[tor-talk] Making TBB undetectable!

Spencer spencerone at openmailbox.org
Thu Oct 1 17:07:39 UTC 2015 

Hi,

>> 
>> behnaz Shirazi:
>> a Tor user who temporarily use a natural
>> fingerprint to become undetectable for a while won't deanonymize
>> itself nor the rest of other Tor users who use a detectable version of
>> TBB because when a natural fingerprint is used once then there will be
>> no enough information available for data miners to link pseudonyms for
>> deanonymization,
>> 

Is a 'Natural Fingerprint' like a clearnet fingerprint, in that it 
identifies you as a regular, non-tor, internet user, making you part of 
the larger herd?

>> 
>> and for sure Tor users who need undetectability won't
>> use the undetectablizer Add-on all the time hence detectable TBB users
>> won't become unique.
>> 

I see this as a blocker, as this add-on is most likely detectable, yeah? 
  If not, how, in the same, less, or maybe a bit more, amount of 
resources do you feel this could be accomplished?  Manually, this 
becomes quite the task as time progresses.  Is this something that would 
be added to a mail [something], like OpenPGP or TorBirdy are, because I 
feel like this would be detectable somehow, too.

> 
> Ben Tasker:
> Used once, sure. But over time, it's likely going to get used more than
> once,
> 

This seems to be part of the design, as one-of-a-kind fingerprints, 
through Tor exits or not, are detectable, though probably not 
identifiable.

> 
> unless you're planning on inserting some sort of randomisation to try
> and prevent that (by making some aspect different each session),
> 

Randomization, or some one click equivalent, is the only real option 
here when usability is considered; the manual effort each session is 
undesirable at the very least :)

> 
> using "UnidentifiableMode"
> 

'UnidentifiableMode' sounds like a good working name for such a feature.

> 
> Making something "Undetectable"
> is very, very hard as your margin for error is 0 (because 0.01 gives
> something that someone could use to make it identifiable). Making 
> something
> common so you can blend into the crowd makes it easier to avoid
> (potentially) costly mistakes.
> 

Making people blend into the crowd of regular internet users is best but 
only if we resolve the traffic source; i.e., Tor exits.

> 
> Blending into the crowd is not without it's value.
> 

But surely some of these fingerprints will be shared by real users.  So, 
it seems like a reasonable request, should we resolve the usability and 
*traffic issues.

Wordlife,
Spencer

More information about the tor-talk mailing list