Weaknesses in this anonymity setup

Discussion in 'privacy technology' started by Ulysses_, Jan 10, 2014.

Thread Status:
Not open for further replies.
  1. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    To beat evercookies, it is suggested that one uses a live CD that is used by many people, such as tails.

    And to make it even harder to uniquely identify the browser PC, run the live CD in a vmware virtual machine so the hardware is identical to millions of others. And randomly change the virtual MAC address with a script in every power-up so even native execution (like ActiveX or trojans) is hopeless.

    And of course access the internet only through TOR, and do it via another PC that is set up as a gateway (non-TOR gateway) and firewall so that Flash and all active content is forced through TOR too.

    Are there weaknesses not accounted for in the above anonymity setup?

    Notice it is desirable to survive intrusions due to security holes in the browser or operating system. Is this achieved above?
     
    Last edited: Jan 10, 2014
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    If you would like to be anonymous, you would also have to disable most active content on webpages (scripts, trackers, even referrer). In theory you (as a user, not computer) could be identified by your browsing habits. Though, I don't know how probable that is.

    Regards, hqsec
     
  3. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    If one site only is visited per session, is the referrer problem solved?

    Why disable active content on webpages (scripts, trackers) if everything is erased in every reboot?

    What is the deal with browsing habits, what can be done about them? Surely they are not very unique, are they.
     
    Last edited: Jan 10, 2014
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    If user visits sites which don't have many daily visits, they could be "identified". Navigating from site with 100 daily visits to another site with another 100 daily visits on daily basis, would probably identify you. But that's just in theory. One site per session would probably solve the "problem".

    Regards, hqsec
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    Here is an old article, but IMO still valid: http://www.cryptogon.com/?p=762

    Regards, hqsec
     
  6. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Could also run several virtual machines simultaneously, all previously booted and with the browser started. You enter a link, browse the site, shut down the virtual machine and move on to the next virtual machine for the next site. Could tell TOR in the gateway to change IP too, with every change of virtual machine.

    Or is there some other behavioural pattern that is close enough to unique that an individual site can pick?
     
    Last edited: Jan 10, 2014
  7. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Could also try and persuade as many people as possible to do the same anti-tracking tactic, and at the same time run a wget spider to add low-entropy noise in the behavioural pattern seen by a single site.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    I guess it could work but that would be too paranoid for me :) Single site per session would be easier if such level of anonymity would be necessary. I think that your setup described in first post is more than enough, unless you really want to hide something from Big Brother :D

    Regards, hqsec
     
Loading...
Thread Status:
Not open for further replies.