[tor-talk] Users profiling through personаl banners filtering settings

Kraktus kraktus at googlemail.com
Mon Apr 25 13:26:16 UTC 2011

Well, you could make this argument for any blocking activity: cookies,
javascript, plugins, ad-blocking, etc. If one user is blocking a bunch
of things, then they stand out because they are blocking things, and
most people aren't. You might even be able to do extensive tests to
find out what sorts of things they are blocking and find some sort of

Take cookies for example. Imagine these scenarios:
1. User blocks all cookies.
2. User blocks all cookies except cookies from whitelisted sites.
3. User accepts all cookies except cookies from blacklisted sites.
4. User accepts all cookies.

Now, as I understand it, your argument is that any deviation from 4,
but especially selective whitelisting/blacklisting as described in 2
and 3, is a variation from the norm and hence makes a user stand out.
(I believe, it would actually either require multiple sites to
collaborate to perform such an attack, or else, as you suggested, the
exit node itself might perform the attack.)

Now, while there are some cookies that do not contain anything unique,
most cookies are used to store unique IDs. So if you accept a cookie
from a site, they are probably going to give you a unique pseudonym
they can use to track you with. On the other hand, if you refuse to
accept cookies from that site, then you are part of the anonymity
group of Tor users who do not accept cookies from that site. Yes, they
could use other techniques to narrow things down, but at least you
haven't let them give you a unique session ID. So, I think the closer
you can get to 1, without sacrificing too much usability, the better.
The more Tor users can be persuaded to do 2, the better. The more Tor
users could at least be persuaded, if not to do that, then to at least
have a blacklist of advertising domains (3), the better. Then you will
stand out less when you refuse to accept a cookie. (In Firefox, you
can use the Cookie Monster plugin to help with this.)

Javascript is even worse. Javascript often has security
vulnerabilities, so an attacker might exploit a buffer overflow or
something, and use that to reveal your identity. Even if the
Javascript is not exploited, it can still reveal a lot of information
about you. For an idea of what I am talking about, take a look at this
site and allow Javascript.
(That will also show you why you shouldn't allow plugins such as Java
or Flash when using Tor unless you have a fancy setup to force them
through Tor, or simply don't care about your anonymity that much, and
even then, they can still reveal a lot.)

Now, even normal, non-exploiting Javascript still reveals much more
specific information about my computer than simply "This user does not
permit Javascript from your website". So again, the more Javascript
you block, the better. The more Tor users can be persuaded to only
allow Javascript from specific websites (where the usability concerns
outweigh the anonymity concerns). the better. The more Tor users can
be persuaded, if not to do that, then at least to specify websites
they don't want to allow Javascript from, the better. In Firefox,
NoScript can help with this.
Here's a good noscript.untrusted, if you prefer the blacklist method
or just want to minimize the chance of accidentally allowing
javascript from an advertising/tracking domain:
ad.linkstorms.com adbrite.com adbureau.net addthis.com addynamix.com
adgardener.com ads.alphatrade.com ads.forbes.com ads.pointroll.com
ads.reason.com ads.space.com ads1.msn.com adsonar.com adtech.de
adtology3.com advertising.com adzones.com afy11.net blogads.com
doubleclick.com doubleclick.net facebook.net falkag.net getclicky.com
google-analytics.com googleadservices.com googlesyndication.com
hitbox.com quantserve.com scorecardresearch.com serving-sys.com
specificclick.net statcounter.com tacoda.net zedo.com
http://adbrite.com http://adbureau.net http://addthis.com
http://addynamix.com http://adgardener.com http://adsonar.com
http://adtech.de http://adtology3.com http://advertising.com
http://adzones.com http://afy11.net http://blogads.com
http://doubleclick.net http://facebook.net http://getclicky.com
http://google-analytics.com http://googleadservices.com
http://googlesyndication.com http://hitbox.com http://quantserve.com
http://scorecardresearch.com http://serving-sys.com
http://specificclick.net http://statcounter.com http://tacoda.net
http://zedo.com https://adbrite.com https://adbureau.net
https://addthis.com https://addynamix.com https://adgardener.com
https://adsonar.com https://adtech.de https://adtology3.com
https://advertising.com https://adzones.com https://afy11.net
https://blogads.com https://doubleclick.net https://facebook.net
https://getclicky.com https://google-analytics.com
https://googleadservices.com https://googlesyndication.com
https://hitbox.com https://quantserve.com
https://scorecardresearch.com https://serving-sys.com
https://specificclick.net https://statcounter.com https://tacoda.net

I feel the same way about adblocking. The fewer web logs I show up in,
the better. I don't see any reason why I should show up in the log of
website that is pretty much exclusively advertising. When I visit a
website, I only want to show up in the log for that website, not a
bunch of third party websites. Unfortunately, some websites don't work
without third-party content, so I guess unless I don't care about
usability, I have to make some compromises. Still, I have found
adblockplus very useful for blocking third party content without much
of a usability hit. EasyList and EasyPrivacy are very helpful. The
localizations are good if you visit a lot of non-English websites.
Antisocial is good for stopping tracking by social networking
websites. Malware Domains is probably a good idea for Windows users
who don't like to use anti-virus, or who only like to use it
on-demand. (That is, none of that active protection stuff.) Certain
other lists are good if you are visiting certain types of websites.
You know, there have been cases of people getting viruses from
reputable websites when an infected advertisment somehow made it in to
whatever advertiser they were using.

In short, I think the privacy benefits of blocking unwanted
cookies/javascript/third party content is far greater than the risk of
being profiled based on your pattern of blocking stuff, and if you are
concerned about being profiled based on your pattern of blocking
stuff, then the solution is to get more Tor users to block more of
that sort of thing.

On 10/04/2011, unknown <unknown at pgpru.com> wrote:
> On Tue, 22 Mar 2011 18:26:34 +0000
> unknown <unknown at pgpru.com> wrote:
>> Too many users dislikes of annoying web elements -- banners, popups,
>> scripts,
>> strange frames. They use a tools to blocks that elements or change webpage
>> rendering.
>> Traditional programs for filtering is a local proxys -- privoxy or polipo
>> are examples with
>> close relation to Tor and used actively. This programs cannot filtering
>> SSL-content and evil site
>> can use mix of SSL-ed and non-SSL-ed banners, pop-ups, etc to determine a
>> fact
>> of using such proxy and trying to guess personal users filtering settings.
>> The problem may be even worse, with or without using this proxy, even if
>> users block
>> contents within a browser itself (with Firefox plugins to block banners,
>> and scripts). Not
>> only sites, but "mans in the middles", adversarial clusters of evil exit
>> nodes
>> can does parsing traffic and modifying web contents by injecting banners,
>> misconfigured
>> cookies, incorrect frames.
>> Injected traffic for various sites, in different times
>> and seances can be the way of revealing users with personal blocking
>> rules. Data
>> about blocking profiles of that users may be statistical processed and
>> correlated.
>> Is it a real threat? Should Tor users stop blocking contents
>> selectively? Or they can use predefined and shared rules in analogy of
>> Torbutton?
> Let me describe a two examples about users blocks banners in
> privoxy/polipo/adblock/etc:
> 1. Webhost can see that user block russian/german/chinese/etc big portal
> banners. Webservers owner can make a conjecture about specific language of
> the user.
> 2. One exit or colluding exit nodes can compare banners blocking profiles
> from time to time. Profiles can be linked from different seances.
> Any comments?
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list