[tor-talk] Spoofing a browser profile to prevent fingerprinting

Aymeric Vitte vitteaymeric at gmail.com
Tue Jul 29 20:33:24 UTC 2014


Please see my previous answer, the fingerprint will be the one of a 
normal browser, not the Tor browser, so like when you are using a normal 
browser, a unique fingerprint that changes, so finally you are not 
unique at all.

I was thinking at that time to add some fingerprint "spoofing" features, 
not sure it's a good idea since you might end up with different people 
having the same fingerprint, then recognizable, the best is to be 
temporarly unique I believe.

Regards,

Le 29/07/2014 19:33, Mirimir a écrit :
> On 07/29/2014 11:09 AM, Aymeric Vitte wrote:
>> Sorry, I forgot to say: it's not operational, it was working but I
>> stopped it after a crowdfunding campaign which turned to be a flop,
>> meaning that nobody cares.
> :(
>
>> But the concepts still stand, even if complicate, the requirements were
>> that it should work without disturbing the browser's behavior or hacking
>> into it (so it works from any browser) and the basic principles were
>> that there was no point of tracking you on a fake domain, here it does
>> not really depend on how many people are using it, you just behave like
>> a normal user on a non existing domain.
> Yes, as I understand it, everyone using it would effectively be using
> the same browser, and only viewing the output through their local
> browser. So the website always sees the proxy browser. Is that right?
>
> Would the proxy browser always show the current Tor browser fingerprint?
>
>> An issue was that people need to set the proxy settings to the server
>> that is relaying the data, so not very user friendly...
>>
>> Probably the video demo was more self explainatory, I will put it back
>> on yt and provide the link
> Thank you.
>
>> I think now that it was too complicate but maybe some inspiration can
>> come from it.
>>
>> Regards,
>>
>> Le 29/07/2014 18:40, Mirimir a écrit :
>>> On 07/29/2014 10:09 AM, OpenPGP wrote:
>>>> Hi all,
>>>>
>>>> has anybody tried the solution mentioned in http://www.ianonym.com ?
>>>> I'm just reading all the stuff and information but feel a bit lost :p
>>>> how to
>>>> set it al and use it ;)
>>> My word, that is complicated!
>>>
>>> But even so, if only a few use it with Tor, they probably stand out.
>>> More generally, the greater the diversity of anonymization options, the
>>> less anonymity there is :(
>>>
>>>>> Aymeric Vittesal:
>>>>> ...
>>>>> Or unless you use something like http://www.ianonym.com, it was
>>>>> designed
>>>>> to defeat all forms of tracking/fingerprinting with the fake domain
>>>>> concept and hide your destination even with https.
>>>>>
>>>>> Since it takes control over the whole web page, the js interactions are
>>>>> sandboxed with a script to "tame" the page, a prototype was working but
>>>>> maybe it's a bit too complicate...
>>>>>
>>>>> Regards
>>>>>>>>
>>>>
>>>> ______________________________
>>>> http://www.openpgp.org
>>>> https://www.gnupg.org
>>>> ______________________________________________________________
>>>>
>>>>
>>>>

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms



More information about the tor-talk mailing list