[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Anonimity paradox?


#1

Hello!

I have Whonix installed in VirtualBox. When I go to whoer.net from its
TOR I get 65% anonimity, but when I go from my regular browser on host
OS I get 75%. And if I go to that site with my host OS TOR its 55%. How is this possible?

Thanks!


#2

Good day,

to be honest, sites like whoer.net or ip-check.info are unable to really understand and show the way anonymity is accomplished when using the Tor Browser Bundle. What these sites do, is check whether things like Cache and Cookies are enabled. If so, they give better results, as to when they are activated, even though in the case of the TBB, both Cache and Cookies are deleted after closing the browser. The thing is, that instead of making it impossible for sites to safe data temporarily, this is allowed, as to make using most sites possible in the first place. To still guarantee anonymity, it’s the goal to make everyone using the TBB appear the same, thus rendering tracking based on the things these websites show you pointless.

Adding to that, there is an anonymity slider in the TBB on the menu, allowing you to easily turn things like JavaScript on or off.

Have a nice day,

Ego


#3

Likely because that page is not properly developed. Maybe similar to
ip-check.info. ( https://www.whonix.org/wiki/Ip-check.info )


#4

Ego:

to be honest, sites like whoer.net or ip-check.info are unable to really understand and show the way anonymity is accomplished when using the Tor Browser Bundle. What these sites do, is check whether things like Cache and Cookies are enabled. If so, they give better results, as to when they are activated, even though in the case of the TBB, both Cache and Cookies are deleted after closing the browser. The thing is, that instead of making it impossible for sites to safe data temporarily, this is allowed, as to make using most sites possible in the first place. To still guarantee anonymity, it’s the goal to make everyone using the TBB appear the same, thus rendering tracking based on the things these websites show you pointless.

May I take this text, rewrite a bit and add to the wiki?

Next time this comes up I only want to point to that link. Comes up
every now and then.


#5

Thanks for the answer!

So here another question appears: is there any automated tool to check my anonimity “level”?


#6

logoped:

So here another question appears: is there any automated tool to check my anonimity “level”?

No. Not that I know. Unfortunately, not. Only manual tools that require
a good understanding of things and research to generate anything besides
time required to explain things.


#7

Good day,

sure, you may consider anything I write public domain anyways. Though, if you like I could rewrite it myself. Should it be written on a new page, the First time user, or simply the ip-check.info page?

Have a nice day,

Ego

P.S.: Regarding the question whether there is a tool for testing this: Like Patrick stated, asside from background knowledge, there is no such tool. Here is why:

It simply isn’t possible for a web page, to access every part of your browser, to check which settings you’ve set. If this was the case, this would be a bigger fingerprinting surface, then any combination of Supercookies and Addons could create. Thus, these sites are only able to do a rather “surface based testing approach”. It’s pretty much a if/else script, with things like:

If “cookies disabled”, then output a positive result, else a warning. Such a site is unable to check, whether your browser is configured in a way which removes any cookies after closing it, thus making a lot of people, who don’t have an extended background with the inner workings of things like the TBB, rather insecure about the security it delivers. This can especially be seen, when comparing it to JondoFox, developed by the people behind Jondonym and the “ip-check.info” website. Their adaptation of the Firefox is specifically tailored, to “beat” their own test (getting the best possible score). However, in doing so, it sacrifices a lot. Because cookies are per default disabled, rather than only temporarily saved, a lot of websites have problem with saving necessary data for, for example logins. Activating cookies in JondoFox, if only temporarily, which would be necessary to use these sites, however creates a massive “hole” when it comes to anonymity, as your configuration now differs from other JondoFox users… So, I think you can see, why the TBB uses a bit of a different approach, in order to both allow usability, while keeping anonymity.


#8

Thanks, @Ego!

I’ve created a new page. Yes, please expand it with what you wrote above as you see fit.

Since talking about other commercial services, I tried to write it in a way so it is covered by freedom of speech rather than legally risky “false factual claims”.

Here it is:


Right. That’s why I created that page. The posts by the insecure users are getting too much. That’s why I created that page so superficial questions can be answered by just posting that link. A page that totally beats any argument made by these pages while of course being fair.


In theory, there could be a test website that functions as unit test for all this stuff. One targeting developers rather than users. It’s not ready yet. See https://trac.torproject.org/projects/tor/ticket/6119. (There is some stuff in development, see https://www.whonix.org/wiki/Browser_Tests#Other_Services.) But even if it was ready, it would most likely require background knowledge to make head or tail of its results. A reduced test for end users may also be possible, but they are far from it.


#9

Thanks again! Then another related question: is there recommended getting-started-todo-list to increase anonimity?


#10