@@ -266,7 +266,7 @@ Adversaries may position themselves at a number of possible locations in order t
Adversaries run Tor middle relays or they may control routers upstream of middle relays.
They may observe metadata around the connections to their peers.
5.**Guard relays**
5.**Guard relays or upstream routers**
Adversaries may run Tor guard nodes or they may control routers upstream of guard nodes.
They may observe metadata around the connections to the user and their circuit's middle relays.
...
...
@@ -284,7 +284,7 @@ Adversaries may position themselves at a number of possible locations in order t
Such adversaries would include system administrators, other users of a shared system, or domestic partners.
They may also be able to compel users to surrender their encryption keys.
8.**Build Infrastructure**
8.**Release infrastructure**
Adversaries may have access to release infrastructure such as build servers, source code repositories, or developer computers.
They may attempt to modify the contents of files or communications on the affected machines.
...
...
@@ -305,7 +305,7 @@ The adversary can perform the following attacks from a number of possible positi
An adversary in a position to perform machine-in-the-middle content alteration can inject document content elements to both read and inject cookies for arbitrary domains. Such an adversary may also steal or alter document content.
2.**Fingerprint browser properties**
1.**Fingerprint browser properties**
- **Positioning**
- 1st party websites
...
...
@@ -314,7 +314,7 @@ The adversary can perform the following attacks from a number of possible positi
By default, modern web browsers expose quite a large number of stable properties about the user's operating system, physical hardware, customisations, and personal information.
In isolation, most of these properties are not sufficient to uniquely identify and thus track a user across domains or deanonymise them.
In isolation, most of these properties are typically not sufficient to uniquely identify and thus track a user across domains or deanonymise them.
However, such properties can be bucketed and combined to generate a stable identifier which can be used to track users across colluding 1st and 3rd party domains.
Some examples of fingerprintable features available to adversaries in modern browsers (not an exhaustive list):
...
...
@@ -348,10 +348,27 @@ The adversary can perform the following attacks from a number of possible positi
[CSS media queries](https://developer.mozilla.org/En/CSS/Media_queries) can be inserted to gather information about the desktop size, widget size, display type, DPI, user agent type, and other information that was formerly available only to JavaScript.
