Changes between Version 536 and Version 537 of doc/TorifyHOWTO


Ignore:
Timestamp:
Mar 7, 2016, 5:37:24 PM (20 months ago)
Author:
cypherpunks
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO

    v536 v537  
    4242
    4343Public available research and circumvention of this threat is rare:
    44  * [http://events.ccc.de/congress/2011/Fahrplan/events/4781.en.html Deceiving Authorship Detection]
     44 * [https://events.ccc.de/congress/2011/Fahrplan/events/4781.en.html Deceiving Authorship Detection]
    4545 * [http://7jguhsfwruviatqe.onion/index.php/Anonymous_Writing_Style Anonymous Writing Style] (academic background dubious, not sure if that is a complete solution)
    4646 * [https://psal.cs.drexel.edu/index.php/Main_Page Privacy, Security and Automation Lab]
     
    6363 * Location privacy: your location remains secret.
    6464
    65 === mode(2): user knows recipient; both use Tor ===
     65=== mode(2): user and recipient know each other; both use Tor ===
    6666 * Scenario: both sender and recipient know each other and both use Tor.
    6767 * They can communicate with each other without any third party being wise to their activity or even the the knowledge that they are communicating with each other.
    68  * You are NOT anonymous.
     68 * You are NOT anonymous, but can be pseudonymous.
    6969 * Your real IP stays hidden.
    7070 * Location privacy: your location remains secret.
     
    101101Ubuntu software updates are vulnerable against [https://bugs.launchpad.net/launchpad/+bug/716535 "stale-proxy" attacks]. The exit node or exit node's ISP could prevent you from seeing new updates. To circumvent this, switch your identity after trying to update and check for updates again.
    102102
    103 == License keys ==
    104 Be very careful when using commercial software. If you bought a license file or serial number it will be often transmitted when you use the software. If you bought or paid over non-anonymous channels, it might lead back to you.
     103== Software identifiers ==
     104Be very careful when using any software, especially proprietary (s.a freeware and commercial). If you bought a license file or serial number it will be often transmitted when you use the software. If you bought or paid over non-anonymous channels, it might lead back to you. If you opened this software without Tor, it may have sent its identifier, if you open it again with Torification, it may send the same or linked identifier over Tor and you will be deanonymized. Even FOSS can send such identifiers, for example Firefox and Chromium. Some software (especially the one with DRM) derives identifiers from hardware and/or environment, so even completely separate installation in completely separate OS may deanonimize you. For example, general purpose web browsers add into useragent the version of OS and system architecture. It is possible to explicitly or steganographically insert identifiers into documents to be able track and sue users creating content with unlicensed copies of software. Even if you use FOSS, your environment can be fingerprintable by content you create, for example if you create an image with text in GIMP, it can be possible to fingerprint your environment the same way it is done in canvas fingerprinting.  Don't send error reports: they often include information about hardware, for example TAILS includes identifiers of BIOS and mainboard into its WhisperBack report by default. Some software discloses its version to server, if you use obsolete enough software your anonymity set will be smaller than if you used one of the recent versions.
    105105
    106106== Getting from key/fingerprint form many different Tor exits ==