TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏
Then fly through this paper and you will find all sorts of things you may have never come across.
• What is the purpose of getting a "New Identity," what does it do, how it is it different than closing and re-opening the browser?"
• What is WebGL, what does it do, is it disabled by disabling JavaScript?
• What is "Disk Avoidance" and that 'The User Agent MUST prevent all disk records of browser activity.'
• What are "Tor circuit and HTTP connection linkability"? And what does it mean that 'Tor circuits and HTTP connections from a third party in one URL bar origin MUST NOT be reused for that same third party in another URL bar origin.'
"After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today."
• "Websites MUST NOT be able to infer any information about the keyboard of a Tor Browser user."
We provide two Firefox patches that take care of spoofing KeyboardEvent.code and KeyboardEvent.keyCode by providing consensus (US-English-style) fake properties.
Keystroke Fingerprinting: "We clamp keyboard event resolution to 100ms with a Firefox patch."
• Plugins, are considered the to have the largest attack surface and have the ability to make arbitrary OS system calls and bypass proxy settings.
Plugins add to fingerprinting risk via two main vectors: their mere presence in window.navigator.plugins (because they are optional, end-user installed third party software), as well as their internal functionality.
Additionally, plugins are capable of extracting font lists, interface addresses, and other machine information that is beyond what the browser would normally provide to content. In addition, plugins can be used to store unique identifiers that are more difficult to clear than standard cookies. Beyond fingerprinting, plugins are also abysmal at obeying the proxy settings of the browser.
• No filters
Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.
Implementing filter-based blocking directly into the browser, such as done with Firefox' Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.
The Significant "New Identity" Feature, it's flaw and fix
What makes obtaining a New Identity so important?
The longer the same pseudonym is used, the higher the probability that mistakes are made which reveal the user's identity. Once this occurs, an adversary can go back and link all activity related to the pseudonym. As a precaution, regularly create new identities and stop using old ones.
Tor periodically creates new circuits. When a circuit is used it becomes dirty, and after ten minutes new connections will not use it. When all of the connections using an expired circuit are done the circuit is closed.
The other thing that New Identity does is tries to “close all remaining HTTP keep-alive connections”.
The "New Identity" feature and how it discards application-level browser data.
What is difficult to track down is that there is a fundamental flaw in the New Identity feature and it's only current resolution is in using using a Whonix-Workstation Disposable. To completely separate distinct activities, shut down the Disposable and create a new one between sessions (Whonix-WS dispVM) via QubesOS ensuring you of a new IP and circuitry.
Even with “New Identity”, your IP address might stay the same. Nodes in circuits are chosen randomly. (Selection is weighted by a way-too-complex function of capacity, roles, etc, but it's still a random selection.) That means that every once in a while a new circuit will exit from the same node as your last circuit did. [Do understand that getting a New Identity places a lot of stress on the Tor network.] The fix:
Whonix-Workstation Disposables: One of the safest configurations is to assume future compromise and run all instances of Tor Browser in an uncustomized Whonix-Workstation Disposable in Qubes-Whonix. This configuration creates fresh Whonix-Workstation and Tor Browser instances for discrete Internet activities, while ensuring that previous, potentially compromised versions of both are destroyed.
Then fly through this paper and you will find all sorts of things you may have never come across.
• What is the purpose of getting a "New Identity," what does it do, how it is it different than closing and re-opening the browser?"
• What is WebGL, what does it do, is it disabled by disabling JavaScript?
• What is "Disk Avoidance" and that 'The User Agent MUST prevent all disk records of browser activity.'
• What are "Tor circuit and HTTP connection linkability"? And what does it mean that 'Tor circuits and HTTP connections from a third party in one URL bar origin MUST NOT be reused for that same third party in another URL bar origin.'
"After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today."
• "Websites MUST NOT be able to infer any information about the keyboard of a Tor Browser user."
We provide two Firefox patches that take care of spoofing KeyboardEvent.code and KeyboardEvent.keyCode by providing consensus (US-English-style) fake properties.
Keystroke Fingerprinting: "We clamp keyboard event resolution to 100ms with a Firefox patch."
• Plugins, are considered the to have the largest attack surface and have the ability to make arbitrary OS system calls and bypass proxy settings.
Plugins add to fingerprinting risk via two main vectors: their mere presence in window.navigator.plugins (because they are optional, end-user installed third party software), as well as their internal functionality.
Additionally, plugins are capable of extracting font lists, interface addresses, and other machine information that is beyond what the browser would normally provide to content. In addition, plugins can be used to store unique identifiers that are more difficult to clear than standard cookies. Beyond fingerprinting, plugins are also abysmal at obeying the proxy settings of the browser.
• No filters
Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.
Implementing filter-based blocking directly into the browser, such as done with Firefox' Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.
The Significant "New Identity" Feature, it's flaw and fix
What makes obtaining a New Identity so important?
The longer the same pseudonym is used, the higher the probability that mistakes are made which reveal the user's identity. Once this occurs, an adversary can go back and link all activity related to the pseudonym. As a precaution, regularly create new identities and stop using old ones.
Tor periodically creates new circuits. When a circuit is used it becomes dirty, and after ten minutes new connections will not use it. When all of the connections using an expired circuit are done the circuit is closed.
The other thing that New Identity does is tries to “close all remaining HTTP keep-alive connections”.
The "New Identity" feature and how it discards application-level browser data.
What is difficult to track down is that there is a fundamental flaw in the New Identity feature and it's only current resolution is in using using a Whonix-Workstation Disposable. To completely separate distinct activities, shut down the Disposable and create a new one between sessions (Whonix-WS dispVM) via QubesOS ensuring you of a new IP and circuitry.
Even with “New Identity”, your IP address might stay the same. Nodes in circuits are chosen randomly. (Selection is weighted by a way-too-complex function of capacity, roles, etc, but it's still a random selection.) That means that every once in a while a new circuit will exit from the same node as your last circuit did. [Do understand that getting a New Identity places a lot of stress on the Tor network.] The fix:
Whonix-Workstation Disposables: One of the safest configurations is to assume future compromise and run all instances of Tor Browser in an uncustomized Whonix-Workstation Disposable in Qubes-Whonix. This configuration creates fresh Whonix-Workstation and Tor Browser instances for discrete Internet activities, while ensuring that previous, potentially compromised versions of both are destroyed.