[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: browser fingerprinting - panopticlick



Mike Perry wrote:
Thus spake Seth David Schoen (schoen@xxxxxxx):

Mike Perry writes:

Thus spake coderman (coderman@xxxxxxxxx):

EFF has an interesting tool available:
  https://panopticlick.eff.org/

technical details at
https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy

an interesting look at exactly how distinguishable your default
browser configuration may be...
FYI, Torbutton has defended against many of these anonymity set
reduction attacks for years, despite how EFFs site may make it appear
otherwise.
Are you unhappy with the phrase "modern versions" in

http://panopticlick.eff.org/self-defense.php

or do you think that page as a whole isn't prominent enough?

Ah yeah. I didn't see that at all. You should be linking to the
sentence subjects instead of "here" :). The modern versions phrase
could be changed to "Torbutton 1.2.0 and above" and still be correct,
but I actually didn't notice that page at all.

I also think the "Your browser fingerprint appears to be unique among
the N tested so far" string could be perhaps increased in size or also
have the number bolded too.

As an aside, since there are already some questions in #tor and
#tor-dev, I want to point out that Torbutton's obfuscation features
are only intended to make you appear uniform amongst other Tor users.
Tor users already stick out like a sore thumb because of using exit
IPs, and the small numbers relative to the rest of your vistor base
will make Torbutton's obfuscated settings appear very unique compared
to regular visitors.


These guys have been warning about the browser fingerprint issue for
years.

<http://anon.inf.tu-dresden.de/help/jap_help/en/help/security_test.html>

They offer a FireFox plugin that attempts to provide a more generic
signature.

(I love it when my Firefox/Linux browser registers as I.E./Windows.) :-)

(It is also fun watching the Suricata and Snort IDS logs after changing to I.E.)



***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/