Sign up to save your podcasts
Or
Share Tor Browser’s Latest Update Could Get You Fingerprinted...
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tor Browser’s Latest Update Could Get You Fingerprinted...
In this video, I explain a major shift in the Tor Browser’s privacy architecture and why it’s a serious problem for anyone who values anonymity. With the release of Tor Browser 14.5, developers permanently removed the OS spoofing feature. This core safeguard made all users appear to be running Windows, regardless of their operating system. This feature was critical in reducing entropy and making users harder to be fingerprinted through HTTP headers, especially when JavaScript was disabled.
Show more
By stripping this out, Tor users on less common systems like Qubes, BSD, or hardened Linux distros are far easier to track across sessions, even when using safest mode. I explain how metadata works, how fingerprinting narrows down identities using simple attributes, and why this change disproportionately impacts privacy-conscious users who do everything else right.
☆-----☆-----☆-----☆-----☆ CHAPTERS ☆-----☆-----☆-----☆-----☆
00:00 Intro
00:28 The Feature That Was Removed
01:04 Why OS Spoofing Mattered for Anonymity
02:01 How Metadata Narrows Identity
03:03 Quantifying Entropy Reduction
04:00 Real-World Example of Spoofing’s Value
04:56 The History of Tor’s OS Spoofing Removal
06:03 Developer Justifications and Rebuttals
07:00 Why the Logic Behind Removal Is Flawed
08:00 Final Kill Switch: Code Base Deleted
09:02 Ignored Warnings from Security Contributors
10:00 Misleading Entropy Claims and Flawed Assumptions
11:00 Rare OS Users Now Fully Exposed
12:01 JavaScript + Headers Now Match
13:14 Impact on Fingerprinting Precision
14:01 Removing Layers Makes Tracking Easier
15:28 Spoofing Used to Be Your Last Line of Defense
16:36 Fingerprinting in “Safest Mode” Now Possible
17:44 How Tails and Whonix Still Protect You
19:00 Why Tails/Whonix Are Different from Qubes/BSD
20:46 Real Mitigations You Can Still Use
21:54 Final Thoughts: Trust, Threat Models, and the Future
☆-----☆-----☆-----☆-----☆ SOCIAL MEDIA ☆-----☆-----☆-----☆-----☆
🎙️ Podcast: https://rss.com/podcasts/darknet/
🌐 Official Website: https://www.doingfedtime.com
🌐 Official Website Mirror: https://www.sambent.com
📘 Facebook: https://www.facebook.com/TheOfficialSamBent/
🐦 Twitter/X: https://twitter.com/DoingFedTime
💼 LinkedIn: https://www.linkedin.com/in/sam-bent/
📧 Email: [email protected]
📱 TikTok: https://www.facebook.com/TheOfficialSamBent/
📚 Amazon Author Page: https://www.amazon.com/stores/Sam-Bent/author/B0BHX5V81S
🌐 Dread (Onion Link): http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/d/doingfedtime
🌐 Pitch (Onion Link): http://pitchprash4aqilfr7sbmuwve3pnkpylqwxjbj2q5o4szcfeea6d27yd.onion/@doingfedtime
🐙 GitHub: https://github.com/DoingFedTime
👾 Reddit (User Account): https://www.reddit.com/user/reservesteel9/
📽️ Rumble: https://rumble.com/c/DoingFedTime
🛡️ Breach Forums (Onion Link): http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/User-SamBent
📸 Instagram: https://www.instagram.com/sambentoffical/
📌 Pinterest: https://www.pinterest.com/DoingFedTime/
☆-----☆-----☆-----☆-----☆ LEGAL STUFF☆-----☆-----☆-----☆-----☆
The information provided in this video is intended for educational purposes only. It is not intended to be legal or professional advice, and should not be relied upon as such.
By watching this video, you acknowledge that you understand and agree to these terms. If you disagree with these terms, do not watch this video.
Show less
View all episodes
By DoingFedTimeIn this video, I explain a major shift in the Tor Browser’s privacy architecture and why it’s a serious problem for anyone who values anonymity. With the release of Tor Browser 14.5, developers permanently removed the OS spoofing feature. This core safeguard made all users appear to be running Windows, regardless of their operating system. This feature was critical in reducing entropy and making users harder to be fingerprinted through HTTP headers, especially when JavaScript was disabled.
Show more
By stripping this out, Tor users on less common systems like Qubes, BSD, or hardened Linux distros are far easier to track across sessions, even when using safest mode. I explain how metadata works, how fingerprinting narrows down identities using simple attributes, and why this change disproportionately impacts privacy-conscious users who do everything else right.
☆-----☆-----☆-----☆-----☆ CHAPTERS ☆-----☆-----☆-----☆-----☆
00:00 Intro
00:28 The Feature That Was Removed
01:04 Why OS Spoofing Mattered for Anonymity
02:01 How Metadata Narrows Identity
03:03 Quantifying Entropy Reduction
04:00 Real-World Example of Spoofing’s Value
04:56 The History of Tor’s OS Spoofing Removal
06:03 Developer Justifications and Rebuttals
07:00 Why the Logic Behind Removal Is Flawed
08:00 Final Kill Switch: Code Base Deleted
09:02 Ignored Warnings from Security Contributors
10:00 Misleading Entropy Claims and Flawed Assumptions
11:00 Rare OS Users Now Fully Exposed
12:01 JavaScript + Headers Now Match
13:14 Impact on Fingerprinting Precision
14:01 Removing Layers Makes Tracking Easier
15:28 Spoofing Used to Be Your Last Line of Defense
16:36 Fingerprinting in “Safest Mode” Now Possible
17:44 How Tails and Whonix Still Protect You
19:00 Why Tails/Whonix Are Different from Qubes/BSD
20:46 Real Mitigations You Can Still Use
21:54 Final Thoughts: Trust, Threat Models, and the Future
☆-----☆-----☆-----☆-----☆ SOCIAL MEDIA ☆-----☆-----☆-----☆-----☆
🎙️ Podcast: https://rss.com/podcasts/darknet/
🌐 Official Website: https://www.doingfedtime.com
🌐 Official Website Mirror: https://www.sambent.com
📘 Facebook: https://www.facebook.com/TheOfficialSamBent/
🐦 Twitter/X: https://twitter.com/DoingFedTime
💼 LinkedIn: https://www.linkedin.com/in/sam-bent/
📧 Email: [email protected]
📱 TikTok: https://www.facebook.com/TheOfficialSamBent/
📚 Amazon Author Page: https://www.amazon.com/stores/Sam-Bent/author/B0BHX5V81S
🌐 Dread (Onion Link): http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/d/doingfedtime
🌐 Pitch (Onion Link): http://pitchprash4aqilfr7sbmuwve3pnkpylqwxjbj2q5o4szcfeea6d27yd.onion/@doingfedtime
🐙 GitHub: https://github.com/DoingFedTime
👾 Reddit (User Account): https://www.reddit.com/user/reservesteel9/
📽️ Rumble: https://rumble.com/c/DoingFedTime
🛡️ Breach Forums (Onion Link): http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/User-SamBent
📸 Instagram: https://www.instagram.com/sambentoffical/
📌 Pinterest: https://www.pinterest.com/DoingFedTime/
☆-----☆-----☆-----☆-----☆ LEGAL STUFF☆-----☆-----☆-----☆-----☆
The information provided in this video is intended for educational purposes only. It is not intended to be legal or professional advice, and should not be relied upon as such.
By watching this video, you acknowledge that you understand and agree to these terms. If you disagree with these terms, do not watch this video.
Show less