[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7256 [Firefox Patch Issues]: Explore zoom-based alternatives to fixed window sizes

Subject: Re: [tor-bugs] #7256 [Firefox Patch Issues]: Explore zoom-based alternatives to fixed window sizes
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 24 Jul 2014 18:56:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 24 Jul 2014 14:56:42 -0400
In-reply-to: <049.7c5f9182fef9c55cff7e4a8bd597630f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.7c5f9182fef9c55cff7e4a8bd597630f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7256: Explore zoom-based alternatives to fixed window sizes
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  project              |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting tbb-
   Resolution:                       |  bounty
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by joebt):

 Furthering the issue on TBB default opening window size, I visited
 Panopticlick again today, using both Firefox 30 & TBB 3.6.2, in Windows
 Vista.
 Maybe someone can explain the results & comment on vanilla Fx having fewer
 bits of identifying info (bits ii) than TBB in default screen size.

 I visited Panopticlick from a new identity, in a new TBB session (all
 browsing data cleared).

 1) Even at TBB's opening, default screen size (not maximized) - when
 Windows' DPI is a '''non'''-default value, Panopticlick shows TBB has
 43.98 bits ii, when js is disabled.  Many sites don't operate well w/o js.
 (do social media sites?)  The EFF says approximately 33 bits are needed to
 identify a computer.

 I will visit the site again, when the system DPI is @ default 96 & with
 TBB in starting, non-maximized window size.  As long as JS is enabled, not
 sure if the total will drop '''<''' 33 bits ii.

 2) Again, if users have the system __DPI @ '''non'''-default__ value,
 multiple browser characteristic detection sites report "odd" screen size
 for TBB.
 TBB opening default screen size was detected @ 1000x8'''67''' w/ java
 script enabled. Earlier today, same scenario, different session &
 identity, but js disabled, it showed 1000x8'''37'''.  How's that possible?
 It seems problematic, in itself?  Nothing was different about TBB starting
 size in the 2 scenarios (that I controlled), or displayed toolbars, etc.
 I've seen the same behavior before.

 3) In my previous test (see comment 10 above), with the __system DPI @
 '''96 default'''__ value, Panopticlick STILL showed odd screen size for
 TBB.  If Panopticlick is correctly detecting it (what's actually being
 reported), how can this be the intended TBB behavior?

  * For detected screen size, how is TBB better than vanilla Fx?  Unless
 I'm doing something incorrectly, for screen size, detection sites '''don't
 seem to show TBB as less unique''' than Firefox.

  * So far, I've __never seen anything close to a multiple of 200x100__, or
 any other multiple of real world monitor sizes, __for TBB__ on
 Panopticlick, '''''in any scenario'''''  - whether the system is default
 96 DPI, or not.

 4) Either there's something unusual about my system, or TBB reporting
 multiples of 200x100 doesn't work on all systems.

 There was nothing "unusual" about my previous browser window / toolbars,
 during the Panopticlick visit described in comment 10.

 5) It seems that TBB window size & the GUI (including __allowed toolbars__
 & their sizes) need standardizing.

 6) In my vanilla Fx 30, in '''full screen''' with java script & cookies
 __disabled__, same non-default system DPI, it showed 24.08 bits ii.

 Same Fx 30 w/ js enabled, but no other changes, it showed 41.71 bits ii
 (still better than TBB @ its starting size??).  All other things being
 equal, if I were to use !JonDo Fox (extension) in Fx, the bits ii are
 likely lower than TBB __in its starting size__.  Certainly, screen size
 would be less unique.  Note:  In this Fx profile - for fingerprint
 testing, I'm not using special spoofing methods; just disabling js &
 cookies.

 Yes, there are other reasons to use TBB vs. something like JonDo, but
 that's not the topic of this bug.  Fingerprinting & reported screen size
 are the topics.  I'm not touting JonDo Fox over TBB.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7256#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #12688 [Tor]: Make NumEntryGuards configurable by the consensus
Next by Author: Re: [tor-bugs] #12690 [Tor]: Raise the bandwidth threshold for being a guard
Previous by thread: Re: [tor-bugs] #7256 [Firefox Patch Issues]: Explore zoom-based alternatives to fixed window sizes
Next by thread: [tor-bugs] #12697 [Tor bundles/installation]: Master and maint-3.6 are building non-matching libraries in gitian-utils for Windows
Index(es):
- Author
- Thread