[tor-dev] [GSOC16] Fingerprint Central - Status report n°2

Mon Jun 20 10:55:35 UTC 2016

Hi!

Pierre Laperdrix:
> Hi everyone,
> 
> Here is my second status report for my GSOC project.
> A little reminder that the repo is located on GitHub:
> https://github.com/plaperdr/fp-central
> 
> 1 - I have progressed faster than I expected in the last two weeks. Here
> is everything that I have done:
> - Storage of fingerprints in a MongoDB database
> - Adding a small API to get statistics on stored variables
> - Adding support of hashed variables for faster stats computation
> - Adding collection of new attributes and support of HTTP headers
> - Adding support of translation with the start of a French version
> 
> 2 - I also started development of a page to tell if a user has an
> "acceptable" fingerprint or not (I haven't pushed the code to GitHub
> yet). So far, I'm verifying that the screen resolution is in the correct
> bounds (i.e. not fullscreen) and that there are no plugins in the
> browser. If anyone has any idea that I could implement to help users
> have a less recognizable fingerprint, I'll be happy to add it. I have
> also added steps to follow to help people better configure their browser.
> 
> 3 - I have tried to add a webpage where I can detect the level of the
> security slider. This way, I could give recommendations to users to
> maybe try a higher security level or  it would be a way to know the
> distribution of Tor users on that feature. However, it has proven to be
> much harder than anticipated.
> * For "Medium-low", I verify that MathML is disabled.
> * For "High", I verify that there are either no JavaScript or no SVG
> elements.

I think testing SVG is the safe bet here. I guess there is (still) a
bunch of users out there that is disabling JavaScript by default and
enabling it only when needed without bothering with the security slider.
In fact, if you could detect this then it might be a good thing for the
"How to improve your fingerprint" feature.

> * I have troubles to detect the "Medium-High" level. I tried detecting
> the support of OpenType SVG fonts but it seems that I haven't found the
> right set of instructions to detect a difference. I'm using a font that
> I modified where I'm able to display a difference depending on the level
> of the security slider but I can't detect that difference through
> JavaScript. When SVG support is present, the displayed character is
> bigger than the HTML element but I can't detect that it is out of
> bounds. If anyone has any idea to detect the "Medium-high" level of the
> security slider, I'll be very happy about it.

Loading a script with http:// should fail doing so with https://,
however, should work. This behavior is pretty distinctive for
Medium-High and would be my first idea for detecting this mode.

Georg

> My goal in the next two weeks is to finish both the "acceptable
> fingerprint" page and the "slider" page. I also want to start working on
> a complete statistics page (outside of the main fingerprinting page).
> Hopefully, in two weeks, I'll have a version that is more complete and
> from there, I'll start digging into more complicated features like
> dealing with returning users.
> 
> Have a great week-end,
> Pierre
> 
> 
> 
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160620/8ad34a81/attachment.sig>