[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: browser fingerprinting - panopticlick



Thus spake Seth David Schoen (schoen@xxxxxxx):

> Mike Perry writes:
> 
> > Thus spake coderman (coderman@xxxxxxxxx):
> > 
> > > EFF has an interesting tool available:
> > >   https://panopticlick.eff.org/
> > > 
> > > technical details at
> > > https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy
> > > 
> > > an interesting look at exactly how distinguishable your default
> > > browser configuration may be...
> > 
> > FYI, Torbutton has defended against many of these anonymity set
> > reduction attacks for years, despite how EFFs site may make it appear
> > otherwise.
> 
> Are you unhappy with the phrase "modern versions" in
> 
> http://panopticlick.eff.org/self-defense.php
> 
> or do you think that page as a whole isn't prominent enough?

Ah yeah. I didn't see that at all. You should be linking to the
sentence subjects instead of "here" :). The modern versions phrase
could be changed to "Torbutton 1.2.0 and above" and still be correct,
but I actually didn't notice that page at all.

I also think the "Your browser fingerprint appears to be unique among
the N tested so far" string could be perhaps increased in size or also
have the number bolded too.

As an aside, since there are already some questions in #tor and
#tor-dev, I want to point out that Torbutton's obfuscation features
are only intended to make you appear uniform amongst other Tor users.
Tor users already stick out like a sore thumb because of using exit
IPs, and the small numbers relative to the rest of your vistor base
will make Torbutton's obfuscated settings appear very unique compared
to regular visitors.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpV0mlzTVgmT.pgp
Description: PGP signature