[tor-talk] Spoofing a browser profile to prevent fingerprinting
Seth David Schoen
schoen at eff.org
Tue Jul 29 21:28:09 UTC 2014
> Discussions of measured entropy and stuff are too abstract for me. Maybe
> someone can help me with a few simpleminded questions.
> About 2.2 million clients are using Tor these days. Let's say that I've
> toggled NoScript to block by default, and that I have a unique pattern
> of enabling particular scripts on particular sites. That is, I'm unique
> among all Tor users. In what ways does that put my Tor use at risk of
> being linked to IP addresses seen by my entry guards?
It means that if you go to site A today, and site B next week, the site
operators (or the exit node operators, or people spying on the network
links between the exit nodes and the sites) might realize that you're
the same person, even though you took mostly or completely separate paths
through the Tor network and were using Tor on totally different occasions.
There are several ways of looking at why this is a privacy problem.
One is just to say that there's less uncertainty about who you are,
because even if there are lots of site A users and lots of site B users,
there might not be that many people who use both. Another is that you
might have revealed something about your offline identity to one of the
sites (for example, some people log in to a Twitter account from Tor
just to hide their physical location, but put their real name into their
Twitter profile) but not to the other. If you told site A who you are,
now there's a possible path for site B to realize who you are, too, if
the sites or people spying on the sites cooperate sufficiently.
In terms of identifying your real-world IP address, it provides more
data points that people can try to feed into their observations. For
example, if someone is doing pretty course-grained monitoring ("who
was using Tor at all during this hour?") rather than fine-grained
monitoring ("exactly what times were packets sent into the Tor network,
and how many packets, and how big were they?"), having a link between
one time that you used Tor and another time that you used Tor would be
useful for eliminating some candidate users from the course-grained
For instance, suppose that you went to site A at 16:00 one day and to
site B at 20:00 the following day. If site A and site B (or people
spying on them) can realize that you're actually the same person through
browser fingerprinting methods, then if someone has an approximate
observation that you were using Tor at both of those times, it becomes
much more likely that you are the person in question who was using the
two sites. Whereas if the observations are taken separately (without
knowing whether the site A user and the site B user are the same person
or not), they could have less confirmatory power.
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-talk