[tor-talk] Spoofing a browser profile to prevent fingerprinting
gk at torproject.org
Wed Jul 30 06:44:40 UTC 2014
> With scripts allowed globally, Panopticlick sees another 2-3 bits. I
> suspect that much of the additional information is also the same for all
> Tor browsers, given what I've read about Tor-specific tweaks. If that's
> the case, this isn't a major issue.
That's not necessarily the case. But anyway, the current Panopticlick is
not a good way to test for Tor Browser uniqueness (and see below).
> What is a major issue is the risk of being exploited through a
Note that we disable a bunch of JIT related preferences to mitigate that
risk and are investing efforts in getting hardened builds deployed.
> The risk from doing that, of course, is that each user will tend to
> customize their NoScript profile in a distinct way. And that will allow
> websites to tell them apart.
> Even so, Panopticlick can't report anything about that. For that, one
> would need a version of Panopticlick that's restricted to assessing and
> comparing Tor browser profiles. Right?
Yes. There are plans for one which is helpful in this regard.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the tor-talk