[tor-talk] Making TBB undetectable!

[Spencer]

Hi,

>> 
>> Spencer:
>> The various bits that define your fingerprint.
>> 
> 
> sh-expires-12-2015 at quantentunnel.de:
> Basically, the countermeasure against such behavior is
> to stick a cookie with an hash of your fingerprint
> to your browser and deny you, as soon as it no longer
> matches.
> 

Yes, but discrimination is unsupported and avoidable.

> 
> If you try to spoof
> 

No spoof.

> 
> If you'd read the TBB design doc,
> 

Quite the presumption :(

> 
> you'd understand that the
> choice that was made, using a pretty real and pretty common
> user-agent, and some measures were added.
> 

And as a result, Tor Browser owns up to its ID with no spoofing, as Tor 
Browser users appear a Tor Browser users.

> 
> using tor to connect
> to another semi-public entity (like an open proxy)
> 
> The only case, were that makes sense to me is for trolling sites
> 

Or using the internet.  What if the OP is tired of being rejected from 
visiting sites due to IP badlists and uses said proxy to appear like a 
clearnet user so as not to be restricted.  Google products (except for 
Google Images) require this.  Ix Quick and Startpage feature this.

> 
> if you are so unhappy with TBB.
> 

Again with the presumptions :(:(

> 
> The demanded
> 

Discussed

> 
> feature makes
> absolutely no sense for a TBB usecase or threatmodel.
> 

Will you link to the use cases and threat models in the documentation?

> 
> You fail to understand
> 

Fail often to succeed sooner :)

My thought is that this is being mentioned in multiple places and, if 
there is any merit to undetectability, we should challenge it fully to 
see; not settle with what we have and use "good enough" as an argument.  
I suggested a formal proposal as the next step.

Wordlife,
Spencer