Firefox privacy and Tor Browser

Al MailingList alpal.mailinglist at
Sat Mar 27 20:20:36 UTC 2010

On Sat, Mar 27, 2010 at 8:09 PM, Mansour Moufid <mansourmoufid at> wrote:
> On Sat, Mar 27, 2010 at 12:17 PM, Al MailingList
> <alpal.mailinglist at> wrote:
>> Google's safe browsing is just an HTTP request, so I would assume when
>> tor is correctly configured it would not be in the clear.
> It would be clearly visible to Tor exit nodes, and the "signature" of
> such traffic would be clear to a local observer (I elaborate further
> down).
>> Reference 5 seems to have his tin foil hat on a little tight.
> Probably a Tor user. ; )
>> I'm not
>> quite sure what he's saying, but the google safe browsing updates
>> don't send the sites you're visiting, it simple retrieves the list of
>> bad sites (more specifically a diff of the bad sites list since your
>> last update). So all they can do is track that a particular user is
>> updating the local black list periodically.
> That's correct, but with each of those requests to update your
> browser's blacklist, is sent uniquely identifying information
> (including "machineid" and "userid"). This information does not change
> over time, and cannot be prevented from being sent -- even in Private
> Browsing mode -- unless you unsubscribe from this service in the
> preferences. In effect, your browser is periodically phoning home to
> Google with a uniquely identifying key that -- and this is the issue
> that I think Tor developers should consider closely: -- does not
> change across browsing sessions.
> To illustrate why I think this is something that concerns Tor, allow
> me to elaborate. There has been some discussion regarding identifying
> Tor users based on correlating "signatures" of traffic observed
> locally versus at exit nodes. Instead of watching website traffic, an
> attacker could instead watch intermittent noise. Things like a
> specific combination of RSS bookmark auto-updates, or... periodic
> blacklist updates. The Google Safe Browsing update traffic occurs in
> bursts and periodically, and will therefore have a very unique
> signature. Furthermore, the uniquely identifying key sent to Google
> unencrypted each time would allow an attacker to cross-reference exit
> node traffic and identify a user across sessions.
> It may seem far-fetched, but I don't think it's inappropriate to
> consider these possibilities.
> --
> Mansour Moufid

Perhaps I was a little dismissive :) I see the issue now - you could
track a user moving between exit nodes if you saw that unique cookie,
and do some profiling.

<runs for his tin hat>


More information about the tor-dev mailing list