Opened 9 years ago

Last modified 3 years ago

#726 assigned enhancement

users can be deanonymized with browser fingerprinting

Reported by: DISABLED Owned by: sadie
Priority: minor Milestone:
Component: www/i2p Version: 0.9.2
Keywords: Cc: slumlord
Parent Tickets: Sensitive: no


Browser fingerprinting can be used to deanonymize users. Browsers voluntarily tell websites so much about their visitors, that they can be (almost) uniquely identified. [1] [2] [3]

Using Firefox and Tor instead of Tor Browser is discouraged, because of the browser fingerprinting issues. [4] Also Jondo, another anonymizing service has their own JonDoFox? browser [5] to fight browser fingerprinting. You could say, i2p is neither Tor nor Jondo. That is true, but browser fingerprinting applies to i2p as well.

Here is an example how such an attack could look like:

  1. The user uses normal Firefox to visit website x over his clearnet IP. Website x creates the browser fingerprint and stores it together with the users IP.
  2. The user uses (another profiles) Firefox and visits eepsite y over i2p. The eepsite also creates the browser fingeprint and stores it.
  3. Website x and eepsite y must share the collected data or be owned by the same hoster.
  4. Compare the fingerprints and and find out the clearnet IP of the user who visited the eepsite.

Suggested solution:
Tell people to use their favorite browser for clearnet activities but never to use it for i2p. Tell people to use the Tor Browser for i2p. Perhaps rebrand Tor Browser into i2p Browser. Perhaps bundle i2p Browser with i2p.



Change History (6)

comment:1 Changed 9 years ago by zzz

Component: unspecifiedwww
Priority: criticalmajor

You have a proposal on where we should "tell people"? Specific pages on our website?

I don't think we're going to distribute a browser. That's way more than we can handle, and not part of our core development effort. One way that I2P is not Tor, is that TOR has about 15 paid employees and we have 15 less than that. Sadly.

comment:2 Changed 9 years ago by DISABLED

After the issue is now recognized and accepted (I couldn't know how you react), I am willing to help with the solution as far as technical steps are concerned. (Not developing and offering a i2p browser package.)

As first solution, I'd post the issue in the forums - to get more input from people who could have ideas. I haven't seen a dev mailing list, so also discuss it in IRC.

Using Tor Browser with i2p is actually very easy. At least as manual suggestion. It's *nix solution is described here: (No idea about Windows, but it will be probable very similar.)

Just "./App/vidalia —datadir Data/Vidalia/?" has to be changed to "./App/Firefox?/firefox -profile ./Data/profile". You could provide an adapted startup file (or I do it). This will start Tor Browser without the bundled Tor / Vidalia.

The missing step is only changing the proxy settings in Tor Button configuration. The can easily be done manually (right click on Tor Button). Alternatively User.js can be used to permanently override any (proxy) settings.

(Of course Tor Browser, i2p Browser and Firefox could all run parallel without conflicting. They just need their own folder and the -no-remote switch for the Firefox line allows that.)

In case you are interested in a "recommending Tor Browser suggestion", I volunteer to compile all those instructions into a wiki page. (License: public domain or anything else you require and you can do anything with it, copy it to or script the whole process.)

After it's done I'd suggest to post a news on the website and inside the router console for existing users. For new users I don't know, somewhere in documentation which they are recommend to read.

comment:3 Changed 9 years ago by zzz

Milestone: 0.9.3
Priority: majorminor
Type: defectenhancement

comment:4 Changed 8 years ago by killyourtv

Referenced in Tails ticket #6039

comment:5 Changed 3 years ago by zzz

Cc: slumlord added
Owner: set to sadie
Status: newassigned

comment:6 Changed 3 years ago by slumlord

We could include specific instructions on our browser-config page to warn users about the dangers of browser fingerprinting, recommending that they keep their I2P browsing on a separate browser, or even a VM.

Note: See TracTickets for help on using tickets.