[tor-dev] [GSOC16] Fingerprint Central - Cookies and localStorage
pierre.laperdrix at irisa.fr
Fri Jun 24 16:34:02 UTC 2016
I know the next status report is not due until next week but I wanted to
Right now, due the very short lifespan of cookies in the Tor browser, I
Here is how it works:
fingerprint is sent. This means that in the same session, no new
fingerprint from the same user will be stored if he or she wants to see
his or her own fingerprint again. If the user generates a new identity,
he will be able to store a new fingerprint since no cookie will be present.
and I use localStorage to store data generated during the collection
process. When the user sees his complete fingerprint with the percentage
for each attribute, all the values are stored in localStorage. If the
user gets back to the FP page page, it won't have to contact the server
and the fingerprint will appear instantaneously by getting the stored
copy from localStorage.
The presence of data in localStorage prevents the user from sending his
fingerprint a second time.
The presence of the cookie acts as an expiration mechanism. If the
cookie is still present, I consider the data in localStorage to be valid
and the user cannot perform the collection process again. If the cookie
has expired, I remove data present in localStorage and allow the user to
execute the whole process again.
I don't know if my approach is a good one but I wanted to use what is
available to me in the browser to prevent too many fingerprints from
being stored and to lessen as much as possible the server load. If
gladly take them.
Now, what I'm not really sure is: what about users who want to play with
their browser and see the modifications done to their fingerprint? The
way the site is built now prevents that. There are no buttons to force
the collection process again. I see two alternatives here: add a "Force
fingerprinting" button even though the database could be polluted or add
a sort of "playground" webpage that is not connected to the database
where the user can rerun the test suite as many times as he wants.
Hopefully, if everything goes well on my end, I'll be able to launch a
beta version of the website next week. We could see from there if
everything is working well and if the limitations imposed on users are
not too important.
Have a great week-end,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the tor-dev