ip-check.info some false values and confuses TBB users

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
Post Reply
proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

ip-check.info some false values and confuses TBB users

Post by proper » Fri Feb 01, 2013 13:54

I appreciate your efforts to support Tor and TBB users on ip-check.info, but I think at the moment you from perspective of a TBB user many things should be changed.

Cookies
-------

When you start with the Cookies attribute and move with the mouse over it, recommends "Use JonDoFox"

"or generally block cookies and allow them for single websites, if needed."

"The very last thing you should do is let your browser automatically delete all cookies on closing."

TBB already does that. No need to recommend it.

Cache (E-Tags)
--------------

TBB cache implementation is in TBB design:
https://www.torproject.org/projects/torbrowser/design/

Are you sure this deserves a bad?

HTTP session
------------

"Recommended: Use JonDonym or Tor in order to fix this Problem. Tor keeps a session for 10 minutes only. JonDonym is even completely stateless, if you switch off proxy-connection keep-alive in your browser."

Why recommend using Tor to a Tor user?

Referer
-------

"Recommended: The referrer should be set to the current domain if you move to another website. It should remain unchanged as long as you move within the same website."

"Firefox: Torbutton does currently not support any referer anonymization. Or, for a partial solution: Install the add-on RefControl. Set default to: block, for links to other domains only."

Wouldn't that make the few users doing so more fingerprintable because most TBB users don't block the referer?

Related:
https://trac.torproject.org/projects/tor/ticket/3809
https://trac.torproject.org/projects/tor/ticket/4783

Do-Not-Track
------------

"[...] we recommend this setting [...]"

This isn't a good idea. Too few people will do so and those who do get in fact more fingerprintable.

Tab name
--------

"Recommended: The name of the current tab should be deleted once you are surfing to a new website domain."

"Firefox: Use the JonDoFox or Torbutton profile."

Yes, but I actually was already using the default TBB profile. So why is recommend to use something I am already using?

System
------
System information is uniform among all TBB users, which is fine. So you probable should outline, that the system fake value is good (green).

The time issue however

Footer
------

"Important hint: We do not show any fakes here. Any arbitrary web page may get all the data you see on this page from your browser. If you are not happy with the results, please install Torbutton and use it in its default configuration with JavaScript disabled."

Torbutton standalone (installing) is deprecated. TBB is now recommend by The Tor Project.

And I got these results while I actually was already using TBB in default settings.

Default settings with javascript disabled is a bit misleading, because in TBB javascript is enabled by default. If you want to recommend disabling JavaScript you could rephrase it: "If you are not happy with the results, please use the Tor Browser Bundle, disable JavaScript and don't change any other settings."

Perhaps related:
https://lists.torproject.org/pipermail/ ... 24224.html

User avatar
jondos
Posts: 1241
Joined: Thu May 24, 2007 14:52

Re: ip-check.info some false values and confuses TBB users

Post by jondos » Tue Feb 12, 2013 15:12

Thank you for your suggestions! We have meanwhile included some of them in the test and are working on the rest.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: ip-check.info some false values and confuses TBB users

Post by proper » Fri Feb 22, 2013 19:29

It's getting worse with the latest version of TBB.
https://blog.torproject.org/blog/new-to ... ox-1703esr

"Recommendation: Use the preconfigured, free and open source Torbrowser default profile in its current version in order to get the maximum browser privacy."

But, I am already using the default TBB.

#####

Local storage doesn't deserve a red value. I tested that with latest TBB and it works very well. Tested it...

tab1: anonymity test -> 1361559330749 ->
click on blog -> click on anonymity test again -> 1361559672570

tab2: anonymity test -> 1361559407190 ->
click on storage -> click on anonymity t est again -> 1361559679301

Can not be used for tracking.

#####

tab name window.name doesn't deserve a red value. I tested that with latest TBB and it works very well. Tested it...

tab1: anonymity test -> 1534051 ->
click on blog -> click on anonymity test again -> 6653513

tab2: anonymity test -> 7718937 ->
click on blog -> click on anonymity test again -> 8798352

Can not be used for tracking.

#####

SSL_session_id all values differs by tab and after navigating on the page. You mark it as neutral. What's the point of having it in the test anyway if it can not be used for tracking/fingerprinting?

#####

Given the many issues that test has... Given the many people getting confused by this test... Given the time you need to fix these issues... Given the effort to update that page every time TBB updates...

I recommend,

- remove all TBB specific recommendations
- add a big note at the top, that it doesn't work very well for testing TBB
Last edited by proper on Fri Feb 22, 2013 20:09, edited 1 time in total.

cane

Re: ip-check.info some false values and confuses TBB users

Post by cane » Fri Feb 22, 2013 21:47

The new TBB with the new behavior of Local storage, SSL session ID and window.name was released today. Please be patient.

We will see and looking for some improvements, but not today and not at the weekend. We will test it more carefully and we will show a red color for the behavior of the old TBB and a green color for the new anti tracking behavior.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: ip-check.info some false values and confuses TBB users

Post by proper » Thu Feb 28, 2013 2:38

Using the TBB Alpha packages before the Stable is released could buy time to react. Those already included the changes for some time.

cane

Re: ip-check.info some false values and confuses TBB users

Post by cane » Wed Mar 27, 2013 21:44

Fixed DOMstorage test (generic, for all user) and some other small bugs in info text for Tor user.

holefinder
Posts: 1
Joined: Sat Aug 10, 2013 17:42

Re: ip-check.info some false values and confuses TBB users

Post by holefinder » Sat Aug 10, 2013 18:09

The test of TBB showed different ips for ftp and https.
After I put Vidalia's socks address into the ftp field of torbutton and did the test again I got one ip address. What's wrong with the tor browser bundle?
Attachments
n1.jpg
one IP after adding Vidalia's socks address into the ftp field of TorButton
n2.jpg
two different IPs

cane

Re: ip-check.info some false values and confuses TBB users

Post by cane » Sat Aug 10, 2013 21:00

What's wrong with the tor browser bundle?
There is nothing wrong with TorBrowser.

It is a problem of our IP-check to get the information about new Tor servers just in time. Time by time it takes a few hours until our IP-check will get the IP address of a new Tor server.

If the IP addresses of FTP and HTTP/HTTPS are not identically (this is possible, if the HTTP exit node doesn't support FTP) and the IP address of the Tor exit for FTP is not known to our IP-check, you will get the result above.

We are working on this issue. It is not a bug of TorBrowser.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: ip-check.info some false values and confuses TBB users

Post by proper » Mon Nov 02, 2015 17:13

cane wrote:
What's wrong with the tor browser bundle?
There is nothing wrong with TorBrowser.

It is a problem of our IP-check to get the information about new Tor servers just in time. Time by time it takes a few hours until our IP-check will get the IP address of a new Tor server.

If the IP addresses of FTP and HTTP/HTTPS are not identically (this is possible, if the HTTP exit node doesn't support FTP) and the IP address of the Tor exit for FTP is not known to our IP-check, you will get the result above.

We are working on this issue. It is not a bug of TorBrowser.
Any update? Was this solved?

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: ip-check.info some false values and confuses TBB users

Post by proper » Mon Nov 02, 2015 21:34

The cookies, value tooltip still recommends TBB to TBB users.
Recommended: Use the Tor Browser Bundle, or generally block Cookies and allow them for single web pages if needed only.
This is very confusing. Please remove any TBB specific advice if you cannot fix the TBB users specific advice.

Post Reply