Most active commenters
  • monerozcash(7)
  • ekjhgkejhgk(7)

←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 16 comments | 12 Dec 25 12:35 UTC | HN request time: 0.011s | source | bottom
Show context
ekjhgkejhgk ◴[12 Dec 25 14:55 UTC] No.46244716[source]
OT on Tor:

Recently this link was on HN[1]. It ranks your browser on regular tracking and fingerprinting separately. "Tor without JS" was the only option I found to be completely fingerprint resistant. Even Tor "with JS on strict settings" ranked it as only "partly fingerprint resistant". (Interestingly firefox without JS never returns)

Scary stuff.

I'd like to hear other people's experiences/experiments here.

[1] https://coveryourtracks.eff.org/

replies(9): >>46244951 #>>46245164 #>>46245404 #>>46245460 #>>46245479 #>>46246168 #>>46246185 #>>46246384 #>>46248377 #
1. monerozcash ◴[12 Dec 25 16:08 UTC] No.46245460[source]
Regular OS X safari: Our tests indicate that you have strong protection against Web tracking.

>Your browser fingerprint has been randomized among the 378,837 tested in the past 45 days. Although sophisticated adversaries may still be able to track you to some extent, randomization provides a very strong protection against tracking companies trying to fingerprint your browser.

>Currently, we estimate that your browser has a fingerprint that conveys at least 18.53 bits of identifying information.

Anyway, this test doesn't really communicate the results very well. Yes, Tor browser stands out. No, it's not easy to differentiate between different Tor browser users via this kind of fingerprinting.

replies(2): >>46245685 #>>46245689 #
2. ekjhgkejhgk ◴[12 Dec 25 16:28 UTC] No.46245685[source]
Could you clarify if that's with or without JS?
replies(1): >>46245720 #
3. losvedir ◴[12 Dec 25 16:29 UTC] No.46245689[source]
Huh, I use a "stock" (I think?) MacOS Safari and got "Your browser has a nearly-unique fingerprint" and "Partial protection" for ads and invisible trackers.

Did you change a setting or add an ad blocker or something?

edit: I feel like someone with a username "monerozcash" must have some customization to your browsing experience, that maybe you don't even remember doing...

replies(2): >>46245716 #>>46250622 #
4. monerozcash ◴[12 Dec 25 16:31 UTC] No.46245716[source]
No, on this device literally the only customization I have is the RECAP browser extension. And even RECAP only runs on whitelisted websites.
replies(1): >>46246273 #
5. monerozcash ◴[12 Dec 25 16:31 UTC] No.46245720[source]
I have not disabled JS or made any other configuration changes on this device. Entirely stock Safari and entirely stock MacOS.
replies(1): >>46246477 #
6. Aerbil313 ◴[12 Dec 25 17:23 UTC] No.46246273{3}[source]
It’s probably precisely because his browser is not customized that it’s not easily fingerprintable, because stock Safari has privacy protections and users generally don’t change anything.

I got a very similar result on unmodified iOS Safari, randomized among 380k users and conveying 15.5 bits of information. I only have the Dark Reader extension.

replies(1): >>46247321 #
7. ekjhgkejhgk ◴[12 Dec 25 17:39 UTC] No.46246477{3}[source]
That's not really believable. I'm starting to think this website isn't very reliable.
replies(1): >>46246571 #
8. monerozcash ◴[12 Dec 25 17:48 UTC] No.46246571{4}[source]
No, it's believable. All this website is communicating to us that most MacOS Safari installs look the same.
replies(1): >>46247094 #
9. ekjhgkejhgk ◴[12 Dec 25 18:30 UTC] No.46247094{5}[source]
It's not "install" that matter here. If two people have the same "install" but their browser windows have different sizes, they'll be distinguishable. Or any perperty that can be queried via JS.

Let me rephrase it: you believe it, I don't believe.

replies(1): >>46247158 #
10. monerozcash ◴[12 Dec 25 18:35 UTC] No.46247158{6}[source]
Browser window size and timezone are basically the only identifying details the page gets besides the fact that I use Safari on MacOS

For window size only 1 in 380326.0 browsers has this value.

replies(1): >>46247259 #
11. ekjhgkejhgk ◴[12 Dec 25 18:45 UTC] No.46247259{7}[source]
For example, what does the section "time zone" and "time zone offset" read for you? You have JS on, so what did JS return on that point?

I'm downloading safari right now.

EDIT: just saw I need to download playonlinux or wine. Forget about it.

replies(1): >>46247867 #
12. ekjhgkejhgk ◴[12 Dec 25 18:51 UTC] No.46247321{4}[source]
I'm downloading safari right now.

EDIT: just saw I need to download playonlinux or wine. Forget about it.

13. monerozcash ◴[12 Dec 25 19:37 UTC] No.46247867{8}[source]
It gets my correct timezone.
replies(1): >>46248937 #
14. ekjhgkejhgk ◴[12 Dec 25 21:05 UTC] No.46248937{9}[source]
> For window size only 1 in 380326.0 browsers has this value.

Sorry, who concluded that this is fingerprintin resistant? Does the website tell you that, or was this your conclusion? Because my reading is with a number that small, you're almost uniquely identifiable. Is it possible you're misunderstanding what the report is showing?

Would you be assed to continue this conversation elsewhere? I'd like to get to the bottom of this?

replies(1): >>46249383 #
15. monerozcash ◴[12 Dec 25 21:45 UTC] No.46249383{10}[source]
That's the website output.

Those two values are the only ones returned by the browser which are useful for fingerprinting beyond "stock safari". Window size being the biggest part of that, but window size tends to change fairly regularly.

16. reshlo ◴[13 Dec 25 00:12 UTC] No.46250622[source]
The randomisation features were significantly improved in Safari 26. Is that the version you have?