Hello everybody, You know, there are some various methods of fingerprinting a browser. Plugins and plugin-provided information are still the most useful in uniquely identifying a browser, but there are also some other information that can be used to fingerprint a Tor user, like user agent, screen resolution, time zone, etc.
I think it can be helpful to spoof real browser profile to random temporary one. Each browser profile includes user-agent (browser name/version), platform (OS name/version), screen resolution, time zone (depends on country of an exit-relay, so, perhaps, mismatch of it can cause suspicion?). So, my suggestion is to generate random browser profile during each identity session, or randomly switch them after a chosen period of time has expired. By making this, some important info about users will be unreachable for an attacker and fingerprinting will be more difficult. Here's a link on open-source repository of Firefox add-one which code we can use for Tor Browser - https://github.com/dillbyrne/random-agent-spoofer Also I suggest to: - forbid HTML5 Canvas by default (http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf) - use only standard font set (can be used for fingerprinting) - set network.http.sendRefererHeader value "0" by default (allows sites to track referer, but some sites can be broken! add ability to switch on/off referer?) Let me know about your thoughts, Looking forward to hear from you, Pavel. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
