[tor-qa] Panopticlick

Katya Titov kattitov at yandex.com
Sun Jun 10 07:42:17 UTC 2012 

On Sat, 9 Jun 2012 22:20:31 -0700
Mike Perry <mikeperry at torproject.org> wrote in another thread:

> Thus spake Katya Titov (kattitov at yandex.com):
> 
> >  - https://panopticlick.eff.org/ - one in 223,553, 17.77 bits of
> >                                    identifying information
> 
> Great test url, Katya. We have issues with how Panopticlick is run,
> though. It has inherent bias against any change from established
> norms, even if that change is in the direction of uniformity amongst a
> population.

I must admit that I'm not overly sure that the "1 in [x]" and "[x] bits
of identifying information" are of use in an of themselves (e.g. my
browser now "conveys at least 21.09 bits of identifying information"
whereas it was only 17.77 just a few hours ago) but I thought I'd
experiment with testing over time and see how the numbers change. I do
like the table of browser characteristics. This could be useful to
track over time, so maybe I should report the full table in future.

> In particular, the largest sources of entropy in Panopticlick come
> from our solutions to fingerprinting issues. The largest source of
> bits (screen resolution) come from what is perhaps our most effective
> reduction in information available to the fingerprinter:
> https://trac.torproject.org/projects/tor/ticket/4810#comment:3

Hmmm ... could you report a standard desktop resolution? Maybe the
standard resolution just higher than the current window size? Will this
impact the browsing experience? I imagine that this is used by a
website when it wants to open a pop up window ... what's the impact of
opening what the site thinks is a full-size window with a smaller
resolution than the actual desktop size?

It's interesting to note that by far the largest screen resolution is
"no javascript":

https://trac.torproject.org/projects/tor/attachment/ticket/4810/panopticlick-screen-resolution-detection.txt

That and similar data would be useful to track what they are seeing,
and maybe feed into what TBB should be reporting.

> Perhaps we should ask EFF to provide us with the Panopticlick source
> code or so we can run a unique instance to evaluate TBB users only?
> 
> I've created this ticket for that:
> https://trac.torproject.org/projects/tor/ticket/6119
> 
> If you have any comments or suggestions wrt the above, please comment
> on the bugs or create a new tor-qa thread rather than reply here.

Happy to help test when/if you get a TBB instance up and running.

-- 
kat

More information about the tor-qa mailing list