Hi,
Georg Koppen:
Yes. We (and Mozilla) are working on that.
Is there documentation on this?
Wordlife,
Spencer
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
aka:
> Wasn't Mozilla working on a Firefox which uses Tor for "Private Browsing"?
> https://wiki.mozilla.org/Privacy/Roadmap/Tor
> If millions of people would use the same Firefox on the same version
> with mostly the same browser/javascript behaviour, it would make TBB
> obsolete. Wouldn't it
Hi,
Spencer:
You should draft this into a proposal...
behnaz Shirazi:
if you write it for me i appreciate that :)
I will write it with you. Hit me up.
Yes, but discrimination is unsupported and avoidable.
sh-expires-12-2...@quantentunnel.de:
Discrimination happens between you and
On Tue, Oct 06, 2015 at 10:40:06PM +, behnaz Shirazi wrote:
> why you think we are limited to less than ~999 possible proxy?
Sorry, I simply stop here, since we are not talking discussing TBB
or Tor anymore.
> 1-as I said UnidentifiableMode is not made for everyday life, we only
> use it for
On Mon, Oct 05, 2015 at 03:47:35PM -0700, Spencer wrote:
> Yes, but discrimination is unsupported and avoidable.
Discrimination happens between you and your endpoint,
not between you and Tor. It may be that a exit discriminates,
if you request a destination port that isn't available
on some
On Tue, Oct 06, 2015 at 03:22:03PM +0200, aka wrote:
> If millions of people would use the same Firefox on the same version
> with mostly the same browser/javascript behaviour, it would make TBB
> obsolete. Wouldn't it make more sense to include those anonymity patches
> into the mainline Firefox
oh god
On 10/3/15, sh-expires-12-2...@quantentunnel.de wrote:
> On Sat, Oct 03, 2015 at 09:16:50AM +, behnaz Shirazi wrote:
>> If we use a socks proxy server to talk with destination instead of a
>> private Tor exit node then such an attack becomes as dangerous as when
>> you are using a
On 10/3/15, sh-expires-12-2...@quantentunnel.de
wrote:
> On Sat, Oct 03, 2015 at 09:16:50AM +, behnaz Shirazi wrote:
>> If we use a socks proxy server to talk with destination instead of a
>> private Tor exit node then such an attack becomes as dangerous
Wasn't Mozilla working on a Firefox which uses Tor for "Private Browsing"?
https://wiki.mozilla.org/Privacy/Roadmap/Tor
If millions of people would use the same Firefox on the same version
with mostly the same browser/javascript behaviour, it would make TBB
obsolete. Wouldn't it make more sense to
On Mon, Oct 05, 2015 at 02:14:11AM -0700, Spencer wrote:
> The various bits that define your fingerprint.
That makes only sense if you sync your clients requests
to TrackHostExitsExpire, the effect on CDNs that stick
lots of cookies to you, is that what happens to the folks
in the cloudflare
Hi,
Spencer:
Is a 'Natural Fingerprint' like a clearnet fingerprint, in that it
identifies you as
a regular, >non-tor, internet user, making you part of the larger
herd?
behnaz Shirazi:
I don't understand what do you mean by “clearnet fingerprint” ?
I have been defining fingerprint as
Hi,
Ben Tasker:
The problem you have there, is what to randomize,
The various bits that define your fingerprint.
but natural's hard to fake
No need to spoof traffic if using real fingerprint variables.
When we're talking about making the browser unidentifiable as TBB, the
very
Hi,
Spencer:
The various bits that define your fingerprint.
sh-expires-12-2...@quantentunnel.de:
Basically, the countermeasure against such behavior is
to stick a cookie with an hash of your fingerprint
to your browser and deny you, as soon as it no longer
matches.
Yes, but
>Since TBB uses the consensus this discussion is quite nonsensical,
>you can't hide the fact that you use tor from the site you visit,
>not with an addon or a bridge, while using tor.
>
>Since the consensus data is available, I do
>grep "^r " /var/lib/tor/cached-consensus | cut -d \ -f 7
>and
On Sat, Oct 03, 2015 at 09:16:50AM +, behnaz Shirazi wrote:
> If we use a socks proxy server to talk with destination instead of a
> private Tor exit node then such an attack becomes as dangerous as when
> you are using a detectable TBB over a public Tor exit node because the
> number of socks
> but if attacker detect that someone is trying to hide
> it's identity when entering a powerful vile's email account or when
> trying to contact a high risk journalist, that might cost lives.
But if you're doing something (in the adversary's eyes) that serious, it
probably doesn't matter whether
On 10/1/15, Ben Tasker wrote:
>> False! A unique Tor exit IP that visits site1.com then site2.com won't
>> compromise same person visited those sites or tow different person who
>> used same Tor exit IP at the same time did that, thus anonymity
>> remains true.
>
> But if
On Fri, Oct 02, 2015 at 04:58:12PM +, behnaz Shirazi wrote:
> As I said it won't happen. It doesn't make sense to use
> undetectableizer when using a public Tor exit node because that will
> compromise you are using Tor thereby minority of undetectable users
> won't hurt anonymity of major
On Sat, Sep 26, 2015 at 7:44 PM, Jeremy Rand wrote:
>Maybe I'm not understanding you, but given that all TBB users are
>already distinguishable from other users since their IP address is a
>Tor exit, I'm not seeing how TorBrowser having a different fingerprint
>from other
> False! A unique Tor exit IP that visits site1.com then site2.com won't
> compromise same person visited those sites or tow different person who
> used same Tor exit IP at the same time did that, thus anonymity
> remains true.
But if one has one fingerprint (the default TBB) and the other an
Hi,
behnaz Shirazi:
a Tor user who temporarily use a natural
fingerprint to become undetectable for a while won't deanonymize
itself nor the rest of other Tor users who use a detectable version of
TBB because when a natural fingerprint is used once then there will be
no enough information
> Randomization, or some one click equivalent, is the only real option here
when usability is considered; the manual effort each session is undesirable
at the very least :)
The problem you have there, is what to randomize, and how to do it in such
a way that it does not itself become
Having a unique, or unique enough browser fingerprint would allow
website owners and content network providers to track a TOR user across
nodes and/or sessions. With a large enough CDN (facebook, etc) you could
reasonably de-anonymize a user.
On 2015-09-26 12:44, Jeremy Rand wrote:
>
No, you can't just patch in a hardcoded window and screen size unless it
reflects the actual viewport size.
JavaScript is often used to position elements using relatively absolute
positioning based on the viewport that it understands is correct, this
will fail if the viewport vs reported size
Can't TBB devs just patch in a hardcoded 1366x768 window and screen size
in the javascript handler?
Also, if you want true undetectability you need to install a Tor
instance and your OS for TBB in seperate VMs and setup the Tor VM to be
a transparent router for your OS, so even if
In many different cases TBB users have to be undetectable (bypassing
flags, escaping from deep investigations, confusing malicious iframes
etc etc) when traffic flows through custom Tor exite nodes or even
when traffic flows directly just for the privacy TBB offers at client
side compared to plain
>Can't TBB devs just patch in a hardcoded 1366x768 window and screen size
>in the javascript handler?
Anonymity for Tor devs is a priority and they don't like give
different browser fingerprints to their users because that plan makes
Tor users in each web service more unique as very few people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/26/2015 06:38 PM, behnaz Shirazi wrote:
>> Also, if you want true undetectability you need to install a Tor
>> instance and your OS for TBB in seperate VMs and setup the Tor VM
>> to be a transparent router for your OS, so even if
>>
28 matches
Mail list logo