(sending this again as I accidentally removed Peter from CC)
On Mon, 21 Apr 2014, Gunes Acar wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon 21 Apr 2014 02:21:35 PM CEST, Mike Perry wrote:
Gunes Acar: Sorry everyone for the long pause.
I wrote down a proposal (and some code) to address issues raised by Mike and George: https://securehomes.esat.kuleuven.be/~gacar/summer_2014.pdf
Looking for your comments and critics...
This proposal looks like quite a good start. With respect to automated testing, you should definitely discuss this with Nicolas Vigier, who is our lead automation engineer. He has begun writing TBB automation tests, and can help you integrate your tests into that framework. You can see a few links to the existing testing infrastructure at in the QA and testing section of the TBB hacking doc: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#QAandTe...
Sure,
I already have some questions noted down for him. But I must say the framework he set up is pretty easy to extend. I could add and run my tests in minutes.
Hello,
I have been looking at your git repository with selenium tests: https://github.com/gunesacar/tbb-fp-tests
And this looks like a very good start! If you think that's ready, I can merge your patch (fp_tests.patch) so we start running those tests on the next releases / nightly builds.
After reading your proposal about this new Panopticlick project, something I'm wondering is if it would be possible to split this tool in two differents parts:
- the part that generate a profile of the browser visiting the page(s) using all known fingerprinting techniques, and save this profile in a file (in json, yaml or any other format that is easy to read from an other program)
- the part that takes this profile and adds it to a central database, and compute a uniqueness score to display it to the user
The reason I'm thinking about this is that it could allow us to share the first part between the panopticlick website and the test suite. I've been thinking about making the test suite start a local web server that would be used to host some pages to be used by tests, and this fingerprinting website could be one of thoses.
Does it sounds like something possible ?
Nicolas