[tbb-bugs] #30135 [Applications/Tor Browser]: Make all TBB users not stand out from each other

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 11 18:42:31 UTC 2019 

#30135: Make all TBB users not stand out from each other
-------------------------------------+-------------------------------------
 Reporter:  cypherpunks              |          Owner:  tbb-team
     Type:  enhancement              |         Status:  new
 Priority:  Medium                   |      Component:  Applications/Tor
                                     |  Browser
  Version:                           |       Severity:  Minor
 Keywords:  TBB Useragent FireFox    |  Actual Points:
  Mobile os tbb-fingerprint-os       |
  fingerprint                        |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 1. Useragent MUST be same for every platform, no OS differences.
 2. Useragent MUST NOT leak version of TB, use same for any version. Let
 non-updated version also use a newer Useragent string without upgrade. To
 not stand out from already updated users. For not making attractive for
 version targeted exploits. By simply not reporting it but mask it.
 3. Useragent SHOULD look more common to regular FireFox. Avoid block
 ability by fingerprint. Make access logs not stand out as TB user.
 ?. For 1. the Useragent MAY differ only reason is on Mobile platform for
 Ability of telling website mobile version is proffered delivered... or is
 there a better way to receive  websites mobile version?
 May implement Useragent overriding string. Whatever OS or version they
 actually use. May fetching by startup from http://rqef5a5mebgq46y5.onion/
 to make sure all users use the same. Independed of any other case.
 All requests coming out of Exit or going to HS should look as could be
 from same person. Not differentiation by OS of user. For example, Bad
 guard or watched guard nodes could look in TCP fingerprinting OS in entry
 connection and match it with Service/exit used in useragent. making to
 find a needle in a haystack to a more little haystack actually.

 Current situation: For what reason hs needs to know os? Not!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30135>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list