[tor-dev] Panopticlick summer project

Nicolas Vigier boklm at mars-attacks.org
Fri Apr 25 12:20:37 UTC 2014

(sending this again as I accidentally removed Peter from CC)

On Mon, 21 Apr 2014, Gunes Acar wrote:

> Hash: SHA1
> On Mon 21 Apr 2014 02:21:35 PM CEST, Mike Perry wrote:
> > Gunes Acar: Sorry everyone for the long pause.
> > 
> > I wrote down a proposal (and some code) to address issues raised
> > by Mike and George: 
> > https://securehomes.esat.kuleuven.be/~gacar/summer_2014.pdf
> > 
> > Looking for your comments and critics...
> > 
> >> This proposal looks like quite a good start. With respect to
> >> automated testing, you should definitely discuss this with
> >> Nicolas Vigier, who is our lead automation engineer. He has begun
> >> writing TBB automation tests, and can help you integrate your
> >> tests into that framework. You can see a few links to the
> >> existing testing infrastructure at in the QA and testing section
> >> of the TBB hacking doc: 
> >> https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#QAandTesting
> Sure,
> >> 
> I already have some questions noted down for him.
> But I must say the framework he set up is pretty easy to extend.
> I could add and run my tests in minutes.


I have been looking at your git repository with selenium tests:

And this looks like a very good start! If you think that's ready, I can
merge your patch (fp_tests.patch) so we start running those tests on
the next releases / nightly builds.

After reading your proposal about this new Panopticlick project,
something I'm wondering is if it would be possible to split this tool
in two differents parts:

 - the part that generate a profile of the browser visiting the page(s)
   using all known fingerprinting techniques, and save this profile in a
   file (in json, yaml or any other format that is easy to read from an
   other program)

 - the part that takes this profile and adds it to a central database,
   and compute a uniqueness score to display it to the user

The reason I'm thinking about this is that it could allow us to share
the first part between the panopticlick website and the test suite.
I've been thinking about making the test suite start a local web server
that would be used to host some pages to be used by tests, and this
fingerprinting website could be one of thoses.

Does it sounds like something possible ?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140425/7ae34ce4/attachment.sig>

More information about the tor-dev mailing list