[tor-talk] Making TBB undetectable!

Spencer spencerone at openmailbox.org
Mon Oct 5 09:14:11 UTC 2015 

Hi,

> 
> Ben Tasker:
> The problem you have there, is what to randomize,
> 

The various bits that define your fingerprint.

> 
> but natural's hard to fake
> 

No need to spoof traffic if using real fingerprint variables.

> 
> When we're talking about making the browser unidentifiable as TBB, the 
> very
> act of having something in the fingerprint that changes to prevent
> correlation between sessions provides an avenue by which it can be
> identified as TBB:
> 

I feel like behavior will address the examples for this argument.

>> 
>> Spencer:
>> Making people blend into the crowd of regular internet users is best 
>> but
>> only if we resolve the traffic source; i.e., Tor exits.
>> 
> 
> That's quite an issue to solve though. [Attackers can] map out Tor 
> exits...
> 

True, but we can come up with other ideas than using the public Tor 
exits.

> 
> the aim isn't to hide that you're using Tor
> from your destination, and successfully doing so would (IMO) be a 
> pretty
> non-trivial task
> 

But it is, and I agree :)

> 
> Those are a list of the requests we know are differentiators, it 
> doesn't
> mean that others won't be discovered, you'd need to gamble that 
> anything
> found is publicly disclosed when it's found, rather than kept quiet by 
> an
> adversary.
> 

But this is the case for everybody everywhere.

> 
> What you're essentially asking for is a browser that behaves
> like TBB (i.e. the various privacy protections) whilst pretending it
> behaves like a Google Nexus (for example). It's not that it'd be 
> impossible
> to do, but one tiny mistake or oversight takes you straight back to 
> being
> finger-printable, and almost uniquely so if very few are using
> Unidentifiable Mode.
> 

With the fingerprint, isn't it only valuable over multiple sessions, and 
if others aren't also using that same ID?

> 
> So, you can fairly easily poll for various add-ons. Not sure it'd 
> affect
> your add-on, but seemed worth mentioning.
> 

I don't see this being an add-on as much as being in the settings 
options (which can probably be detected?) where the User Agent is 
located.  The User Agent would be a nice way to simplify the various 
IDs.

The IDs can be open-source and added to other browsers as a standard way 
of providing detectability.

Wordlife,
Spencer

More information about the tor-talk mailing list