[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting



Wow, I'm surprised no one has questioned this before or has a reasonable explanation. Why Panopticlick's total estimated entropy, *reported in the sentence _above_ their results table,* is much less than the sum of individual parameters' entropies - shown in the table:

"_Currently, we estimate that your browser has a fingerprint that conveys *nn.nn bits* of identifying information_."

To arrive at a total *"bits of identifying information"*, do they ignore characteristics with entopies < certain values? Because, in a typical test - w/ JS ENabled, the sentence may show total entropy of *13.xx bits.* In the same test, the sum of entropies from their included table may be *34.xx* bits identifying information.

Why is there such a huge difference? To arrive at their "total," what do they ignore - and WHY? Or, do they take the results in the table & apply additional algorithms? If so, do they detail that?
Thanks.

On 7/30/2014 9:12 AM, Joe Btfsplk wrote:
On 7/29/2014 4:35 PM, Ben Bailess wrote:
But here are some numbers that I just collected that
perhaps could be of use to you. This test was done with the latest TBB
(3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:

FF (private browsing) / JS disabled = 16 bits (not "unique" - one in 65,487)
FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M samples)
FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
64,524)
FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
2,193,824 [roughly 2 matching entries in the sample]... so the other data
point may well have been me...)
TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)

Thanks to all for your input.
OK, I slept & revisited Panopticlick fingerprinting results
https://panopticlick.eff.org.  Silly me - I was looking at the values
listed for each parameter, then assessing the total entropy for all
parameters shown.
Yes, if I look at the value they report *in a sentence* above the
results table, that total is far < than the sum of "bits of identifying
information" for all browser characteristics measured, as shown in their
results table.

For those that haven't looked at the site (or anything similar), the
total entropy that Panopticlick arrives at is far < than the sum of
individual values.
("The total is less than the sum of its parts" ??)
Like when it says,
"_Currently, we estimate that your browser has a fingerprint that
conveys *13.72 bits* of identifying information_*,*" but the sum of all
parameters in that same test is *far* > than 13.72 bits.

Maybe someone more familiar w/ their algorithm to arrive at the grand
total "*bits of identifying information," *(that they state in a
sentence, above the results table) can explain why their stated total
entropy for the browser tested is *so much lower* than the total of all
parameters shown in the table of test results.

I read their paper, https://panopticlick.eff.org/browser-uniqueness.pdf,
but missed any explanation of why that is so.
I have an idea why that may be true, but no (generic) mathematical
explanation.

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk