[tor-talk] Hiding stuff

[antispam06 at sent.at]

On Fri, Jul 13, 2012, at 18:15, proper wrote:
> antispam06 at sent.at:
> > In the sense that each extension should be combed for functions that
> > interact with the non–local or that no developer has a wish to inhibit
> > extensions from chatting with the exterior?
> 
> Yes, but its even more. Also some addons are hard to make them work.
> Adblock for example changes your fingerprint because you download a part
> from a website but other parts not, the server can recognize that.

That's true. Any spam filter, being a filtering proxy, an adblock–like
extension, even NoScript can leave some identifying data. Just because I
further customized AdBlock to hide more elements than the regular
subscription should somehow identify me to a certain set of sites.
Still, that is way harder to do than just probe for a fontlist,
extension list or plain screen resolution and locales.

My point is that I want to select my language and home server from a
list in the whole EU (for example) instead of having my browser give all
sort of information and make me autoredirected to a particular server
and language. Plain interaction should say a lot about the reader.
Having the browser collect data and push it to third parties is a bit
criminal.

> Sadly, if you do this as the only person, you stand out even more as
> with regular Firefox. If you hide everything, you are in the group of
> "people who hide everything" and if there are only a very few people in
> this group it's very easy to identity.

For a creative administrator. Most are happy with the data colected by
some third party counters. Only that I have no idea how to make my
browser spit up the information I want. Say Windows Vista 32bit on
Pentium III is the norm displayed on a 1024x768 screen. I don't want my
browser show Windows 7 64bit on a Pentium IV on a 1900x1200 screen.

> BUT, if many people were to use Tor-Browser-without-Tor and if you are
> on dynamic IP, that would even grant some privacy. And even some
> "anonymity" * within your IP range within the set of
> Tor-Browser-without-Tor users.

That's my thought. After all, people reaching Tor are somehow concerned
about their privacy. So this is a good place to start. Some also
complain about the slowness of going through Tor. So why not have a
group of people who use the benefits of the Tor mask without going
through Tor? It's worse than going through Tor. And, at the same time,
it's better than browsing with a regular browser.

> * For server's perspective: some anonymity.
> * From providers / hackers / law enforcement perspective: As soon as IP
> logs get deleted you also have some anonymity.

But they are not deleted. Mobile phone companies keep months and years
of all communication. So how difficult is to keep a list of connections
for ever? Sure, some claim they do clean after a minimum imposed by the
state. Yet, the list of liars is quite long.
 
> It would require a debate here, interested people and a campaign to get
> lots of users for it.

That would be a worthy quest. The problem is at the time I have no idea
from where to start. I'd like to have a browser „for the people”. Its
own unwillingness to volunteer with the user's data would make it
suspect. But I have hope that once more people see sites like browserspy
or extensions like collusion there are going to be more people willing
to switch. Sure, it would break yahoo and facebook. But you can have a
regular browser if you wish to pay the nice interface and unlimited
hosting with your demographics. And most browsers today do have a
portable version packed in a zip that does not require administrative
privileges to test and use.

> See Tor Browser and Tor Button design docs, Tor Browser / Button trac
> tickets, related discussion etc. There is much more which will be used
> for tracking.

I'm quite unskilled when it comes to this kind of programming /
patching.

> For your question it might be the easier to modify Tor Browser.

It seems so.