Why Tor doesn’t guarantee your anonymity and what to do about it

Unfortunately, Tor and VPNs do not guarantee you anonymity on the Internet. You can be given away by completely harmless software installed on your computer.

Software imprint

The vulnerability in question was discovered back in May by FingerprintJS. The scheme flooding vulnerability allows users to be tracked based on the applications installed on their device.

To do this, the malicious resource that the user goes to automatically creates their profile by sending them application URLs. For example, it generates a zoommtg:// request to see if the request is passed to the Zoom application. If it is transmitted, then Zoom is installed on the computer. Requests are repeated for different applications. The more software installed on a PC, the more accurate and unique the profile of a particular person.

The resource was launched not so long ago https://schemeflood.com/, allowing anyone to check their fingerprint. You will be surprised how different you are from other users, and how easily you can be tracked by this dissimilarity.

Considering that the “software fingerprint” is read even through VPN, Tor and other tools for hiding one’s identity, everything looks pretty gloomy.

What to do with it?

First of all, keep track of which browsers you use when surfing the Internet anonymously. In the recent version of Tor Browser 10.0.18, the above vulnerability has been fixed, but the fingerprinting method still works in other browsers. So even if you access the network through your own private VPN tunnel somewhere in the banana islands, but you use a regular browser, you can still be identified.

Also, for anonymous cases, it is better to get a separate PC with a minimum of installed software. The fewer programs and applications there are on the device, the more non-unique your “soft footprint” will be, and, accordingly, the more difficult it will be to associate it with your real personality.