[tor-talk] New methods / research to detect add-ons?
Spencer
spencerone at openmailbox.org
Tue Sep 29 16:22:53 UTC 2015
Hi,
>
> aka:
> Every add-on installed/not installed gives you one more bit of
> detection.
>
> If [x] records you visiting an internet forum via TBB and
> leaking something and detect another visitor with the same 3 bits set
> looking for a train schedule, they can verify with a high confidence
> you posted that message and live in that area.
> That's why it's important that every TBB installation has the same
> Http-Header values and same add-ons.
>
With this logic, TorBrowser users could select a unique set of add-ons
each session, correct?
>
> You don't need any studies, it's simple common knowledge.
>
I second the request for some documented research, even if we do it
ourselves. The first thought I had was a way for people to verify their
identity by seeing their fingerprint by visiting a website, or something
close to what others might be looking for, though this could also be an
off-line thing.
Wordlife,
Spencer
> pacifica at riseup.net wrote:
>> Hello afternoon / evening / morning tor-talk -- I am hoping that
>> someone
>> can point me in the right direction. I know it is well-discussed that
>> adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
>> but I would like to review the studies myself. I'm having trouble
>> finding credible research where detection of add-ons has resulting in
>> a
>> significant decrease in anonymity... can someone please point me to
>> those resources?
>>
>> To be explicit, I am not concerned with "plug-ins" like Java or Flash,
>> but rather "add-ons" like HTTPS everywhere or Privacy Badger.
>>
>> Thanks in advance.
>>
>> pacifica
More information about the tor-talk
mailing list