[tor-talk] Spoofing a browser profile to prevent fingerprinting

Joe Btfsplk joebtfsplk at gmx.com
Wed Jul 30 00:07:28 UTC 2014 

Thanks.  I won't reply to all your additional comments (too much to read 
at once).
If you don't mind, send me a screen / copy of your test results from 
Panopticlick (I guess that's where it was).
I've *never* gotten values as low as you show & they're able to read 
very little, if JS is disabled.
See my comments after your Panopticlick results.

On 7/29/2014 4:35 PM, Ben Bailess wrote:
> As a
> thought experiment: what is the *maximum* amount of personally identifiable
> information that can be exfiltrated from a user's browser without
> compromising his/her anonymity?
I think I know what you meant, but this can't be a "thought" experiment.
Even the TBB FAQ approaches this from a reporter's view - covering all 
sides of an argument, but not reaching any conclusion.
That's fine for blogs & newspapers - not for anonymity software.  Java 
script is the topic we just ignore, because much of the web is useless 
w/o it & fingerprinting is tremendously increased with it.
>
> With regard to 33 bits of entropy being the critical mass of positive
> identification, are the sources you're citing?
> https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy
> / http://www.law.yale.edu/documents/pdf/ISP/Lee_Tien.pdf
Those among others.  This isn't a completely new concept.
>
> Those studies appear to be talking about identifying individuals and less
> re. browser fingerprints.
Eventually, if everything goes right for trackers, profiling companies, 
NSA, etc., the 2 become 1.
>   Based on the (very) basic data below, my
> fingerprint in FF with JS enabled was "unique" out of the >4M browser
> samples thus far but "only" revealed 22 bits of entropy. This tells me that
> 33 bits of entropy is significantly more than what is necessary to
> positively identify a user.
It's been discussed that EFF (for instance) can be biased, because 
perhaps more Tor users & certainly those more privacy conscious visit 
Panopticlick, etc., than avg users.
Many may go repeatedly.
But, the data that test sites actually get / report from any one browser 
isn't biased.

Reporting, "your browser appears unique in X browsers," and "this is 
exactly what we can read" - are 2 different things.
The 1st one has some unknowns.

Ascertaining browser characteristics & reporting entropy isn't 
influenced by prior visitors.  Your 22 bits entropy is close to what I 
saw - if JS was disabled (TBB or Firefox).
With JS disabled, Firefox wasn't more fingerprintable than TBB (but 
theoretically should be).  That's a bit troubling in itself.
>
> ...opinion of the relative benefits of leaving
> JavaScript enabled by default and the "blend in" theory promulgated by the
> TP devs thus far.
Yes, but blended with what?  A group of users that all can be 
fingerprinted well enough to be identified?
I know what Tor devs say about leaving JS on - in one breath, then seem 
to contradict (or warn about) in the next.
I'm not bad mouthing Tor Project, but the JS issue is confusing (by 
their own admission).
They raise more concerns / issue more warnings about JS than they ever 
answer.

>   But here are some numbers that I just collected that
> perhaps could be of use to you. This test was done with the latest TBB
> (3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:
>
> FF (private browsing) / JS disabled = 16 bits (not "unique" - one in 65,487)
> FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M samples)
> FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
> 64,524)
> FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
> 2,193,824 [roughly 2 matching entries in the sample]... so the other data
> point may well have been me...)
> TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
> TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)
I've *never* seen values that low with JS enabled or disabled, in TBB.
It's not as though I've changed the userAgent or other TBB spoofed 
values, that would change what they read from me vs. other TBB users.

One thing:  they still show *1.75 bits* entropy on things they can't 
read, or are spoofed the same for all TBB users.
Are you adding up all items w/ 1.75 bits (or what ever)?  There are 6 
parameters in that category, alone.

*How do you get totals* of < 10 bits, when the "_can't read anything" 
items alone total > 10_ (when disable JS)?
That alone makes me wonder about your results (not saying wrong - just 
wonder).
There's never a value of "0 bits entropy," even when they can't read 
anything for that parameter.

Unless, things like my screen size make that much difference.  But, with 
JS disabled, they can't read most parameters at ALL.
My 1st (2) values in the report are 6.5, 5.0 (rounded a tiny bit).
All the rest are 1.75 bits - because "no java script," & they can't read 
anything.  Except for cookies (turned off) - which is just under 2.0.

With JS disabled, most things they report reading in my TTB installs are 
the exact values that design documents say are spoofed by TBB & Torbutton.
So I don't understand how your total entropy could be so much lower than 
mine.

More information about the tor-talk mailing list