[tor-talk] Spoofing a browser profile to prevent fingerprinting

Mirimir mirimir at riseup.net
Tue Jul 29 17:33:26 UTC 2014


On 07/29/2014 11:09 AM, Aymeric Vitte wrote:
> Sorry, I forgot to say: it's not operational, it was working but I
> stopped it after a crowdfunding campaign which turned to be a flop,
> meaning that nobody cares.

:(

> But the concepts still stand, even if complicate, the requirements were
> that it should work without disturbing the browser's behavior or hacking
> into it (so it works from any browser) and the basic principles were
> that there was no point of tracking you on a fake domain, here it does
> not really depend on how many people are using it, you just behave like
> a normal user on a non existing domain.

Yes, as I understand it, everyone using it would effectively be using
the same browser, and only viewing the output through their local
browser. So the website always sees the proxy browser. Is that right?

Would the proxy browser always show the current Tor browser fingerprint?

> An issue was that people need to set the proxy settings to the server
> that is relaying the data, so not very user friendly...
> 
> Probably the video demo was more self explainatory, I will put it back
> on yt and provide the link

Thank you.

> I think now that it was too complicate but maybe some inspiration can
> come from it.
> 
> Regards,
> 
> Le 29/07/2014 18:40, Mirimir a écrit :
>> On 07/29/2014 10:09 AM, OpenPGP wrote:
>>> Hi all,
>>>
>>> has anybody tried the solution mentioned in http://www.ianonym.com ?
>>> I'm just reading all the stuff and information but feel a bit lost :p
>>> how to
>>> set it al and use it ;)
>> My word, that is complicated!
>>
>> But even so, if only a few use it with Tor, they probably stand out.
>> More generally, the greater the diversity of anonymization options, the
>> less anonymity there is :(
>>
>>>> Aymeric Vittesal:
>>>> ...
>>>> Or unless you use something like http://www.ianonym.com, it was
>>>> designed
>>>> to defeat all forms of tracking/fingerprinting with the fake domain
>>>> concept and hide your destination even with https.
>>>>
>>>> Since it takes control over the whole web page, the js interactions are
>>>> sandboxed with a script to "tame" the page, a prototype was working but
>>>> maybe it's a bit too complicate...
>>>>
>>>> Regards
>>>>>>
>>>
>>> ______________________________
>>> http://www.openpgp.org
>>> https://www.gnupg.org
>>> ______________________________________________________________
>>>
>>>
>>>
> 


More information about the tor-talk mailing list