Thus spake Katya Titov (kattitov@yandex.com):
On Sat, 9 Jun 2012 22:20:31 -0700 Mike Perry mikeperry@torproject.org wrote in another thread:
Thus spake Katya Titov (kattitov@yandex.com):
- https://panopticlick.eff.org/ - one in 223,553, 17.77 bits of identifying information
Great test url, Katya. We have issues with how Panopticlick is run, though. It has inherent bias against any change from established norms, even if that change is in the direction of uniformity amongst a population.
I must admit that I'm not overly sure that the "1 in [x]" and "[x] bits of identifying information" are of use in an of themselves (e.g. my browser now "conveys at least 21.09 bits of identifying information" whereas it was only 17.77 just a few hours ago) but I thought I'd experiment with testing over time and see how the numbers change. I do like the table of browser characteristics. This could be useful to track over time, so maybe I should report the full table in future.
Yeah.. This stuff is all fungible and dependent upon a few factors. Maybe a bunch of people showed up from some other mention of the Panopticlick url and altered the distribution. It's really hard to say.
In particular, the largest sources of entropy in Panopticlick come from our solutions to fingerprinting issues. The largest source of bits (screen resolution) come from what is perhaps our most effective reduction in information available to the fingerprinter: https://trac.torproject.org/projects/tor/ticket/4810#comment:3
Hmmm ... could you report a standard desktop resolution? Maybe the standard resolution just higher than the current window size? Will this impact the browsing experience? I imagine that this is used by a website when it wants to open a pop up window ... what's the impact of opening what the site thinks is a full-size window with a smaller resolution than the actual desktop size?
These are all topics for #4810. I think all of them have already been mentioned there actually, unless I'm reading you wrong.
It's interesting to note that by far the largest screen resolution is "no javascript":
https://trac.torproject.org/projects/tor/attachment/ticket/4810/panopticlick...
That and similar data would be useful to track what they are seeing, and maybe feed into what TBB should be reporting.
Yeah, this "no javascript" data point is really a shortcoming of the panopticlick test, unfortunately.
You get the exact same data from CSS, plus quite a bit more: https://developer.mozilla.org/En/CSS/Media_queries
Perhaps we should ask EFF to provide us with the Panopticlick source code or so we can run a unique instance to evaluate TBB users only?
I've created this ticket for that: https://trac.torproject.org/projects/tor/ticket/6119
If you have any comments or suggestions wrt the above, please comment on the bugs or create a new tor-qa thread rather than reply here.
Happy to help test when/if you get a TBB instance up and running.
Actually, I think a useragent-based filter could go a long way to making the existing panopticlick data more useful:
https://trac.torproject.org/projects/tor/ticket/6119#comment:1