Finish Tor section
This commit is contained in:
parent
04cd79b471
commit
065daf5dcb
45
defences.tex
45
defences.tex
@ -300,7 +300,50 @@ changed periodically to limit user profiling based on \gls{IP} addresses.
|
||||
|
||||
The Tor browser is of main interest for users wanting to enhance their privacy
|
||||
online. By default, the browser history is not kept and cookies are cleared
|
||||
either upon exit or requesting a new identity.
|
||||
either upon exit or requesting a new identity. The user can choose between three
|
||||
security modes \emph{Standard}, \emph{Safer} and \emph{Safest}. The Safer mode
|
||||
disables JavaScript on web sites that are not using \gls{HTTPS}, disables some
|
||||
fonts to avoid fingerprinting based on the installed fonts and WebGL and other
|
||||
media is click-to-play only, i.e., they do not run without explicit user
|
||||
consent. The Safest mode has the same security features as the Safer mode but
|
||||
disables JavaScript, loading of remote fonts and SVG images on all web sites.
|
||||
The full list of changes to the Firefox browser and their rationale behind them
|
||||
can be found in the Tor browser design specification
|
||||
\cite{perryDesignImplementationTor2018}.
|
||||
|
||||
When using the Tor browser to protect oneself against the tracking methods in
|
||||
chapter~\ref{chap:tracking methods}, Tor is the most promising technology.
|
||||
Passing information in \glspl{URL} is still possible because the Tor browser
|
||||
does not look at individual requests and does not strip them of any tracking
|
||||
identifiers. Users can still be tracked by a first party using hidden form
|
||||
fields. The \gls{HTTP} Referer field is purposefully not cleared because too
|
||||
many web sites depend on it functioning properly. One of the most severe
|
||||
mistakes a user can make when using the Tor browser is to authenticate him- or
|
||||
herself to a web site, because then every action is tied to the user account. The
|
||||
browser successfully defends the user against tracking via the window.name
|
||||
\gls{DOM} property because it is reset every time a new \gls{URL} is requested
|
||||
or a change from \gls{HTTP} to \gls{HTTPS} or vice-versa happens. \gls{HTTP}
|
||||
cookies are deleted after every session and the user has the option to disable
|
||||
even first party cookies. Flash and Java Applets are disabled by default.
|
||||
Depending on the settings, users are safe from cookie synchronization. Since
|
||||
Silverlight is another plugin, it is disabled by default and therefore no
|
||||
tracking is possible. HTML5 web storage and IndexedDB are both disabled by
|
||||
default. Web SQL database is not supported by Firefox and thus not supported by
|
||||
the Tor browser. The CacheStorage \gls{API} is disabled by default and probing a
|
||||
user's browser history is not possible using JavaScript if it has been disabled
|
||||
(Safer or Safest browsing mode). Caching itself is allowed but users can
|
||||
regularly use the \emph{New Identity} feature, which clears all caches.
|
||||
Disabling caching within the browser is a possibility but might result in a
|
||||
considerable impact on performance while browsing. To avoid tracking via cache
|
||||
timing, timing resources within the browser are disabled and the accuracy of
|
||||
timing functions is limited to a resolution of 100ms. Tracking via \glspl{ETag}
|
||||
is possible if caching is enabled. For defending against \gls{DNS} cache
|
||||
tracking by \citet{kleinDNSCacheBasedUser2019}, the Tor network uses one
|
||||
\gls{DNS} resolver for multiple identities and identifying a single user is
|
||||
therefore difficult. \gls{TLS} session resumption is mitigated by disabling
|
||||
\gls{TLS} session tickets. This happens by default within Tor browser.
|
||||
Additionally, they are limited to the current \gls{URL} bar domain.
|
||||
|
||||
|
||||
\subsection{Virtual Private Networks}
|
||||
\label{subsec:virtual private networks}
|
||||
|
||||
@ -1016,6 +1016,15 @@
|
||||
series = {{{ACSAC}} '13}
|
||||
}
|
||||
|
||||
@misc{perryDesignImplementationTor2018,
|
||||
title = {The {{Design}} and {{Implementation}} of the {{Tor Browser}} [{{DRAFT}}]},
|
||||
author = {Perry, Mike and Clark, Erinn and Murdoch, Steven and Koppen, Georg},
|
||||
year = {2018},
|
||||
month = jun,
|
||||
url = {https://2019.www.torproject.org/projects/torbrowser/design/},
|
||||
urldate = {2020-07-15}
|
||||
}
|
||||
|
||||
@misc{PersistenceServiceJNLPAPI2015,
|
||||
title = {{{PersistenceService}} ({{JNLP API Reference}} 1.7.0\_95)},
|
||||
year = {2015},
|
||||
|
||||
@ -49,6 +49,8 @@
|
||||
\nonzeroparskip % Create space between paragraphs (optional).
|
||||
\setlength{\parindent}{0pt} % Remove paragraph identation (optional).
|
||||
|
||||
\setcounter{tocdepth}{3} % Set depth of table of contents to 3
|
||||
|
||||
\makeindex % Use an optional index.
|
||||
\makeglossaries % Use an optional glossary.
|
||||
%\glstocfalse % Remove the glossaries from the table of contents.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user