了解瀏覽器指紋
瀏覽器指紋辨識是系統地收集有關網頁瀏覽器的信息,以便對其身分或特徵進行有根據的猜測。
每個瀏覽器的設定和功能都會建立一個新的「瀏覽器指紋」。
大多數瀏覽器都會無意中為每個用戶創建一個獨特的指紋,可以在整個網路上追蹤。
有關瀏覽器指紋識別的更多詳細信息,請參閱Tor 博客上的以下文章:瀏覽器指紋識別:簡介和未來挑戰和 Tor Browser: a legacy of advancing private browsing innovation。
為什麼瀏覽器指紋辨識會威脅到線上隱私?
首先,收集此資訊無需向使用者請求權限。
瀏覽器中執行的任何腳本都能在使用者不知情的情況下悄悄建立裝置指紋。
其次,如果瀏覽器指紋的某個屬性是獨特的,或者幾個屬性的組合是獨特的,那麼就可以在線上識別和追蹤設備。
這意味著即使沒有cookies,設備也能被通過瀏覽器指紋追蹤。
Tor 瀏覽器如何緩解指紋識別
Tor瀏覽器結果專門的設計,可最大限度地减少減少每個用戶的瀏覽器指紋在多種指標上的獨特性。
雖然實際上不可能讓所有 Tor 瀏覽器用戶都相同,但目標是減少每個指標可區分的「儲存桶」的數量。
這個措施使有效追蹤單個用戶變得更加困難。
某些屬性,如作業系統和語言,是功能所必需的,不能完全隱藏或欺騙。
相反的,Tor 瀏覽器限制這些屬性的多樣性,以降低獨特性。
例如,它限製字體枚舉並應用字元後備,使用信箱標準化螢幕和視窗大小,並將請求的語言種類限制為一小套預先定義的語言。
Tor 瀏覽器反指紋保護的主要目標是使收集足夠的資訊來唯一識別使用者變得更加困難,從而在不損害必要功能的情況下增強隱私。
Tor 瀏覽器中的防指紋辨識功能
Letterboxing
為了避免基於屏幕分辨率的瀏覽器指紋檢測,Tor瀏覽器以一些200px × 100px窗口組成的內容窗口啟動。
這裡的策略是將所有用戶放入幾個組中,使得分辨出單個用戶變得更加困難。
到目前為止,這一直有效,直到使用者開始調整視窗大小(例如透過最大化視窗或進入全螢幕模式)。
Tor 瀏覽器還針對這些情況配備了指紋辨識防禦技術,稱為Letterboxing,這是Mozilla 開發的一種技術,於2019 年推出。
它的工作原理是向瀏覽器視窗添加邊距,以使視窗盡可能接近所需的大小,同時用戶仍然處於幾個螢幕尺寸桶中,從而無法借助螢幕尺寸將它們單獨挑出來。
簡而言之,這種技術將用戶分為具有特定螢幕尺寸的群組,這使得根據螢幕尺寸挑選用戶變得更加困難,因為許多用戶的螢幕尺寸相同。
User-Agent and Operating System spoofing
The User-Agent string is a value websites can use to identify details about your browser, operating system (OS), CPU architecture, vendor, and version.
Since this information can reveal which OS or device a user is using, it has been a vector for browser fingerprinting, allowing websites or trackers to potentially single out users.
Tor Browser addresses this by spoofing the User-Agent. Users cannot choose a specific operating system or attempt to imitate every possible platform.
Instead, Tor Browser standardizes User-Agent values to reduce uniqueness and avoid creating a false sense of privacy:
- All Windows appear as Windows 10.
- All macOS appear as OS X 10.15.
- All Android as Android 10.
- All other systems like all Linux distributions (including Tails and Qubes), *BSD and other operating systems are grouped together and reported as "Linux running X11".
- All the other details (such as the architecture) are also normalized per-platform.
In this case, the fingerprint resistance strategy in Tor Browser is to protect real values of the User-Agent by spoofing, but also have a large enough user set.
User-Agent is sent to websites as an HTTP header, and it is available to JavaScript as navigator.userAgent.
Inconsistencies in these values can trigger anti-bot and anti-fraud systems into categorizing Tor users as a bot, and deny their requests, which in turn affects usability for Tor Browser users.
Some privacy tools or users suggest that making all users appear as Windows would offer the best cover.
However, perfectly spoofing across all browser contexts is not possible and active fingerprinting methods (using fonts, features, behavior, with or without JavaScript, etc.) can often be used to infer aspects of the hardware or operating system.
Tor Browser does not let users select which OS they appear to be.
This is intentional: any option to choose would only make users more unique and thus easier to fingerprint.
The small set of standardized options is key to keeping users blended together, maximizing privacy for everyone.
其他防指紋辨識功能
除了黑框功能之外,Tor 瀏覽器還採用了許多其他功能來減輕瀏覽器指紋識別並保護使用者隱私。
These features include Canvas image extraction blocking, NoScript integration, and first-party isolation.
有關功能的完整列表,請閱讀Tor 瀏覽器的設計與實作文件。