我可以通过Javascript在浏览器本身中检测Tor浏览器吗？ [英] Can I detect Tor Browser inside the browser itself, via Javascript I suppose?

问题描述

如果浏览器是Tor浏览器，我想禁用正在构建的Web应用程序的某些功能。我可以在浏览器本身（客户端，而不是服务器端）内部查找浏览器是否是Tor浏览器吗？

I'd like to disable some features of a web app I'm building, if the browser is Tor Browser. Can I inside the browser itself (client side, not server side) find out if the browser is Tor Browser?

我希望使用不发出任何HTTP的解决方案请求将浏览器的IP与Tor出口节点进行匹配。

I would prefer a solution that didn't issue any HTTP requests to match the browser's IP against Tor exit nodes.

背景：在我的情况下，Tor浏览器弹出一个对话框，询问用户 Sor Tor Browser allow这个网站提取HTML5画布图像数据？ ，因为Tor浏览器说，画布图像数据可用于唯一地标识浏览器。

Background: In my case, Tor Browser pops up a dialog that asks the user "Should Tor Browser allow this website to extract HTML5 canvas image data?", because, says Tor Browser, canvas image data can be used to uniquely identify a browser.

更新：在阅读完以下答案之后：在我看来，最好的解决方案是在服务器端保留Tor出口节点的列表（最新列表，并定期刷新），以及在加载浏览器时在页面中，如果浏览器的IP与这样的退出节点匹配，我会在< script> 标记中设置一个变量： var isProbablyTorBrowser = true 。然后，客户端不需要任何其他请求，也不需要复杂的逻辑。

Update: After reading the answers below: Perhaps the best solution in my case, is to keep a list of Tor exit nodes server side (an up-to-date list, refreshed periodically), and when a browser loads the page, I set a variable in a <script> tag, if the browser's IP matches such an exit node: var isProbablyTorBrowser = true. Then, client side, no additional requests, or complicated logic, is needed.

推荐答案

Tor浏览器并非设计为不可检测的。 （这是不可能的）。相反，它的设计是使所有副本之间都无法区分：您不能严格通过浏览器指纹。

The Tor browser is not designed to be undetectable (that's impossible to do). Rather, it is designed so that all copies are indistinguishable from each other: you cannot track a browser from one site to another, or from one visit to another, strictly through browser fingerprinting.

这使它具有了自己的独特指纹。截至目前，

This gives it a distinct fingerprint of its own. As of right now, a browser that

1. 具有 Mozilla / 5.0（Windows NT 6.1; rv：31.0）Gecko / 20100101 Firefox / 31.0


2. 具有与浏览器窗口大小匹配的屏幕分辨率（尤其是如果该大小为1000x800）


3. 时区为 0（格林尼治标准时间）


4. 没有插件（ navigator.plugins 为空）

1. Has a User-Agent of Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
2. Has a screen resolution that matches the browser window size (particularly if that size is 1000x800)
3. Has a time zone of "0" (GMT)
4. Has no plugins (navigator.plugins is empty)

可能是TBB浏览器。当下一个ESR版本的Firefox发布时，User-Agent字符串可能会更改，最有可能是 Mozilla / 5.0（Windows NT 6.1; rv：31.0）Gecko / 20100101 Firefox / 38.0 。

is probably the TBB browser. The User-Agent string may change when the next ESR version of Firefox comes out, most likely to Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/38.0.

仅屏幕分辨率/浏览器窗口匹配可能会唯一标识TBB：即使在全屏模式下，Firefox中的窗口高度和屏幕高度之间也存在一个像素的差异。

The screen resolution/browser window match alone may uniquely identify TBB: even in fullscreen mode, there's a one-pixel difference between window height and screen height in Firefox.

这篇关于我可以通过Javascript在浏览器本身中检测Tor浏览器吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！