Reply to post:

It's not just your browser: Your machine can be fingerprinted easily

Anonymous Coward
Anonymous Coward

"The TorBrowser bundle sets NoScript to enable Javascript by default, because if you disable it by default then you'll probably have to enable it for certain sites, and what sites you've allowed javascript for would become a browser fingerprint of the type they're talking about. That decision was made years ago because it's a problem that's been well understood for a long time."

Any TOR site that needs JavaScript is likely REALLY using it for fingerprinting (the NSA used this trick, remember, and they got you nailed down to the MAC) and to be avoided in any event. NoScript should really deny by default and prevent you from selectively enabling on the grounds they're probably trying to get tells on you.

The news is that they've been able to reliably fingerprint you by using nothing more than basic WWW callbacks: things basically needed, say, for formatting purposes (visited links, too-large or too-small elements, etc.) or things break. Basically, the metadata needed to make the WWW work smoothly and efficiently is ALSO, inherently, extremely valuable de-anonymizing information. It's like the return address you put on an envelope. Put it on, and people can find out about you whether you like it or not, but if you don't, and things go wrong, there's no way to backtrack and do a Return to Sender or the like.

The TL;DR version: if you want to do practical business anywhere, you're going to have to leave traces in case of problems, but those traces can be used against you. The price of society, basically.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019