[tor-dev] [GSOC16] Fingerprint Central - Status report n°2

Pierre Laperdrix pierre.laperdrix at irisa.fr
Fri Jun 17 17:43:47 UTC 2016

Hi everyone,

Here is my second status report for my GSOC project.
A little reminder that the repo is located on GitHub:

1 - I have progressed faster than I expected in the last two weeks. Here
is everything that I have done:
- Storage of fingerprints in a MongoDB database
- Adding a small API to get statistics on stored variables
- Adding support of hashed variables for faster stats computation
- Adding collection of new attributes and support of HTTP headers
- Adding support of translation with the start of a French version

2 - I also started development of a page to tell if a user has an
"acceptable" fingerprint or not (I haven't pushed the code to GitHub
yet). So far, I'm verifying that the screen resolution is in the correct
bounds (i.e. not fullscreen) and that there are no plugins in the
browser. If anyone has any idea that I could implement to help users
have a less recognizable fingerprint, I'll be happy to add it. I have
also added steps to follow to help people better configure their browser.

3 - I have tried to add a webpage where I can detect the level of the
security slider. This way, I could give recommendations to users to
maybe try a higher security level or  it would be a way to know the
distribution of Tor users on that feature. However, it has proven to be
much harder than anticipated.
* For "Medium-low", I verify that MathML is disabled.
* For "High", I verify that there are either no JavaScript or no SVG
* I have troubles to detect the "Medium-High" level. I tried detecting
the support of OpenType SVG fonts but it seems that I haven't found the
right set of instructions to detect a difference. I'm using a font that
I modified where I'm able to display a difference depending on the level
of the security slider but I can't detect that difference through
JavaScript. When SVG support is present, the displayed character is
bigger than the HTML element but I can't detect that it is out of
bounds. If anyone has any idea to detect the "Medium-high" level of the
security slider, I'll be very happy about it.

My goal in the next two weeks is to finish both the "acceptable
fingerprint" page and the "slider" page. I also want to start working on
a complete statistics page (outside of the main fingerprinting page).
Hopefully, in two weeks, I'll have a version that is more complete and
from there, I'll start digging into more complicated features like
dealing with returning users.

Have a great week-end,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160617/15486b26/attachment.sig>

More information about the tor-dev mailing list