Re: [Tails-dev] Potential OpSec issue - Identifying Tails To…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Lee Brotherston
CC: tails-dev
Subject: Re: [Tails-dev] Potential OpSec issue - Identifying Tails Tor vs "other" Tor
Hi Lee,

Lee Brotherston wrote (17 Dec 2015 18:50:25 GMT) :
> I'm not sure if this is within your threat model or not,


Not really: for a network adversary on the LAN, currently Tails
behaves in a way that's quite distinguishable, at least in some cases.

Still, not being able to be perfect on the short term does not mean we
should not go after the low-hanging fruits :)

> but I have noticed       
> that I can reliably differentiate between the tails distributed Tor and the Tor   
> Browser bundle distributed to both OS X & Windows (I presume the same applies     
> to others, I have not yet tested though).                                         


> In short, I have been working on TLS Fingerprinting and have noticed that the     
> tails version of Tor does not support MD5withRSA as a signature algorithm in      
> the client_hello packet, while Tor Browser Bundle does when connecting from the   
> desktop to the Tor network.                                                       


Two questions:

* What version of Tor Browser is this?
* Is this the case with Tails 2.0~beta1 as well?

I suspect this might have something to do with the oldish distro Tor
Browser is built on:
https://trac.torproject.org/projects/tor/ticket/15578

Cheers,
--
intrigeri