Delivery-Date: Tue, 29 Jul 2014 15:57:25 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3211D1E0D60
	for <archiver@seul.org>; Tue, 29 Jul 2014 15:57:23 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B4A7E2FE67;
	Tue, 29 Jul 2014 19:57:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8BCA92FCAF
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 19:54:17 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uIYr078k2MU3 for <tor-talk@lists.torproject.org>;
 Tue, 29 Jul 2014 19:54:17 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 697DC2FB5B
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 19:54:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=EV9P5xUQ14qaq+pAe4lvB+9CcrWtcdF9LEtTjwI9lvI=; 
 b=PyZuTgna16ZT3FNtUKAimba3MA3GSZViOe03xhe2EOdmj0fmy6dXBz5br6ja2YxtEafoLXJzn/MLA1470Xk+76Ogvh8bfmHoC1+/5OGsEL3aYb8WLtpoQWB2zxX/lt2wU87VHneLKlYDOUKRNl2uFW4OLXJmuIBs+ohNHLEZYv4=;
Received: from localhost ([127.0.0.1]:37662 helo=sescenties)
 by mail2.eff.org with esmtp (Exim 4.80)
 (envelope-from <schoen@eff.org>) id 1XCDTS-00082C-MN
 for tor-talk@lists.torproject.org; Tue, 29 Jul 2014 12:54:14 -0700
Date: Tue, 29 Jul 2014 12:54:14 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140729195414.GI2152@sescenties.(null)>
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7E802.8020700@gmx.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <53D7E802.8020700@gmx.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Joe Btfsplk writes:

> I'm no expert on fine details of this, but over a long time of
> checking TBB, Firefox, JonDo Fox, etc., on multiple test sites, it's
> always clear that far more info is available when JS is enabled.
> The EFF says ~ 33 bits of identifying info (ii) are needed to
> accurately identify the same browser / machine at multiple sites.

Strictly speaking, the 33 bits figure refers to identifying a _person_,
and comes from Arvind Narayanan, who calculated it by rounding down the
base 2 logarithm of the world's human population.  (If you can ask
33 perfectly independent and identically distributed yes-or-no questions
about a person, the set of answers to those questions will be completely
unique.)

There are probably fewer Internet-connected browser instances than
living people, so less information might suffice to distinguish them.

If you're using EFF's Panopticlick page, you should be aware of some
limitations about the measurements it gives you.  One is that it doesn't
measure all possible measurable attributes of a browser -- people doing
user tracking may have additional measurement techniques that aren't
included in Panopticlick.  Another is that the "bits" of information
that you get from measuring each attribute don't actually add linearly
(and there's no direct way of adding them without knowing more about
the population statistics and how the attributes interact).  So if you
get an estimate that your Foo browser feature contributes 6 bits of
identifiability and your Bar browser features contributes 5 bits, you
can't necessarily conclude that together they contribute 11 bits.
(Another limitation that Peter Eckersley, the developer of Panopticlick,
pointed out to me is that the sample of fingerprints in Panopticlick's
database isn't very current or very representative of a larger population
of user-agents that are getting used in 2014.)

You're definitely right that Javascript is an important part of many
browser fingerprinting techniques and that browser fingerprinting will
work much less well without it.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

