On 10/2/2013 12:08 AM, Andreas Krey wrote:
I can't say if that is / isn't true. If it is, goes back to my question / pondering, if regularly changing some browser trait(s) (maybe w/ an extension, Tor Button) would make it much more difficult to conclusively say, "This is the same person / browser."On Tue, 01 Oct 2013 13:43:10 +0000, Joe Btfsplk wrote: ...I believe in same TBB version (maybe the same in many versions) they spoof the useragent & time zone, but wouldn't differences in screen sizes & color bit ALONE, among a few users on one entry / exit combination, at a given moment be enough to fingerprint one user?Fingerprinting isn't about identifying the same session (there are cookies for that), but about recognizing you on your next visit when you come from a different IP/exit (or even the same)
Seems unlikely that all TBB users having the exact same browser characteristics is going to happen. It's good in theory, but may be unrealistic. Perhaps approaching the issue from a more realistic standpoint is worth looking into?
Chaos is easier to achieve than perfection. Wondering: in practice, which would be easier to achieve and / or be more successful at preventing fingerprinting:
Trying to make all TBB users look identical or constantly changing (spoofing) some browser characteristics (ones that DON'T break functionality), so that every TBB browser is "constantly" changing it's profile? Perhaps call it SSTBB - shape shifter TBB. There may be drawbacks to *regularly* changing ANY characteristics used for fingerprinting. Just a thought. Definitely problems w/ the current method of trying to make everyone look identical.
Does the issue of other ways to find the actual screen size value, apply to other browser traits as well (some / many)? If so, possibly ONLY turning of java script would prevent much of that. Unfortunately, that breaks at least part of many sites.Screen/Window size spoofing is pointless as there are many ways of finding out the actual window size. And colors are pretty much always 24bit anyway.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk