[tor-talk] Spoofing a browser profile to prevent fingerprinting
ideas buenas
ideasbuenas at gmail.com
Sat Jul 26 21:42:37 UTC 2014
How to download spoofer from Git and install it in google chrome ?
On Sat, Jul 26, 2014 at 6:14 PM, Craw <paulus.smirnov at yandex.ru> wrote:
> Hello everybody,
>
> You know, there are some various methods of fingerprinting a browser.
> Plugins and plugin-provided information are still the most useful in
> uniquely identifying a browser, but there are also some other
> information that can be used to fingerprint a Tor user, like user
> agent, screen resolution, time zone, etc.
>
> I think it can be helpful to spoof real browser profile to random
> temporary one. Each browser profile includes user-agent (browser
> name/version), platform (OS name/version), screen resolution, time
> zone (depends on country of an exit-relay, so, perhaps, mismatch of it
> can cause suspicion?). So, my suggestion is to generate random browser
> profile during each identity session, or randomly switch them after a
> chosen period of time has expired. By making this, some important info
> about users will be unreachable for an attacker and fingerprinting
> will be more difficult.
> Here's a link on open-source repository of Firefox add-one which code
> we can use for Tor Browser -
> https://github.com/dillbyrne/random-agent-spoofer
>
> Also I suggest to:
> - forbid HTML5 Canvas by default
> (http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf)
> - use only standard font set (can be used for fingerprinting)
> - set network.http.sendRefererHeader value "0" by default (allows
> sites to track referer, but some sites can be broken! add ability to
> switch on/off referer?)
>
> Let me know about your thoughts,
> Looking forward to hear from you, Pavel.
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list