I am coming in late on this topic and know very little about it,
But I have to ask, would it be possible to send fake information?
I know that they use many variables to create a mosaic to identify people.
So why not change several variables. Create some randomness
and change several variables on an irregular basis.
I am sure this will not be the last salvo in the on going war of
identification, but
it may help for a while.
On Tue, May 7, 2013 at 10:27 PM, Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote:
https://www.torproject.org/projects/torbrowser/design/
"WebGL can reveal information about the video card in use, and high
precision timing information can be used to fingerprint the CPU and
interpreter speed."
[...]
The adversary simply renders WebGL, font, and named color data to a
Canvas element, extracts the image buffer, and computes a hash of that
image data. Subtle differences in the video card, font packs, and even
font and graphics library versions allow the adversary to produce a
stable, simple, high-entropy fingerprint of a computer. In fact, the
hash of the rendered image can be used almost identically to a tracking
cookie by the web server.
[...]
WebGL is fingerprintable both through information that is exposed about
the underlying driver and optimizations, as well as through performance
fingerprinting.
Because of the large amount of potential fingerprinting vectors and the
previously unexposed vulnerability surface, we deploy a similar strategy
against WebGL as for plugins. "