diff --git a/defences.tex b/defences.tex index 5096119..566fa87 100644 --- a/defences.tex +++ b/defences.tex @@ -215,7 +215,7 @@ Internet on their own but aggregate results from different search engines. The benefit of using privacy-focused search engines is that they obfuscate the \gls{HTTP} Referer field (see section~\ref{subsec:http referer}) by not -forwarding search results to the linked website. Additionally, they often +forwarding search results to the linked web site. Additionally, they often abstain from showing adverts on result pages, protecting user data from third parties that seek to monetize it. @@ -242,7 +242,7 @@ belonging to trackers are added to the list and when old, supposedly inactive, domains are removed again. Futhermore, modern browser plugins aggregate multiple, independently maintained blocklists into one big blacklist, improving the overall detection rate. Since some lists are aimed at blocking for example -cryptocurrency mining applications on websites and others at regular third party +cryptocurrency mining applications on web sites and others at regular third party requests, knowledgeable users can customize their blocking preferences by only including those lists that they deem necessary. A well-known list used by popular browser plugins such as Adblock Plus \cite{Adblock} and uBlock Origin @@ -300,7 +300,50 @@ changed periodically to limit user profiling based on \gls{IP} addresses. The Tor browser is of main interest for users wanting to enhance their privacy online. By default, the browser history is not kept and cookies are cleared -either upon exit or requesting a new identity. +either upon exit or requesting a new identity. The user can choose between three +security modes \emph{Standard}, \emph{Safer} and \emph{Safest}. The Safer mode +disables JavaScript on web sites that are not using \gls{HTTPS}, disables some +fonts to avoid fingerprinting based on the installed fonts and WebGL and other +media is click-to-play only, i.e., they do not run without explicit user +consent. The Safest mode has the same security features as the Safer mode but +disables JavaScript, loading of remote fonts and SVG images on all web sites. +The full list of changes to the Firefox browser and their rationale behind them +can be found in the Tor browser design specification +\cite{perryDesignImplementationTor2018}. + +When using the Tor browser to protect oneself against the tracking methods in +chapter~\ref{chap:tracking methods}, Tor is the most promising technology. +Passing information in \glspl{URL} is still possible because the Tor browser +does not look at individual requests and does not strip them of any tracking +identifiers. Users can still be tracked by a first party using hidden form +fields. The \gls{HTTP} Referer field is purposefully not cleared because too +many web sites depend on it functioning properly. One of the most severe +mistakes a user can make when using the Tor browser is to authenticate him- or +herself to a web site, because then every action is tied to the user account. The +browser successfully defends the user against tracking via the window.name +\gls{DOM} property because it is reset every time a new \gls{URL} is requested +or a change from \gls{HTTP} to \gls{HTTPS} or vice-versa happens. \gls{HTTP} +cookies are deleted after every session and the user has the option to disable +even first party cookies. Flash and Java Applets are disabled by default. +Depending on the settings, users are safe from cookie synchronization. Since +Silverlight is another plugin, it is disabled by default and therefore no +tracking is possible. HTML5 web storage and IndexedDB are both disabled by +default. Web SQL database is not supported by Firefox and thus not supported by +the Tor browser. The CacheStorage \gls{API} is disabled by default and probing a +user's browser history is not possible using JavaScript if it has been disabled +(Safer or Safest browsing mode). Caching itself is allowed but users can +regularly use the \emph{New Identity} feature, which clears all caches. +Disabling caching within the browser is a possibility but might result in a +considerable impact on performance while browsing. To avoid tracking via cache +timing, timing resources within the browser are disabled and the accuracy of +timing functions is limited to a resolution of 100ms. Tracking via \glspl{ETag} +is possible if caching is enabled. For defending against \gls{DNS} cache +tracking by \citet{kleinDNSCacheBasedUser2019}, the Tor network uses one +\gls{DNS} resolver for multiple identities and identifying a single user is +therefore difficult. \gls{TLS} session resumption is mitigated by disabling +\gls{TLS} session tickets. This happens by default within Tor browser. +Additionally, they are limited to the current \gls{URL} bar domain. + \subsection{Virtual Private Networks} \label{subsec:virtual private networks} diff --git a/references.bib b/references.bib index 7a6fb81..6727973 100644 --- a/references.bib +++ b/references.bib @@ -1016,6 +1016,15 @@ series = {{{ACSAC}} '13} } +@misc{perryDesignImplementationTor2018, + title = {The {{Design}} and {{Implementation}} of the {{Tor Browser}} [{{DRAFT}}]}, + author = {Perry, Mike and Clark, Erinn and Murdoch, Steven and Koppen, Georg}, + year = {2018}, + month = jun, + url = {https://2019.www.torproject.org/projects/torbrowser/design/}, + urldate = {2020-07-15} +} + @misc{PersistenceServiceJNLPAPI2015, title = {{{PersistenceService}} ({{JNLP API Reference}} 1.7.0\_95)}, year = {2015}, diff --git a/thesis.tex b/thesis.tex index d2d306c..5cba40d 100644 --- a/thesis.tex +++ b/thesis.tex @@ -49,6 +49,8 @@ \nonzeroparskip % Create space between paragraphs (optional). \setlength{\parindent}{0pt} % Remove paragraph identation (optional). +\setcounter{tocdepth}{3} % Set depth of table of contents to 3 + \makeindex % Use an optional index. \makeglossaries % Use an optional glossary. %\glstocfalse % Remove the glossaries from the table of contents.