On 7/25/2014 1:57 AM, Georg Koppen wrote:
Joe Btfsplk:On 7/24/2014 3:58 AM, Georg Koppen wrote:Joe Btfsplk:Should TBB always start in partial window size?It depends on your available screen size. But in almost all cases, yes, TBB should always start in partial window size at least until we find a good way to deal with maximized browser windows (see e.g.: https://bugs.torproject.org/7256).Thanks Georg, Clearly I've forgotten or never knew why (partial) TBB window sizes can be spoofed, but standard multiples for maximized TBB windows *can't* be spoofed, instead. ? Don't a "majority" of users maximize something like browsers, for general use? I've never seen it mentioned that most users leave TBB in partial screen. I wouldn't think TBB (window size) would be used differently than regular browsers (a result of human habit). I rarely see people using browsers in partial size, unless doing some between app operation / comparison. I'm talking about what the masses do.Vanilla Firefox starts in maximized mode, if that was the state when closed (I think). TBB always starts in partial screen mode, even if last closed while in full screen. Many apps remember the last screen size. Is there an anonymity reason to have TBB start in partial screen?Not per se, but see https://bugs.torproject.org/7256 for the issue that still needs to get solved first.I don't understand your last statement in relation to the bug you linked:It meant that there is no inherent anonymity reason to start TBB in partial screen mode. The reason we do that now is that it is the only way we currently can sort of guarantee that the window dimensions reported back to a website are properly rounded. Bug 7256 tracks one idea that would cover maximized windows as well. Georg
Thanks. Again, Mike Perry commented in #7256,"/...this potentially leaks information for users who maximize their browser windows.../" Which raises the question, what % of users DON'T maximize (most) browsers they use, a good part of the time?
This all seems to ignore how a large % of users actually use a browser.But, Mike says maximizing browser window potentially leaks info (as if ? most users don't maximize?); you say, "not per se."
I read # 7256 several times & other related bugs. Many have reported in several bugs, their TBB testing results under various scenarios at different browser testing sites.
Using TBB maximized - significantly - increases fingerprinting entropy for screen and / or window size, for me & others reporting on it.
Enabling JS for the current page's domain - only - increases total bits of identifying info (bits ii) for TBB way, *way over* the threshold of 33 bits ii, that EFF.org says is needed to accurately identify a user (their browser, device) at different websites.
Yet, unless only visiting sites like blogs, most sites now perform poorly w/o JS enabled in NoScript, at least for their own domain (no 3rd party). So, you can turn off JS & be much more anonymous, but not be able to use a huge part of sites. Or judiciously turn JS on & be identifiable. Does that about sum it up?
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk