[tor-commits] [webwml/staging] Add 'Panopticlick' project idea

arma at torproject.org arma at torproject.org
Wed Mar 9 19:23:16 UTC 2016


commit ec691dded4cff4c4c8bc5996821bfdab94b16976
Author: Damian Johnson <atagar at torproject.org>
Date:   Sat Feb 27 23:27:16 2016 -0800

    Add 'Panopticlick' project idea
    
    https://trac.torproject.org/projects/tor/ticket/18328
---
 getinvolved/en/volunteer.wml | 60 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml
index 02b9746..6c73977 100644
--- a/getinvolved/en/volunteer.wml
+++ b/getinvolved/en/volunteer.wml
@@ -437,6 +437,11 @@ meetings around the world.</li>
     privacy and security issues in mainline version.
     </p>
 
+    <p>
+    <b>Project Ideas:</b><br />
+    <i><a href="#panopticlick">Panopticlick</a></i><br />
+    </p>
+
     <a id="project-httpseverywhere"></a>
     <h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
     href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
@@ -1467,6 +1472,61 @@ href="https://github.com/arlolra/ctypes-otr/issues">one of the open key
 verification issues</a> as part of the application process.
     </p>
     </li>
+
+    <a id="panopticlick"></a>
+    <li>
+    <b>Panopticlick</b>
+    <br>
+    Likely Mentors: <i>Georg (GeKo)</i>
+    <p>
+
+The <a href="https://panopticlick.eff.org">Panopticlick project by the EFF</a>
+revolutionized how people think about <a
+href="https://panopticlick.eff.org/browser-uniqueness.pdf">browser
+fingerprinting</a>, both by developing tests and metrics to measure browser
+fingerprintability, and by crowdsourcing the evaluation and contribution of
+individual browser features to overall fingerprintability.
+
+    </p>
+    <p>
+
+Unfortunately, the way Panopticlick is designed <a
+href="https://blog.torproject.org/blog/effs-panopticlick-and-torbutton">makes
+it difficult</a> to evaluate defenses to browser fingerprinting, especially
+for browsers with a relatively small userbase such as Tor Browser. This is
+because any approach we take to reduce fingerprinting automatically makes our
+users more distinct from the previous users who submitted their fingerprint
+data to the EFF. Indeed, it is also impossible to ever expect that users of
+one browser will ever be able to blend in with users of another browser
+(Chrome users will always be distinguishable from Firefox users for example,
+based on feature set alone).
+
+   </p>
+   <p>
+
+To address this, we would like to have <a
+href="https://trac.torproject.org/projects/tor/ticket/6119">our own
+fingerprint test suite</a> to evaluate the fingerprintability of each browser
+feature for users running a specific Tor Browser version. There are also <a
+href="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting">additional
+fingerprinting tests</a> we can add beyond those deployed by Panopticlick.
+   </p>
+   <p>
+
+For this project, the student would develop a website that users can
+voluntarily visit to test and record their Tor Browser fingerprint.  The user
+should get feedback on how she performed and the test results should be
+available in a machine readable format (e.g. JSON), broken down by Tor Browser
+version.  In a second step one could think about adding more sophisticated
+tests or supporting other browser vendors that might want to test the
+uniformity amongst their userbase as well. Of course, results from each
+browser would also need to be broken down by both browser implementation and
+version, so that results would only reflect the population of that specific
+implementation.
+
+    </p>
+    </li>
+
 <!--
     <a id=""></a>
     <li>





More information about the tor-commits mailing list