[tor-bugs] #11949 [Torbutton]: Randomize Browser Fingerprint..

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 14 05:17:13 UTC 2014 

#11949: Randomize Browser Fingerprint..
-------------------------+---------------------------
 Reporter:  mt2014       |          Owner:  mikeperry
     Type:  enhancement  |         Status:  new
 Priority:  blocker      |      Milestone:
Component:  Torbutton    |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------------
 TorBrowser still can be easily fingerprinted:

 1. check your fingerprint ID here & copy it to notepad:
 http://fingerprint.pet-portal.eu/
 http://www.browserleaks.com/canvas

 2. Do whatever you can to delete your trace (dom storage, html5 storage,
 cookie, flash cookie, reinstall browser)

 3. check your fingerprint once more from above sites. 99% it will still be
 same!

 Most advertising company loves this kind of static fingerprinting, so they
 can track their user. , especially by big company like google. I have many
 clients who experienced opening adwords account then for whatever reason
 their account is banned for life by google, then they open new account by
 using all new identity (brand new unrelated browser, new credit card
 identity with different name, new address, new internet connection, the
 only difference is using same computer), you know what happend? couple
 days later this brand new account banned because they know it is old user
 that they banned before. Sometimes I dont know how can they find out, but
 as far as I know this guys is really really good when fingerprinting
 everysingle user they have. the only failproof solution is also using
 completely new computer or using new virtual computer using VPN provider.

 Static fingerprint like this also threatening small privacy browser like
 torbrowser & jondofox, if big companies feel that this privacy browsers a
 threat they can just easily blocked all access by this browsers using
 their fingerprint. User will fell it is browser's bug then change another
 browser. It happens with opera once. This opera browser was growing fastly
 couple years ago and it becoming a threat for google chrome growth, so
 google blocked all access to most google service by opera browser then
 recommend big 4 browser instead.

 http://dev.opera.com/blog/google-browser-sniffing-and-the-open-web/

 Now what happens? opera becomes google's bootlicker. Now they agree
 whatever google wants them to do. See all opera browser you will notice
 many google product is there now. Even opera now uses Google's Blink as
 their engine.

 maybe TorBrowser should randomizing some browser data per browser session
 like using "Firegloves", "Random Agent Spoofer" & "IpFlood" addon? This
 asddon works by randomizing some browser data such as timezone, screen
 dimension, useragent, etc.

 RAS also send fake "X-Forwarded-For" & "Via" Header (Usually used by
 transparent proxy to let the sites know the real ip address), if we send
 this fake header, the site will think that our real ip address is just a
 transparent proxy server.


 Thank you for taking the time to read this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11949>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list