browser fingerprinting - panopticlick

7v5w7go9ub0o 7v5w7go9ub0o at gmail.com
Sat Jan 30 01:20:18 UTC 2010


Andrew Lewman wrote:
> On 01/29/2010 04:36 PM, Michael Holstein wrote:
>>> The main cause was the screen resolution.
> 
> https://blog.torproject.org/blog/effs-panopticlick-and-torbutton
> 
>> Running TOR and leaving javascript enabled sort of defeats the 
>> point, doesn't it?
> 
> Not really.  Most of the websites are useless without javascript 
> enabled.  Torbutton protects against known attacks via javascript 
> (yes there's something to be said about unknown attacks...).
> 

(Sigh)...Exactly right; and add flash to that prerequisite.

As we slowly transition to web 2.0, probably the next step is putting
the TOR browser in a VM full of bogus, randomized userid/sysid/network
information - carefully firewalled to allow TOR access only (TOR would
be running somewhere outside the browser VM).

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list