[tor-bugs] #11949 [Torbutton]: Randomize Browser Fingerprint..
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 14 05:17:13 UTC 2014
#11949: Randomize Browser Fingerprint..
-------------------------+---------------------------
Reporter: mt2014 | Owner: mikeperry
Type: enhancement | Status: new
Priority: blocker | Milestone:
Component: Torbutton | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------------
TorBrowser still can be easily fingerprinted:
1. check your fingerprint ID here & copy it to notepad:
http://fingerprint.pet-portal.eu/
http://www.browserleaks.com/canvas
2. Do whatever you can to delete your trace (dom storage, html5 storage,
cookie, flash cookie, reinstall browser)
3. check your fingerprint once more from above sites. 99% it will still be
same!
Most advertising company loves this kind of static fingerprinting, so they
can track their user. , especially by big company like google. I have many
clients who experienced opening adwords account then for whatever reason
their account is banned for life by google, then they open new account by
using all new identity (brand new unrelated browser, new credit card
identity with different name, new address, new internet connection, the
only difference is using same computer), you know what happend? couple
days later this brand new account banned because they know it is old user
that they banned before. Sometimes I dont know how can they find out, but
as far as I know this guys is really really good when fingerprinting
everysingle user they have. the only failproof solution is also using
completely new computer or using new virtual computer using VPN provider.
Static fingerprint like this also threatening small privacy browser like
torbrowser & jondofox, if big companies feel that this privacy browsers a
threat they can just easily blocked all access by this browsers using
their fingerprint. User will fell it is browser's bug then change another
browser. It happens with opera once. This opera browser was growing fastly
couple years ago and it becoming a threat for google chrome growth, so
google blocked all access to most google service by opera browser then
recommend big 4 browser instead.
http://dev.opera.com/blog/google-browser-sniffing-and-the-open-web/
Now what happens? opera becomes google's bootlicker. Now they agree
whatever google wants them to do. See all opera browser you will notice
many google product is there now. Even opera now uses Google's Blink as
their engine.
maybe TorBrowser should randomizing some browser data per browser session
like using "Firegloves", "Random Agent Spoofer" & "IpFlood" addon? This
asddon works by randomizing some browser data such as timezone, screen
dimension, useragent, etc.
RAS also send fake "X-Forwarded-For" & "Via" Header (Usually used by
transparent proxy to let the sites know the real ip address), if we send
this fake header, the site will think that our real ip address is just a
transparent proxy server.
Thank you for taking the time to read this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11949>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list