我可以通过Javascript在浏览器本身中检测Tor浏览器吗? [英] Can I detect Tor Browser inside the browser itself, via Javascript I suppose?
问题描述
如果浏览器是Tor浏览器,我想禁用正在构建的Web应用程序的某些功能。我可以在浏览器本身(客户端,而不是服务器端)内部查找浏览器是否是Tor浏览器吗?
I'd like to disable some features of a web app I'm building, if the browser is Tor Browser. Can I inside the browser itself (client side, not server side) find out if the browser is Tor Browser?
我希望使用不发出任何HTTP的解决方案请求将浏览器的IP与Tor出口节点进行匹配。
I would prefer a solution that didn't issue any HTTP requests to match the browser's IP against Tor exit nodes.
背景:在我的情况下,Tor浏览器弹出一个对话框,询问用户 Sor Tor Browser allow这个网站提取HTML5画布图像数据? ,因为Tor浏览器说,画布图像数据可用于唯一地标识浏览器。
Background: In my case, Tor Browser pops up a dialog that asks the user "Should Tor Browser allow this website to extract HTML5 canvas image data?", because, says Tor Browser, canvas image data can be used to uniquely identify a browser.
更新:在阅读完以下答案之后:在我看来,最好的解决方案是在服务器端保留Tor出口节点的列表(最新列表,并定期刷新),以及在加载浏览器时在页面中,如果浏览器的IP与这样的退出节点匹配,我会在< script>
标记中设置一个变量: var isProbablyTorBrowser = true
。然后,客户端不需要任何其他请求,也不需要复杂的逻辑。
Update: After reading the answers below: Perhaps the best solution in my case, is to keep a list of Tor exit nodes server side (an up-to-date list, refreshed periodically), and when a browser loads the page, I set a variable in a <script>
tag, if the browser's IP matches such an exit node: var isProbablyTorBrowser = true
. Then, client side, no additional requests, or complicated logic, is needed.
推荐答案
Tor浏览器并非设计为不可检测的。 (这是不可能的)。相反,它的设计是使所有副本之间都无法区分:您不能严格通过浏览器指纹。
The Tor browser is not designed to be undetectable (that's impossible to do). Rather, it is designed so that all copies are indistinguishable from each other: you cannot track a browser from one site to another, or from one visit to another, strictly through browser fingerprinting.
这使它具有了自己的独特指纹。截至目前,
This gives it a distinct fingerprint of its own. As of right now, a browser that
- 具有
Mozilla / 5.0(Windows NT 6.1; rv:31.0)Gecko / 20100101 Firefox / 31.0
- 具有与浏览器窗口大小匹配的屏幕分辨率(尤其是如果该大小为1000x800)
- 时区为 0(格林尼治标准时间)
- 没有插件(
navigator.plugins
为空)
- Has a User-Agent of
Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
- Has a screen resolution that matches the browser window size (particularly if that size is 1000x800)
- Has a time zone of "0" (GMT)
- Has no plugins (
navigator.plugins
is empty)
可能是TBB浏览器。当下一个ESR版本的Firefox发布时,User-Agent字符串可能会更改,最有可能是 Mozilla / 5.0(Windows NT 6.1; rv:31.0)Gecko / 20100101 Firefox / 38.0
。
is probably the TBB browser. The User-Agent string may change when the next ESR version of Firefox comes out, most likely to Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/38.0
.
仅屏幕分辨率/浏览器窗口匹配可能会唯一标识TBB:即使在全屏模式下,Firefox中的窗口高度和屏幕高度之间也存在一个像素的差异。
The screen resolution/browser window match alone may uniquely identify TBB: even in fullscreen mode, there's a one-pixel difference between window height and screen height in Firefox.
这篇关于我可以通过Javascript在浏览器本身中检测Tor浏览器吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!