[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Making TBB undetectable!



Randomization, or some one click equivalent, is the only real option here when usability is considered; the manual effort each session is undesirable at the very least :)

The problem you have there, is what to randomize, and how to do it in such a way that it does not itself become identifiable. 

To use an example, think about when you run cover traffic (whether over Tor or a VPN), the initial temptation is to have random levels of data travelling over the link. The problem there being it's not a 'natural' looking flow of data when you analyse it. So when you use the link, your natural usage is identifiable in the analysis.

So you go for something more 'natural', but natural's hard to fake, so your cover traffic has an identifiable set of patterns, meaning on analysis you can discount it and still tell when the tunnel is being used for real traffic.


When we're talking about making the browser unidentifiable as TBB, the very act of having something in the fingerprint that changes to prevent correlation between sessions provides an avenue by which it can be identified as TBB:

Let's say you override reported screen width so it lies, and then use TBB to sign in to (sake of example) Facebook. Every time you start a new session and sign in to Facebook, your screen size is going to be different. That's very unusual. User's screen sizes will change from time to time (because they're in a window rather than full-screen, or on a laptop instead of a PC) but to be different every time? 

What about if you're signed in to FB in one tab, and browsing news in another. The news page has a Like button on it, and Facebook get a completely different screen size reported. You might just have the news on fullscreen, and FB windowed, but again, for it to happen every time is an unusual pattern.

A bit of research would soon tell them you're using TBB even if they hadn't thought to see if the traffic was coming from an exit node.



Making people blend into the crowd of regular internet users is best but only if we resolve the traffic source; i.e., Tor exits.

That's quite an issue to solve though. Even if we assume that the IP's of tor nodes weren't being published anymore, analysis of traffic patterns on a busy site would likely soon let you work out the IP's of some exits. 

Granted, you wouldn't immediately know whether those sources were Tor exits or simply proxies being used by multiple users, but finding out wouldn't be impossible. A determined adversary wanting to map out Tor exits could simply initiate a lot of connections via Tor and keep a record of where the other end (under their control) sees connections come from. 

Not as accurate as downloading the relay list, but depending on your aims you wouldn't need 100% coverage, so in the absence of the list it'd probably do. It raises the cost of identifying Tor exits, but only so long as the resulting list isn't then published (and kept up to date).

As others have said though, the aim isn't to hide that you're using Tor from your destination, and successfully doing so would (IMO) be a pretty non-trivial task



On Thu, Oct 1, 2015 at 6:07 PM, Spencer <spencerone@openmailbox.org> wrote:
Hi,


behnaz Shirazi:
a Tor user who temporarily use a natural
fingerprint to become undetectable for a while won't deanonymize
itself nor the rest of other Tor users who use a detectable version of
TBB because when a natural fingerprint is used once then there will be
no enough information available for data miners to link pseudonyms for
deanonymization,


Is a 'Natural Fingerprint' like a clearnet fingerprint, in that it identifies you as a regular, non-tor, internet user, making you part of the larger herd?


and for sure Tor users who need undetectability won't
use the undetectablizer Add-on all the time hence detectable TBB users
won't become unique.


I see this as a blocker, as this add-on is most likely detectable, yeah?  If not, how, in the same, less, or maybe a bit more, amount of resources do you feel this could be accomplished?  Manually, this becomes quite the task as time progresses.  Is this something that would be added to a mail [something], like OpenPGP or TorBirdy are, because I feel like this would be detectable somehow, too.


Ben Tasker:
Used once, sure. But over time, it's likely going to get used more than
once,


This seems to be part of the design, as one-of-a-kind fingerprints, through Tor exits or not, are detectable, though probably not identifiable.


unless you're planning on inserting some sort of randomisation to try
and prevent that (by making some aspect different each session),


Randomization, or some one click equivalent, is the only real option here when usability is considered; the manual effort each session is undesirable at the very least :)


using "UnidentifiableMode"


'UnidentifiableMode' sounds like a good working name for such a feature.


Making something "Undetectable"
is very, very hard as your margin for error is 0 (because 0.01 gives
something that someone could use to make it identifiable). Making something
common so you can blend into the crowd makes it easier to avoid
(potentially) costly mistakes.


Making people blend into the crowd of regular internet users is best but only if we resolve the traffic source; i.e., Tor exits.


Blending into the crowd is not without it's value.


But surely some of these fingerprints will be shared by real users.  So, it seems like a reasonable request, should we resolve the usability and *traffic issues.

Wordlife,
Spencer


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



--