[tor-talk] Spoofing a browser profile to prevent fingerprinting
vitteaymeric at gmail.com
Tue Jul 29 20:22:42 UTC 2014
Le 29/07/2014 19:19, OpenPGP a écrit :
> But I like the idea of fake domain(s) :)
> Wouldn't it be possible to implement by any way with TBB (as a part how-to in
> TBB web/blog ? ;)
In theory yes but you will then have a kind-of TBB fingerprint. It was
designed to have the Tor protocol inside browsers so they do the Onion
Proxy by themselves without the need of a local server, the browser
intercepts itself with the complicity of a server only passing
information related to the fake domain using SSL/TLS, the rationale for
this "self-interception" is that you can not tell to the browser "please
send everything you want to fetch through the Tor circuits I have set up
with the Tor network on websocket x", so the messages are going through
the normal socks proxy interface with the fake domain and coming back
through websockets (via socks proxy too) and then are redirected through
the websockets Tor circuits established with the ORs with the real
domain which is then protected by the Tor protocol.
For fingerprinting, in one word, you will have the one of a normal
browser, so likely to be unique but subject to change and be unique
again, but not a fingerprint that could be linked to the Tor Browser.
> Btw, am I right to suppose that for not to be fingerprintined when I am
> sometimes on some sites asked to allow the canvas, simply not allow to ?
>> On 07/29/2014 10:09 AM, OpenPGP wrote:
>>> Hi all,
>>> has anybody tried the solution mentioned in http://www.ianonym.com ?
>>> I'm just reading all the stuff and information but feel a bit lost :p how
>>> to set it al and use it ;)
>> My word, that is complicated!
>> But even so, if only a few use it with Tor, they probably stand out.
>> More generally, the greater the diversity of anonymization options, the
>> less anonymity there is :(
>>>> Aymeric Vittesal:
>>>> Or unless you use something like http://www.ianonym.com, it was designed
>>>> to defeat all forms of tracking/fingerprinting with the fake domain
>>>> concept and hide your destination even with https.
>>>> Since it takes control over the whole web page, the js interactions are
>>>> sandboxed with a script to "tame" the page, a prototype was working but
>>>> maybe it's a bit too complicate...
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the tor-talk