Why Tor doesn’t guarantee your anonymity and what to do about it


Unfor­tu­nate­ly, Tor and VPNs do not guar­an­tee you anonymi­ty on the Inter­net. You can be giv­en away by com­plete­ly harm­less soft­ware installed on your com­put­er.

Software imprint

The vul­ner­a­bil­i­ty in ques­tion was dis­cov­ered back in May by Fin­ger­print­JS. The scheme flood­ing vul­ner­a­bil­i­ty allows users to be tracked based on the appli­ca­tions installed on their device.

To do this, the mali­cious resource that the user goes to auto­mat­i­cal­ly cre­ates their pro­file by send­ing them appli­ca­tion URLs. For exam­ple, it gen­er­ates a zoommtg:// request to see if the request is passed to the Zoom appli­ca­tion. If it is trans­mit­ted, then Zoom is installed on the com­put­er. Requests are repeat­ed for dif­fer­ent appli­ca­tions. The more soft­ware installed on a PC, the more accu­rate and unique the pro­file of a par­tic­u­lar per­son.

The resource was launched not so long ago https://schemeflood.com/, allow­ing any­one to check their fin­ger­print. You will be sur­prised how dif­fer­ent you are from oth­er users, and how eas­i­ly you can be tracked by this dis­sim­i­lar­i­ty.

Con­sid­er­ing that the “soft­ware fin­ger­print” is read even through VPN, Tor and oth­er tools for hid­ing one’s iden­ti­ty, every­thing looks pret­ty gloomy.

What to do with it?

First of all, keep track of which browsers you use when surf­ing the Inter­net anony­mous­ly. In the recent ver­sion of Tor Brows­er 10.0.18, the above vul­ner­a­bil­i­ty has been fixed, but the fin­ger­print­ing method still works in oth­er browsers. So even if you access the net­work through your own pri­vate VPN tun­nel some­where in the banana islands, but you use a reg­u­lar brows­er, you can still be iden­ti­fied.

Also, for anony­mous cas­es, it is bet­ter to get a sep­a­rate PC with a min­i­mum of installed soft­ware. The few­er pro­grams and appli­ca­tions there are on the device, the more non-unique your “soft foot­print” will be, and, accord­ing­ly, the more dif­fi­cult it will be to asso­ciate it with your real per­son­al­i­ty.







Добавить комментарий