[tor-dev] Panopticlick summer project

Fri Apr 25 14:33:01 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/25/2014 02:12 PM, Nicolas Vigier wrote:
> On Mon, 21 Apr 2014, Gunes Acar wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On Mon 21 Apr 2014 02:21:35 PM CEST, Mike Perry wrote:
>>> Gunes Acar: Sorry everyone for the long pause.
>>>
>>> I wrote down a proposal (and some code) to address issues raised
>>> by Mike and George:
>>> https://securehomes.esat.kuleuven.be/~gacar/summer_2014.pdf
>>>
>>> Looking for your comments and critics...
>>>
>>>> This proposal looks like quite a good start. With respect to
>>>> automated testing, you should definitely discuss this with
>>>> Nicolas Vigier, who is our lead automation engineer. He has begun
>>>> writing TBB automation tests, and can help you integrate your
>>>> tests into that framework. You can see a few links to the
>>>> existing testing infrastructure at in the QA and testing section
>>>> of the TBB hacking doc:
>>>>
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#QAandTesting
>> Sure,
>> I already have some questions noted down for him.
>> But I must say the framework he set up is pretty easy to extend.
>> I could add and run my tests in minutes.
> Hello,
>
> I have been looking at your git repository with selenium tests:
> https://github.com/gunesacar/tbb-fp-tests
>
> And this looks like a very good start! If you think that's ready, I can
> merge your patch (fp_tests.patch) so we start running those tests on
> the next releases / nightly builds.
Hi Nicholas,
I think it won't hurt to merge and I'd be just glad.

>
> After reading your proposal about this new Panopticlick project,
> something I'm wondering is if it would be possible to split this tool
> in two differents parts:
>
>  - the part that generate a profile of the browser visiting the page(s)
>    using all known fingerprinting techniques, and save this profile in a
>    file (in json, yaml or any other format that is easy to read from an
>    other program)
>
>  - the part that takes this profile and adds it to a central database,
>    and compute a uniqueness score to display it to the user
>
> The reason I'm thinking about this is that it could allow us to share
> the first part between the panopticlick website and the test suite.
Yes, indeed this is exactly how I imagine it.
And that's why I was reluctant to submit the patchmentioned above, as it
doesn't follow this architecture.
But sure, it can be easily updated once I start working.
>
> I've been thinking about making the test suite start a local web server
> that would be used to host some pages to be used by tests, and this
> fingerprinting website could be one of thoses.
That'd be great. Maybe we can start with client side tests but in the
end we'd need to run server side (to check HTTP headers etc.)

>
> Does it sounds like something possible ?
Sure, indeed.

>
>
> Nicolas
>
>   
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTWnIcAAoJEPb7JcMmVt4gFFoIAMc+DXIJgXrzdFv1aMFGh1AK
NMi/CNqiTtk1L8C0LvMDwqtdXoU7Ip0iuysb9oO45j4MTkbMz3g7FUpuSGNxumnT
OLDQDTDFYYi22YqE0U9SHmMJBv5F3EGI/WeVo4xVjiQeEPtsM4S7O988hfUBzCm7
MO06m+U+Kava8eb3XPU8xutEV8pZLXBmMvGTSMlBiAXpKtQjPTJDdcs33E/R2qlh
Lz9aQZFaC+bTEPhsGZkLC+3/LqE9x3VtIecFV/TTTCYDnTq5BRSaNHCAwETTOpx0
tWjS0h3o22MJhWSvkXHAsw8NUocwLvp7zRfupYRdLjdsMVLyDMTWFPc/Q3ZS1tM=
=E+pu
-----END PGP SIGNATURE-----