[tor-talk] Spoofing a browser profile to prevent fingerprinting

Aymeric Vitte vitteaymeric at gmail.com
Tue Jul 29 20:22:42 UTC 2014

Le 29/07/2014 19:19, OpenPGP a écrit :
> But I like the idea of fake domain(s) :)
> Wouldn't it be possible to implement by any way with TBB (as a part how-to in
> TBB web/blog ? ;)

In theory yes but you will then have a kind-of TBB fingerprint. It was 
designed to have the Tor protocol inside browsers so they do the Onion 
Proxy by themselves without the need of a local server, the browser 
intercepts itself with the complicity of a server only passing 
information related to the fake domain using SSL/TLS, the rationale for 
this "self-interception" is that you can not tell to the browser "please 
send everything you want to fetch through the Tor circuits I have set up 
with the Tor network on websocket x", so the messages are going through 
the normal socks proxy interface with the fake domain and coming back 
through websockets (via socks proxy too) and then are redirected through 
the websockets Tor circuits established with the ORs with the real 
domain which is then protected by the Tor protocol.

For fingerprinting, in one word, you will have the one of a normal 
browser, so likely to be unique but subject to change and be unique 
again, but not a fingerprint that could be linked to the Tor Browser.

> Btw, am I right to suppose that for not to be fingerprintined when I am
> sometimes on some sites asked to allow the canvas, simply not allow to ?
> Thanks.
>> Mirimir:
>> On 07/29/2014 10:09 AM, OpenPGP wrote:
>>> Hi all,
>>> has anybody tried the solution mentioned in http://www.ianonym.com ?
>>> I'm just reading all the stuff and information but feel a bit lost :p how
>>> to set it al and use it ;)
>> My word, that is complicated!
>> But even so, if only a few use it with Tor, they probably stand out.
>> More generally, the greater the diversity of anonymization options, the
>> less anonymity there is :(
>>>> Aymeric Vittesal:
>>>> ...
>>>> Or unless you use something like http://www.ianonym.com, it was designed
>>>> to defeat all forms of tracking/fingerprinting with the fake domain
>>>> concept and hide your destination even with https.
>>>> Since it takes control over the whole web page, the js interactions are
>>>> sandboxed with a script to "tame" the page, a prototype was working but
>>>> maybe it's a bit too complicate...
>>>> Regards
> ?
> ______________________________
> http://www.openpgp.org
> https://www.gnupg.org
> __________________________________________________________________________________

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list