Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#9501 closed enhancement (not a bug)

Reduce TorBrowser's fingerprint by making the user agent string blend into the crowd

Reported by: DC Owned by: mikeperry
Priority: Medium Milestone:
Component: TorBrowserButton Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I have a suggestion. In my humble opinion, I think it's brilliant:

To reduce TorBrowser's fingerprint, change the UA string to match whichever Firefox UA string is most frequently seen in the wild. You could get that information from the EFF's Panopticlick project.

So basically, take the ~ 3 million browser fingerprints in Panopticlick. Grab UA's that match "Firefox" and pick whichever one is most common. The result probably looks somewhat like this:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0

Use that exactly as TorBrowser's UA string... Basically, lie. Pick the UA string that will most make TorBrowser blend into the crowd and produce the least unique fingerprint.

The reason I say to search for "Firefox" instead of just picking the most popular string (probably some version of Chrome) is that a Firefox browser pretending to be Chrome might stand out and inadvertently have a very unique fingerprint.

Child Tickets

Change History (7)

comment:1 in reply to:  description Changed 7 years ago by DC

Replying to DC:

A possibly even better idea is for TorButton to have a list of the 10 - 100 most common UA strings for Firefox and have it randomly pick a different string every once in a while. If the UA is selected with a probability distribution that matches the actual frequency of these UAs in the wild, TorBrowser could be blending into a sizeable crowd of Firefox users. Then perhaps have TorButton download a new list once a year or something like that.

comment:2 Changed 7 years ago by lunar

Resolution: implemented
Status: newclosed
Version: Tor: unspecified

The Tor Browser already sets a common user agent string. See the extensions.torbutton.useragent_override property. It is manually updated to match the current ESR.

comment:3 Changed 7 years ago by DC

Resolution: implemented
Status: closedreopened

Wait... Huh? Why is this marked as "implemented"? The feature requested is *NOT* implemented. If you think that this is a BAD idea and that you prefer to set a common user agent string, then you should mark the feature as "will not implement".

Current implementation: Fixed, manually updated UA string to matches the current ESR.

Proposed implementation: Dynamically selected UA string from a list for each page load.

These are not the same feature in the slightest. Please re-read the issue. If you think that the issue is a bad idea, mark the issue as "will not implement" and preferably explain briefly why you think that the current implementation provides more privacy than a randomly selected, dynamically changing UA string.

comment:4 Changed 7 years ago by lunar

Sorry if I misunderstood you. I fail to see what would be the benefit given Tor threat model: the ideal is to make all users of the Tor Browser Bundle belong to only one anonymity set. This is currently the case. Changing the UA on every page load will not hide the fact that the IP address belongs to a Tor exit node. What would be gained with your proposal?

comment:5 Changed 7 years ago by mikeperry

Resolution: not a bug
Status: reopenedclosed

comment:6 Changed 7 years ago by DC

Ok. I guess if people are willing to check whether you are coming from a Tor IP address then this would not add any additional protection. But I don't imagine that most websites actually do that. Do you really think that many websites actually check to see if you are coming from a Tor address while fingerprinting you? If that is the case, then using Tor Browser could ironically give you a very unique fingerprint.

comment:7 Changed 7 years ago by lunar

The Tor Browser has a unique fingerprint, this is unavoidable as long as other browsers don't care about privacy issues. But ideally it should be the very same on every different computers it is used so that we all belong in one anonymity set.

Note: See TracTickets for help on using tickets.