[tor-talk] TBB redesign of purpose?

adrelanos adrelanos at riseup.net
Thu Oct 25 20:16:55 UTC 2012


torcshoulddecide at hushmail.com:
> 
> Thanks for all these years,
> 
> If TBB current "default" policy and strategy - is for obfuscating the
> user for the portal to the point it is known that it is Tor user using
> - that is not productive after all:
> 1. Site administrators (like freenode and wikipedia did) block Tor
> users (that aren't using bridges, which are disabled by default by the
> design)

Even if you use bridges, site admins will always know you are using Tor.
(Private) (obfuscated) bridges do only hide the fact you are using Tor
from your local ISP or hotspot. The list for Tor exits is public.

See also https://www.torproject.org/docs/faq#HideExits

> 2. Massive fingerprinting is still here as trackers like ghostery.com
> blocks (BTW are there more reliable, FLOSS alternatives?) may track
> the full continuous activity even so the IP/cookies are
> changed/deleted.

ghostery is closed source and I am not aware of any floss alternatives.
Maybe adblock plus with a privacy filter list. The ghostery approach is
weak so or so, if you look into the Tor Browser design and trac tickets
you'll see proposals for real do not trac by design.

https://trac.torproject.org/projects/tor/ticket/6549
https://blog.torproject.org/blog/improving-private-browsing-modes-do-not-track-vs-real-privacy-design

> Am I correct?
> 
> If TBB "default" policy could be more than Anonymity Online, more like
> an Internet community (project stats estimate 500k of people) decided
> to oppose the surveillance, it would be more productive for all of us.

Thats already possible. You can set up hidden services and offer privacy
friendly services. Marketing could be better and you are welcome to
contribute.

> In other words, the change from policy of acting like a "normal" users
> to the policy of a proud worldwide community could do the best for the
> most:
> 1. Users which need the anti-surveillance would easily right out of
> the box, use the kinds of Ghostery, RefControl, D-N-T, etc., it would
> be "new normal"

dnt may not be enabled by default and let the user enable it will only
be another fingerprintable bit.
https://trac.torproject.org/projects/tor/ticket/5501

Afaik Tor Browser does already deal with the referrer. ghostery has been
commented already above.

> 2. Users which are more concerned about fingerprinting comparison to
> "old normals" could disable these add-ons, add more profiles (for
> profilers, likely these "tracking Ads companies") of "Tor Users" but
> for some people which don't settle the trackers on sites, they would
> be more like "old normal".
> Is it plausible?

I think none of these add-ons is required. The right way to go is fixing
the TBB tickets.

> Regarding the "tracking Ads" opposition I have written a few
> propositions on the
> https://blog.torproject.org/blog/ultrasurf-definitive-review comments,
> starting with "Thank you for the information, Ultrasurf as a brand is
> a scam, I think."

Well, that's a lot text. I don't think any of the knowing people will
have the time and/or motivation to answer everything throughly. The time
is better spent on actual development. If you really care to find the
answers I suggest reading more blog entries, trac tickets, design, wiki,
anonbib, proposals, smart questions... The solutions aren't as simple as
"install ghostery", but contributing isn't that hard anyway.

http://www.catb.org/esr/faqs/smart-questions.html

> @tor-talk-owner:
> "To post a message to all the list members, send email to  
> tor-talk at lists.torproject.org."
> 
> Original message was mailed 6 days ago, please inform correctly on
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk that
> subscription to post is a requirement or disable this requirement.

You shouldn't mix so many different topics into one mail. It will get
overseen and undiscussed. I think you are right and you should open a
trac ticket.


More information about the tor-talk mailing list