Abstract

The onion router (Tor) is currently the most powerful and prominent tool to achieve online privacy on the Internet. As a browser, Tor can protect web users by not revealing the source or destination IP address, and it also prevents web tracking with HTTP cookies. Tor browser has been updated continuously to resist de-anonymizing attacks by restricting the browser’s functions, e.g., excluding all plugins such as Flash player. On March 2016, Jose Norte posted the article as “Advanced Tor Browser Fingerprinting” in his blog [37]. It suggested that browser fingerprinting can track Tor browser. In this paper, we examined how secure Tor browser version 5.5 is against browser fingerprinting. Our study concludes that Tor user accesses can be distinguished: 14.28% of Tor browser version 5.5 can be identified within two weeks at our experimental sites, although 70.0% of the older versions can. In this paper, we analyze the current features of Tor browser against browser fingerprinting and also show capabilities to track Tor browser accesses.