Delivery-Date: Tue, 29 Jul 2014 20:12:36 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 03F951E068C
	for <archiver@seul.org>; Tue, 29 Jul 2014 20:12:34 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id EF9823078A;
	Wed, 30 Jul 2014 00:12:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6B4673042E
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 00:08:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0FP5zopTr5Pb for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 00:08:00 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.201])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 42A0D2FF9A
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 00:08:00 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus002)
 with ESMTPSA (Nemesis) id 0MePHd-1Wq3iE1XKB-00QF40 for
 <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 02:07:57 +0200
Message-ID: <53D83740.7050901@gmx.com>
Date: Tue, 29 Jul 2014 19:07:28 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7E802.8020700@gmx.com>
 <CACf9JSXgFag6Ky3F+TmTqqsx2ScpJTggnU-FDz9yd4zAX=qM1Q@mail.gmail.com>
In-Reply-To: <CACf9JSXgFag6Ky3F+TmTqqsx2ScpJTggnU-FDz9yd4zAX=qM1Q@mail.gmail.com>
X-Provags-ID: V03:K0:lgBbgaxLSiMYReY6owc5NENGTMpHX7wlXBQin/vsd102/1M4BHk
 Kaxxb46Cwoe6uVgz3GfGTd7aRbx+DAUnsl06iiyAxl3T9GxsEbCXD4P3QN6UGolDzi/Vd5+
 fyxnMY7YvnEgQpYjDfHdgHROg2pzD1oaetKNhH1lZDEIGnARAF3nbB/EV8b9LI70FmhHA7i
 biHzf4o8Mc9Tja4O9JK+w==
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Thanks.  I won't reply to all your additional comments (too much to read 
at once).
If you don't mind, send me a screen / copy of your test results from 
Panopticlick (I guess that's where it was).
I've *never* gotten values as low as you show & they're able to read 
very little, if JS is disabled.
See my comments after your Panopticlick results.

On 7/29/2014 4:35 PM, Ben Bailess wrote:
> As a
> thought experiment: what is the *maximum* amount of personally identifiable
> information that can be exfiltrated from a user's browser without
> compromising his/her anonymity?
I think I know what you meant, but this can't be a "thought" experiment.
Even the TBB FAQ approaches this from a reporter's view - covering all 
sides of an argument, but not reaching any conclusion.
That's fine for blogs & newspapers - not for anonymity software.  Java 
script is the topic we just ignore, because much of the web is useless 
w/o it & fingerprinting is tremendously increased with it.
>
> With regard to 33 bits of entropy being the critical mass of positive
> identification, are the sources you're citing?
> https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy
> / http://www.law.yale.edu/documents/pdf/ISP/Lee_Tien.pdf
Those among others.  This isn't a completely new concept.
>
> Those studies appear to be talking about identifying individuals and less
> re. browser fingerprints.
Eventually, if everything goes right for trackers, profiling companies, 
NSA, etc., the 2 become 1.
>   Based on the (very) basic data below, my
> fingerprint in FF with JS enabled was "unique" out of the >4M browser
> samples thus far but "only" revealed 22 bits of entropy. This tells me that
> 33 bits of entropy is significantly more than what is necessary to
> positively identify a user.
It's been discussed that EFF (for instance) can be biased, because 
perhaps more Tor users & certainly those more privacy conscious visit 
Panopticlick, etc., than avg users.
Many may go repeatedly.
But, the data that test sites actually get / report from any one browser 
isn't biased.

Reporting, "your browser appears unique in X browsers," and "this is 
exactly what we can read" - are 2 different things.
The 1st one has some unknowns.

Ascertaining browser characteristics & reporting entropy isn't 
influenced by prior visitors.  Your 22 bits entropy is close to what I 
saw - if JS was disabled (TBB or Firefox).
With JS disabled, Firefox wasn't more fingerprintable than TBB (but 
theoretically should be).  That's a bit troubling in itself.
>
> ...opinion of the relative benefits of leaving
> JavaScript enabled by default and the "blend in" theory promulgated by the
> TP devs thus far.
Yes, but blended with what?  A group of users that all can be 
fingerprinted well enough to be identified?
I know what Tor devs say about leaving JS on - in one breath, then seem 
to contradict (or warn about) in the next.
I'm not bad mouthing Tor Project, but the JS issue is confusing (by 
their own admission).
They raise more concerns / issue more warnings about JS than they ever 
answer.

>   But here are some numbers that I just collected that
> perhaps could be of use to you. This test was done with the latest TBB
> (3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:
>
> FF (private browsing) / JS disabled = 16 bits (not "unique" - one in 65,487)
> FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M samples)
> FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
> 64,524)
> FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
> 2,193,824 [roughly 2 matching entries in the sample]... so the other data
> point may well have been me...)
> TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
> TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)
I've *never* seen values that low with JS enabled or disabled, in TBB.
It's not as though I've changed the userAgent or other TBB spoofed 
values, that would change what they read from me vs. other TBB users.

One thing:  they still show *1.75 bits* entropy on things they can't 
read, or are spoofed the same for all TBB users.
Are you adding up all items w/ 1.75 bits (or what ever)?  There are 6 
parameters in that category, alone.

*How do you get totals* of < 10 bits, when the "_can't read anything" 
items alone total > 10_ (when disable JS)?
That alone makes me wonder about your results (not saying wrong - just 
wonder).
There's never a value of "0 bits entropy," even when they can't read 
anything for that parameter.

Unless, things like my screen size make that much difference.  But, with 
JS disabled, they can't read most parameters at ALL.
My 1st (2) values in the report are 6.5, 5.0 (rounded a tiny bit).
All the rest are 1.75 bits - because "no java script," & they can't read 
anything.  Except for cookies (turned off) - which is just under 2.0.

With JS disabled, most things they report reading in my TTB installs are 
the exact values that design documents say are spoofed by TBB & Torbutton.
So I don't understand how your total entropy could be so much lower than 
mine.


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

