I don't think you can reliably tell without information from the network; indeed, to the extent that you can tell *at all* without information from the network, I would expect that to be considered a bug.
The tactic that occurs to me is, have the investigative media website's server stick a marker of some sort into its webpages whenever it is being accessed from a Tor exit. That would avoid needing to load an additional network resource. However, I don't think I understand your threat model. Who observes the whistleblower, from where, and why wouldn't they just red-flag *all* use of Tor? On Sat, Feb 7, 2015 at 7:59 AM, Fabio Pietrosanti (naif) - lists <li...@infosecurity.ch> wrote: > Hi all, > > we're introducing client-side checking if a user it's on Tor or not on > the GlobaLeaks Javascript client. > > As far as i understood since some time ago, the right way to do it was > to detect a TBB user with some fingerprinting technique, however those > are going to disappear/being avoided/fixed right? > > So, the TorButton approach is to load > https://check.torproject.org/?TorButton=true . > > However we're looking for a way that enable to check if we are on Tor > without having to load a network resource. > > That's very important because there are use-case of GlobaLeaks where the > application is being "integrated" into investigative media website (that > are under HTTPS) and the Whistleblower is given "some plausible > deniability" regarding the fact he's leaking something or visiting a news. > > For that reason, we cannot check if a user it's on Tor by loading an > external network resource such as > https://check.torproject.org/?TorButton=true because it would destroy > the plausible deniability things. > > There's a right way to detect if a user it's on Tor, from a Browser, > without loading an external network resource? > > -- > Fabio Pietrosanti (naif) > HERMES - Center for Transparency and Digital Human Rights > http://logioshermes.org - https://globaleaks.org - https://tor2web.org - > https://ahmia.fi > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev