Hi!
Pierre Laperdrix:
Hi everyone,
Here is my second status report for my GSOC project. A little reminder that the repo is located on GitHub: https://github.com/plaperdr/fp-central
1 - I have progressed faster than I expected in the last two weeks. Here is everything that I have done:
- Storage of fingerprints in a MongoDB database
- Adding a small API to get statistics on stored variables
- Adding support of hashed variables for faster stats computation
- Adding collection of new attributes and support of HTTP headers
- Adding support of translation with the start of a French version
2 - I also started development of a page to tell if a user has an "acceptable" fingerprint or not (I haven't pushed the code to GitHub yet). So far, I'm verifying that the screen resolution is in the correct bounds (i.e. not fullscreen) and that there are no plugins in the browser. If anyone has any idea that I could implement to help users have a less recognizable fingerprint, I'll be happy to add it. I have also added steps to follow to help people better configure their browser.
3 - I have tried to add a webpage where I can detect the level of the security slider. This way, I could give recommendations to users to maybe try a higher security level or it would be a way to know the distribution of Tor users on that feature. However, it has proven to be much harder than anticipated.
- For "Medium-low", I verify that MathML is disabled.
- For "High", I verify that there are either no JavaScript or no SVG
elements.
I think testing SVG is the safe bet here. I guess there is (still) a bunch of users out there that is disabling JavaScript by default and enabling it only when needed without bothering with the security slider. In fact, if you could detect this then it might be a good thing for the "How to improve your fingerprint" feature.
- I have troubles to detect the "Medium-High" level. I tried detecting
the support of OpenType SVG fonts but it seems that I haven't found the right set of instructions to detect a difference. I'm using a font that I modified where I'm able to display a difference depending on the level of the security slider but I can't detect that difference through JavaScript. When SVG support is present, the displayed character is bigger than the HTML element but I can't detect that it is out of bounds. If anyone has any idea to detect the "Medium-high" level of the security slider, I'll be very happy about it.
Loading a script with http:// should fail doing so with https://, however, should work. This behavior is pretty distinctive for Medium-High and would be my first idea for detecting this mode.
Georg
My goal in the next two weeks is to finish both the "acceptable fingerprint" page and the "slider" page. I also want to start working on a complete statistics page (outside of the main fingerprinting page). Hopefully, in two weeks, I'll have a version that is more complete and from there, I'll start digging into more complicated features like dealing with returning users.
Have a great week-end, Pierre
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev