[tor-talk] Spoofing a browser profile to prevent fingerprinting

Ben Bailess ben.bailess at gmail.com
Tue Jul 29 05:16:31 UTC 2014

There are some built-in protections in TBB that keep honored requests for
known fingerprinting data to a minimum, so the TBB does not function like a
normal browser in this instance.

It most notably limits the high entropy factors -- responses for fonts and
plugin microversions. And as long as you obey the nice Tor devs and don't
install any additional plugins, then plugin microversions won't be
unique/identifiable either. So enabling JS really isn't quite as big of a
step out into the light as it would be in say Chromium or Firefox, which
has no protections against HTML5 canvas fingerprinting (or anything by
default) for instance.

So if allowing at least some JavaScipt is inevitable, then I think the Tor
devs have the right idea -- assume that some use of JS is a foregone
conclusion and protect the users from the additional exposure to
fingerprinting in a way that makes them all look as similar as possible.

If the user prefers to have more privacy / security by forsaking some
anonymity by disabling JavaScript and thereby making him/herself
identifiable as a smaller subset of overall Tor Browser users, that's
his/her option. But in that instance, said user should probably be using
Tails to remedy those sorts of problems since Tails addresses even more
fingerprinting issues.

All the best,


On Mon, Jul 28, 2014 at 8:10 PM, Joe Btfsplk <joebtfsplk at gmx.com> wrote:

> On 7/28/2014 3:34 PM, Craw wrote:
>> Hash: SHA1
>> Thank you for your answer!
>> I've just thought a bit about various methods to prevent
>> fingerprinting browser profile (incl. UA/screen resolution/time
>> zone/fonts/etc.), and here is two ways I've found:
>> a) all tor-users have the same browser profile
>> b) all tor-users have random temporary browser profile
>> In my opinion our current strategy to reduce among all tor-users
>> fingerprintable differences is correct. In such case the only that can
>>   an attacker do to determine one user from other is their Tor IP
>> address, but if you will often change between them it becomes
>> impossible for the attacker.
>> And for variant b), it's much easier to do. A lot of users connect to
>> web-sites from one exit-relay and have the same Tor IP address, but
>> different profiles. So even if you will randomly generate new profile
>> every minute, you have your unique profile so the attacker can easily
>> determine: this actions made by different users. In contrary, when
>> everybody has the same profile, it's much harder to do.
>>  This is all interesting, but I'm still concerned that the use / non use
> / intermittent use of java script still stares TBB users in the face.
> And it seems like the family secret no one wants to discuss.
> As outlined in the TBB FAQ, there are distinct drawbacks - no matter how
> js is approached.
> Whether it's always allowed, (almost) never allowed, or configured per
> site - all 3 have distinct cons.
> One problem is, there's no "ruling" from Tor devs.  One reason for that is
> disabling it breaks lots of sites.
> But unless the MUCH greater amount of fingerprinting data that's available
> when JS * IS * enabled is not enough to be concerned about (I can't imagine
> that), then it may not matter how well * some *other data are concealed.
> Plus, unless you go to only a few sites that require no JS, you have to
> turn it on - at least some.
> But, enabling JS allows sites to get FAR more info & allows trackers to
> compare that fingerprint to other sites you visit (unless you change the
> fingerprint between each site).
> And supposedly leaving JS off (if possible) distinguishes you from other
> TBB users that leave NoScript at the default setting.
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list