New ways to fingerprint Tor Browser users discovered

Discussion in 'privacy technology' started by ronjor, Mar 11, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
     
  2. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Unfortunately there are still probably sites/pages out there that "need" JavaScript enabled to work.

    JavaScript really should go the way of the dodo.
    Like Java browser plugin has done and soon, hopefully, flash plugin will follow.

    Correct me if Im wrong but simple animations, dropdown menus, and fade-in-out effects have been possible long time with CSS. Simple form handling does not really need JavaScript, php will work just fine.

    So what is left that really needs client side scripting?
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    In "Privacy and Security Settings", set "Security Level" to "High".

    This is yet another reason to avoid running Tor browser together with other browsers in the same system.
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    It's yet another reason for avoiding the presumption that you can achieve very high levels of anonymity in an interactive user-interface application. I don't think it can be done.

    If I wanted that, I'd be doing programmatic web gets from the site, with no javascript, no browser rendering, and randomised response times. Of course, this would lose important functionality, and make the experience fairly poor, but would avoid a whole host of extremely hard-to-avoid attacks.

    Better yet, would be transacting on a messaging basis with medium latency, but I think this would only work for certain messaging applications, or structured marketplace applications.
     
Loading...