Yeah, there are a lot of tracking threats that work separately from attacks that observe the network traffic, which is what Tor protects. That's why it is important to look at the whole problem, and to use software that takes that into account. Deanonymization via WebGL and javascript profiling is also difficult to stop, without just disabling WebGL and javascript.
Things like Tor Browser, Orweb, ChatSecure, FDroid, etc. take this into account in their design. Orweb is currently not nearly as good as Tor Browser at protecting anonymity because of limitations in the Android frameworks that Orweb relies on. That's why we are pushing ahead with "Orfox", which is basically a version of Tor Browser/Firefox for Android. .hc PaulD: > I have reason to believe that it is possible to deanonymize an orbot > user using the verizon supercookie. Possibly other "supercookies" as well. > > Provided that: > (a) the phone is communicating on mobile data, not wifi > (b) user visits an http page (not https) > (c) no other anonymity tools such as vpns stand in the way. > > Unclear whether root permissions matter. My phone is NOT rooted. > > My sample size is really small. just my phone. With that said, it seems > that it is possible to deanonymize a pretty big chunk of tor users, > without serious effort. > > The bottom line is that I visited the "do you have the verizon > Supercookie" website with orweb, and it appears that I do. > > http://lessonslearned.org/sniff > > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
