[tor-dev] Best way to client-side detect Tor user without using check.tpo ?

Roger Dingledine arma at mit.edu
Sun Feb 8 07:01:40 UTC 2015


On Sat, Feb 07, 2015 at 01:59:05PM +0100, Fabio Pietrosanti (naif) - lists wrote:
> we're introducing client-side checking if a user it's on Tor or not on
> the GlobaLeaks Javascript client.
>
> So, the TorButton approach is to load
> https://check.torproject.org/?TorButton=true .

Note that the TorButton=true is just a parameter you can hand to check,
to ask it to give you different strings on the results page (so it's
easier to scrape the answer).

> However we're looking for a way that enable to check if we are on Tor
> without having to load a network resource.

Good idea. The answer from check.tp.o is not 100% accurate anyway,
for various reasons:
http://tor.stackexchange.com/questions/190/why-does-check-torproject-org-sometimes-tell-me-im-not-using-tor-when-i-am
So relying on it will result in a thin but steady stream of confused
and worried users.

> That's very important because there are use-case of GlobaLeaks where the
> application is being "integrated" into investigative media website (that
> are under HTTPS) and the Whistleblower is given "some plausible
> deniability" regarding the fact he's leaking something or visiting a news.
> 
> For that reason, we cannot check if a user it's on Tor by loading an
> external network resource such as
> https://check.torproject.org/?TorButton=true because it would destroy
> the plausible deniability things.

Ok.

> There's a right way to detect if a user it's on Tor, from a Browser,
> without loading an external network resource?

Can you describe the scenario more? You have a browser that you don't
control, and you hope the user configured it to point into Tor, and you
want to automatically check if this is true? What software do you control?

In the distant past, we had a ".noconnect" special extension in Tor:
https://gitweb.torproject.org/torspec.git/tree/address-spec.txt#n58
and the idea was that you would connect to Tor's control port, induce a
request for foo.noconnect, and see if you saw stream events for it. If
you did, things were configured correctly. But we disabled .noconnect
because we worried it could be used to notice Tor users in some way.
And it sounds like that solution wouldn't work for you anyway, because
if things *aren't* configured correctly, then your browser would
generate a funny-looking request that everybody knows is a Globaleaks
Tor check?

--Roger



More information about the tor-dev mailing list