users can be deanonymized with browser fingerprinting
Opened 9 years ago
Last modified 3 years ago
#726assignedenhancement
users can be deanonymized with browser fingerprinting
Reported by:DISABLEDOwned by:sadie Priority: minor Milestone:
Component: www/i2p Version: 0.9.2 Keywords:
Cc: slumlord Parent Tickets:
Sensitive: no
Description
Browser fingerprinting can be used to deanonymize users. Browsers voluntarily tell websites so much about their visitors, that they can be (almost) uniquely identified. [1][2][3]
Using Firefox and Tor instead of Tor Browser is discouraged, because of the browser fingerprinting issues. [4] Also Jondo, another anonymizing service has their own JonDoFox? browser [5] to fight browser fingerprinting. You could say, i2p is neither Tor nor Jondo. That is true, but browser fingerprinting applies to i2p as well.
Here is an example how such an attack could look like:
-
The user uses normal Firefox to visit website x over his clearnet IP. Website x creates the browser fingerprint and stores it together with the users IP.
-
The user uses (another profiles) Firefox and visits eepsite y over i2p. The eepsite also creates the browser fingeprint and stores it.
-
Website x and eepsite y must share the collected data or be owned by the same hoster.
-
Compare the fingerprints and and find out the clearnet IP of the user who visited the eepsite.
Suggested solution:
Tell people to use their favorite browser for clearnet activities but never to use it for i2p. Tell people to use the Tor Browser for i2p. Perhaps rebrand Tor Browser into i2p Browser. Perhaps bundle i2p Browser with i2p.
[1] https://panopticlick.eff.org/
[3] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
[4] https://www.torproject.org/torbutton/torbutton-faq.html.en#oldtorbutton