have a look!

   [5]: https://tails.boum.org/news/spoof-mac/
   [6]: https://tails.boum.org/contribute/how/debian/

Monthly status reports for February 2014


The wave of regular monthly reports from Tor project members for the
month of February has begun. Georg Koppen released his report first [7],
followed by reports from Sherief Alaa [8], Pearl Crescent [9], Nick
Mathewson [10], Colin C. [11], Lunar [12], Kelley Misata [13], Damian
Johnson [14], George Kadianakis [15], Philipp Winter [16], and Karsten
Loesing [17].

Lunar also reported on behalf of the help desk [18], while Mike Perry
did the same on behalf of the Tor Browser team [19], and Arturo Filastò
for the OONI team [20].

   [7]: 
https://lists.torproject.org/pipermail/tor-reports/2014-February/000464.html
   [8]: 
https://lists.torproject.org/pipermail/tor-reports/2014-February/000465.html
   [9]: 
https://lists.torproject.org/pipermail/tor-reports/2014-February/000466.html
  [10]: 
https://lists.torproject.org/pipermail/tor-reports/2014-February/000467.html
  [11]: 
https://lists.torproject.org/pipermail/tor-reports/2014-March/000468.html
  [12]: 
https://lists.torproject.org/pipermail/tor-reports/2014-March/000471.html
  [13]: 
https://lists.torproject.org/pipermail/tor-reports/2014-March/000472.html
  [14]: 
https://lists.torpro

[tor-talk] TIMB - Tor Instant Messaging Bundle

[M. Ziebell]

If have a question to the TIMB Project,
I'm not sure if this is the correct mailing list, if not I'm sorry.

In this Roadmap/summary:

https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB

You mention that your planing/trying the Bundle around the Mozillas NSS
lib with some JS-C Wrapper for OTR.

Possible that I mistake something but I'm not a friend of the idea of
an messenger basend on JS and NSS.

1. As far as I understand it would just use web techniques and NOT be
   one, so this article may not apply.

http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/

2. The Tor Browser Bundle already depends on NSS. IMHO it is true to
   say that there security bugs in the lib, just because security is so
   damn complex.
   Considering these two statement I would advise against NSS and build
   the Bundle around an other LIB, for diversity.


I'm sorry for the clumsy language or if I offend anybody/anyone. Highly
likely that I'm not getting everythin..


Sincerely,

M
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk