[tor-dev] [GSoC16] A website to improve Tor fingerprinting defenses
Pierre Laperdrix
pierre.laperdrix at irisa.fr
Sun Apr 24 12:07:33 UTC 2016
That's a very good question! The website is first and foremost aimed to
improve the Tor browser (even though it will open its doors to every
browsers after that). This means that, at first, we would only collect
fingerprints coming from Tor browsers and not from users redirecting
their network traffic through Tor. I plan on having statistics for
different versions of the Tor browser so that we can follow evolution or
potential regressions.
Then, from the developers side, the website will be built in a way that
tests can be added and removed really easily. Contrary to Panotpiclick
or AmIUnique where the set of collected attributes is fixed, I'll try to
make it as easy as possible to add a test to the website with a link to
a ticket in the Tor bug tracker and a way to collect statistics for this
specific test. I want to emphasize on that point because common
attributes like the user-agent or the size of the screen that are
collected in browser fingerprints are already covered by the Tor
browser. However, when a new fingerprinting technique is discovered or
when a new browser API is launched, it is really hard to get an insight
into how much identifiable information is in there without running a
test and getting concrete data.
Finally, from the user side, I want to give the tools to users to
understand what each collected attribute is and what to do in case his
or her browser fingerprint is far from an acceptable one.
In the end, the main mechanisms are very similar to Panopticlick
(collection and statistics) but the set of added features aimed
primarily at the Tor browser and the Tor community is what will set this
website apart from others.
I hope my explanations are clear enough. If you have additional
questions, I'll be happy to answer them.
Pierre
On 04/24/2016 01:01 PM, Virgil Griffith wrote:
> It's unclear to me how this would be different than standard
> panopticlick with >50% of the users using TBB. But those not using TBB
> with had browser statistics like the rest of the web (for example, all
> of the tor2web traffic).
>
> -V
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160424/aedda34b/attachment.sig>
More information about the tor-dev
mailing list