Thus spake Katya Titov (kattitov@yandex.com):
Actually, I think a useragent-based filter could go a long way to making the existing panopticlick data more useful: https://trac.torproject.org/projects/tor/ticket/6119#comment:1
Certainly would. I like the idea of TBB defaulting to whatever is the most common user agent, but also allowing users to choose from a list of other common user agent strings. Assuming you've got access to the Panopticlick database then I imagine that the common strings could be pulled out automatically at build time and populated within TBB.
From a purely information-theoretic sense, individual choice is extremely bad for anonymity (more choices -> more entropy -> more identifying bits). Sorry all you DIY anarcho cypherpunks. You either need to make your voices heard so we can hit consensus on this, or surrender to the Identified Internet. Them's the breaks.
From a practical perspective, there is no hiding the fact that you're a Tor Browser user. Even if you could hide the fact that you're a Tor user by some dark magic, any solutions we take to solve these problems will automatically make you stand out from "normal" anyhow.
Here's a real world analogy: Right now, browser privacy can give you a mask. You won't look a damn thing like normal, but if we can get these damn masks to look enough like each other, and enough people use the masks, that's better than status quo.
So the only remaining choice we have is to make every one of our user's mask try to look the same. This also means that as we iterate, previous masks won't look like the newer, more uniform masks. In an ideal world, this means everyone needs to upgrade at once, and be re-measured somehow to verify the improvement. We've obviously got a few more steps to get to that point.
Later, when technology advances, we can think about making shape-shifting masks that look like the other mask of your choice. But holy face dancers, batman, that will be tricky.
So yeah, we need useragent-specific Panopticlick results, as well as the ability to add our own tests to Panopticlick. Perhaps if we get EFF to publish the Panopticlick source, this will happen organically? Maybe it already is published, and I missed it. I've Bcc'd Peter on most of these emails, just in case. Peter, you probably can't reply to this list directly without someone approving your mails.