[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27196 [Applications/Tor bundles/installation]: TB 8a10 and panopticlick: your browser has a unique fingerprint



#27196: TB 8a10 and panopticlick: your browser has a unique fingerprint
-------------------------------------------------+-------------------------
 Reporter:  traumschule                          |          Owner:  erinn
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor                     |        Version:
  bundles/installation                           |
 Severity:  Normal                               |     Resolution:
 Keywords:  ff60-esr, tbb-usability tbb-         |  Actual Points:
  security, tbb-performance                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ProTipGuyFWIWWeLoveARMA):

 Replying to [ticket:27196 traumschule]:
 > = Trackers
 > As discussed before (#12958),
 [https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss
 #CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin
 blocking content allows fingerprinting], instead
 [[comment:4:ticket:12958|you suggest]] "an identical blocklist for every
 user. For example, AdBlock Plus with a fixed set of filters." Do you have
 plans to do this? (I am aware of your answers for
 [[comment:1:ticket:15279|uMatrix]] and [[comment:54:ticket:17569|ublock
 origin]] and spare you to repost everything :)
 > (mentioning [https://riseup.net/en/security/network-security/better-web-
 browsing Riseup's recommendations] + requestblock for a balanced
 perspective, because I do not follow the conclusion that external requests
 should be accepted just not to be finger-printable. For me personally it's
 worse, when trackers know that I visited a site.)
 Trackers won't know who the "I" is so it's at worst harmless. The
 arguments for a tracker blocker including one are mainly - as I see it -
 about performance. Also Arthur voiced support for such a proposal. There's
 also another proposal for adding Decentraleyes which (doesn't block
 trackers) provides JS libraries locally instead and blocks resolving them
 through a CDN: #22089, it sounds good and doesn't suffer the problems with
 a tracker blocker but has not received any response so far from tb-devs.

 > #14924 sounds reasonable.
 Yes.


 > = EFF/Panopticlick
 > wants me to install privacybadger (not voting for it here, because of
 #12958)
 > Is your browser blocking tracking ads?        ⚠ partial protection
 > Is your browser blocking invisible trackers?  ⚠ partial protection
 > Does your blocker stop trackers that are included in the so-called
 “acceptable ads” whitelist?        ✗ no
 > Does your browser unblock 3rd parties that promise to honor Do Not
 Track?     ✗ no
 > Does your browser protect from fingerprinting?        ✗
 > your browser has a unique fingerprint
 > https://share.riseup.net/#3RwdPLNSuFFZcK9MA_6l8g
 What is going on with your browser window size? It doesn't appear to be
 normal. You can test as well here: https://fpcentral.tbb.torproject.org/fp
 Because that's the only thing that leaks much entropy in your side (here's
 hoping tbb devs will actually fix the user agent as well to not leak OS
 for most sites and most trackers).

 > I consider the defaults dangerous ([[comment:3:ticket:25451|window
 size]]). Why not setting the security slider to "Safest" per default?
 Captain Mike has a nice breakdown explanation:
 https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27196#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs