Page 1 of 1

ip-check.info some false values and confuses TBB users

Posted: Fri Feb 01, 2013 13:54
by proper
I appreciate your efforts to support Tor and TBB users on ip-check.info, but I think at the moment you from perspective of a TBB user many things should be changed.

Cookies
-------

When you start with the Cookies attribute and move with the mouse over it, recommends "Use JonDoFox"

"or generally block cookies and allow them for single websites, if needed."

"The very last thing you should do is let your browser automatically delete all cookies on closing."

TBB already does that. No need to recommend it.

Cache (E-Tags)
--------------

TBB cache implementation is in TBB design:
https://www.torproject.org/projects/torbrowser/design/

Are you sure this deserves a bad?

HTTP session
------------

"Recommended: Use JonDonym or Tor in order to fix this Problem. Tor keeps a session for 10 minutes only. JonDonym is even completely stateless, if you switch off proxy-connection keep-alive in your browser."

Why recommend using Tor to a Tor user?

Referer
-------

"Recommended: The referrer should be set to the current domain if you move to another website. It should remain unchanged as long as you move within the same website."

"Firefox: Torbutton does currently not support any referer anonymization. Or, for a partial solution: Install the add-on RefControl. Set default to: block, for links to other domains only."

Wouldn't that make the few users doing so more fingerprintable because most TBB users don't block the referer?

Related:
https://trac.torproject.org/projects/tor/ticket/3809
https://trac.torproject.org/projects/tor/ticket/4783

Do-Not-Track
------------

"[...] we recommend this setting [...]"

This isn't a good idea. Too few people will do so and those who do get in fact more fingerprintable.

Tab name
--------

"Recommended: The name of the current tab should be deleted once you are surfing to a new website domain."

"Firefox: Use the JonDoFox or Torbutton profile."

Yes, but I actually was already using the default TBB profile. So why is recommend to use something I am already using?

System
------
System information is uniform among all TBB users, which is fine. So you probable should outline, that the system fake value is good (green).

The time issue however

Footer
------

"Important hint: We do not show any fakes here. Any arbitrary web page may get all the data you see on this page from your browser. If you are not happy with the results, please install Torbutton and use it in its default configuration with JavaScript disabled."

Torbutton standalone (installing) is deprecated. TBB is now recommend by The Tor Project.

And I got these results while I actually was already using TBB in default settings.

Default settings with javascript disabled is a bit misleading, because in TBB javascript is enabled by default. If you want to recommend disabling JavaScript you could rephrase it: "If you are not happy with the results, please use the Tor Browser Bundle, disable JavaScript and don't change any other settings."

Perhaps related:
https://lists.torproject.org/pipermail/ ... 24224.html

Re: ip-check.info some false values and confuses TBB users

Posted: Tue Feb 12, 2013 15:12
by jondos
Thank you for your suggestions! We have meanwhile included some of them in the test and are working on the rest.

Re: ip-check.info some false values and confuses TBB users

Posted: Fri Feb 22, 2013 19:29
by proper
It's getting worse with the latest version of TBB.
https://blog.torproject.org/blog/new-to ... ox-1703esr

"Recommendation: Use the preconfigured, free and open source Torbrowser default profile in its current version in order to get the maximum browser privacy."

But, I am already using the default TBB.

#####

Local storage doesn't deserve a red value. I tested that with latest TBB and it works very well. Tested it...

tab1: anonymity test -> 1361559330749 ->
click on blog -> click on anonymity test again -> 1361559672570

tab2: anonymity test -> 1361559407190 ->
click on storage -> click on anonymity t est again -> 1361559679301

Can not be used for tracking.

#####

tab name window.name doesn't deserve a red value. I tested that with latest TBB and it works very well. Tested it...

tab1: anonymity test -> 1534051 ->
click on blog -> click on anonymity test again -> 6653513

tab2: anonymity test -> 7718937 ->
click on blog -> click on anonymity test again -> 8798352

Can not be used for tracking.

#####

SSL_session_id all values differs by tab and after navigating on the page. You mark it as neutral. What's the point of having it in the test anyway if it can not be used for tracking/fingerprinting?

#####

Given the many issues that test has... Given the many people getting confused by this test... Given the time you need to fix these issues... Given the effort to update that page every time TBB updates...

I recommend,

- remove all TBB specific recommendations
- add a big note at the top, that it doesn't work very well for testing TBB

Re: ip-check.info some false values and confuses TBB users

Posted: Fri Feb 22, 2013 21:47
by cane
The new TBB with the new behavior of Local storage, SSL session ID and window.name was released today. Please be patient.

We will see and looking for some improvements, but not today and not at the weekend. We will test it more carefully and we will show a red color for the behavior of the old TBB and a green color for the new anti tracking behavior.

Re: ip-check.info some false values and confuses TBB users

Posted: Thu Feb 28, 2013 2:38
by proper
Using the TBB Alpha packages before the Stable is released could buy time to react. Those already included the changes for some time.

Re: ip-check.info some false values and confuses TBB users

Posted: Wed Mar 27, 2013 21:44
by cane
Fixed DOMstorage test (generic, for all user) and some other small bugs in info text for Tor user.

Re: ip-check.info some false values and confuses TBB users

Posted: Sat Aug 10, 2013 18:09
by holefinder
The test of TBB showed different ips for ftp and https.
After I put Vidalia's socks address into the ftp field of torbutton and did the test again I got one ip address. What's wrong with the tor browser bundle?

Re: ip-check.info some false values and confuses TBB users

Posted: Sat Aug 10, 2013 21:00
by cane
What's wrong with the tor browser bundle?
There is nothing wrong with TorBrowser.

It is a problem of our IP-check to get the information about new Tor servers just in time. Time by time it takes a few hours until our IP-check will get the IP address of a new Tor server.

If the IP addresses of FTP and HTTP/HTTPS are not identically (this is possible, if the HTTP exit node doesn't support FTP) and the IP address of the Tor exit for FTP is not known to our IP-check, you will get the result above.

We are working on this issue. It is not a bug of TorBrowser.

Re: ip-check.info some false values and confuses TBB users

Posted: Mon Nov 02, 2015 17:13
by proper
cane wrote:
What's wrong with the tor browser bundle?
There is nothing wrong with TorBrowser.

It is a problem of our IP-check to get the information about new Tor servers just in time. Time by time it takes a few hours until our IP-check will get the IP address of a new Tor server.

If the IP addresses of FTP and HTTP/HTTPS are not identically (this is possible, if the HTTP exit node doesn't support FTP) and the IP address of the Tor exit for FTP is not known to our IP-check, you will get the result above.

We are working on this issue. It is not a bug of TorBrowser.
Any update? Was this solved?

Re: ip-check.info some false values and confuses TBB users

Posted: Mon Nov 02, 2015 21:34
by proper
The cookies, value tooltip still recommends TBB to TBB users.
Recommended: Use the Tor Browser Bundle, or generally block Cookies and allow them for single web pages if needed only.
This is very confusing. Please remove any TBB specific advice if you cannot fix the TBB users specific advice.