Jasper Weiss: > > > On Thursday, June 9, 2016 at 3:49:55 PM UTC+2, entr0py wrote: >> >> More importantly, Tor Browser will only make you "anonymous" relative to >> other Tor Browser users, not relative to the general population as a whole. >> A browser width of 1000 if likely *unique* to Tor Browser since many >> websites these days will use 1200+ pixels to draw optimally, and any >> "normal" user would expand the width of their browser. >> > > I know, but since there are so many Tor users that's a large group to hide > in. My laptop for example has a more obscure screen resolution of 1366x768. > So it makes sense to use a default that may be unique to the Tor browser, > but *is* the same among all Tor browsers. >
The point of my previous post was that Tor Browser resolution is *not* the same among all Tor Browsers. The reason your Tor Browser defaults to 1000x600 at startup is precisely because your screen resolution is 1366x768 (my first guess was 1280x720 but that might drop you to 1000x500). 1000 is the max width and 600 is the max vertical your screen resolution supports (when you take into account taskbars, menu bars, tab bars, etc.) One guy turned his 1920x1200 monitor sideways, which basically meant he was using a unique browser. Even more dangerous is the fact that you can resize your Tor Browser to any unique value that you want (fix in progress: https://trac.torproject.org/projects/tor/ticket/14429). As long as https://github.com/QubesOS/qubes-issues/issues/1856 still produces multiples of 200x100 screens, then it's more of an annoyance rather than a catastrophic bug. Instead of being lumped together with the Tor Browser users you were expecting, you're be grouped with other Tor Browser users instead. (Still useful to know why it happens though.) > > Of course it would be so much easier if one could just have an 'insider > look' at the NSA so we know exactly what they're using to track Tor users > :) Passive timing correlation seems somewhat far fedged to me since nodes > are scattered across the globe. hacking into the endpoint seems most > plausible but that doesn't work so well on Whonix.. > Not that far-fetched - it's the motivation behind persistent entry guards. Nodes may be scattered across the globe but your packets are being streamed through one circuit at a time - each packet doesn't route randomly all over the world. The packets in each of your streams can be correlated. Also, no one needs to hack into your machine. While you may have your machine locked down and airtight, do you share the same confidence about your ISP? Your ISP is one of your endpoints too :) (They might even be a cooperative endpoint.) ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5759C06F.9070603%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
