I, for one, have completely resigned myself to the idea that my employer, government and neighbors know all of the most shameful elements of my Internet usage. I haven't yet seen an approach to the privacy problem that delivers acceptably anonymous results for acceptably low effort, while simultaneously leaving my connection speed and latency relatively intact.
My experience with Tor was limited and was several years ago, but it felt like I'd returned to a 28k modem...except the entire Internet had begun to serve content on the implicit assumption that I at least had a few megabits of pipe. Do these routers actually offer a solid cornerstone of the kind of solution I've been waiting for?
I wonder how much of this is solvable through re-engineering applications to assume high latency - preferably also adding in a fairly heavy dash of decentralization at the same time.
I'm a babe in the woods, but I had no idea that I was broadcasting my list of installed system fonts and browser plugins.
But it seems to me that this kind of fingerprinting would be pretty easy to defeat if people new it was happening and wanted to defeat it. Something like panoticlick could give advic on fonts and plugins to add to lose yourself in the herd.
That's the point of Chameleon[1]. I've got it installed, and the issue is a lot of websites assume "oh, they don't have $plugin (e.g., Flash) installed", and don't fallback to something reasonable. So there are edge cases where you'd have to disable it. Otherwise, it's pretty effective.
Uninstall Flash and Java (or disable browser use) and disable your browser reporting plugins (a single option change in FF) and you're pretty anonymous. Block JavaScript for untrusted sites and you're even better. Disconnect and Adblock even better.
Both the original and this retort forget to consider that different users have different needs. Security is never going to be a 'one size fits all' kind of arrangement. Different users will find differing levels of utility in Tor routers.
Because imperfect filtering can sometimes be worse than exposing yourself. Imperfect filtering can sometimes identify its users. That and filters will never be perfect.
But if you block JavaScript, a site can't detect whether certain third-party elements are loaded. So using RequestPolicy to also block third-party elements would then increase your anonymity, because it would prevent things like web bugs from leaking your browsing patterns outside of the first-party site. Right?
Or would CSS tricks allow a first-party site to conditionally load elements and reveal your RequestPolicy policy?
Why/how do browsers allow sites to query the list of installed addons? That seems like it should very much be opt-in behaviour, that an addon would need to explicitly inject functionality to be discovered.
Perhaps I'm missing something, but isn't the primary argument against Tor routers simply that it's a really bad idea to send all your traffic through Tor? You certainly don't want to be sending logins, banking data, etc., through some unknown exit node. I mean, presumably you can configure the router to only use the network for some traffic, but then what do you gain over using the Tor Browser bundle?
My experience with Tor was limited and was several years ago, but it felt like I'd returned to a 28k modem...except the entire Internet had begun to serve content on the implicit assumption that I at least had a few megabits of pipe. Do these routers actually offer a solid cornerstone of the kind of solution I've been waiting for?