Delivery-Date: Tue, 29 Jul 2014 21:27:21 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 1A2531E0A6B
	for <archiver@seul.org>; Tue, 29 Jul 2014 21:27:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0B7103028E;
	Wed, 30 Jul 2014 01:27:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B2DD030757
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 01:24:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id lc9-AMIyVeLe for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 01:24:46 +0000 (UTC)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com
 [IPv6:2a00:1450:400c:c05::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4E0853027B
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 01:24:43 +0000 (UTC)
Received: by mail-wi0-f180.google.com with SMTP id n3so1461959wiv.1
 for <tor-talk@lists.torproject.org>; Tue, 29 Jul 2014 18:24:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to:content-type;
 bh=kNkT6MefFgayGdBy31nvuQ4Z0QM9nLH4WQKZvht5D0M=;
 b=pW0V2Yr0krHkNoVmm30pbWCsiLoCCE76HD+v2N2vTY4qGCeFqOiz/bycrpb2l6Zwa4
 PyuzIv2S1tBDyJ/mVFIePU5S4+v5ucwKa2lij+hQ/aLdXUg3MqYelyn8+j2FX/9ciUBP
 /fmcoep8UjluceHGpPDP2pAvQePdapaqqhBYRhfB4jrgckk/BlEbC1Az5JIvuVK0VgoM
 cPqRwg6g1d4T89ayC1ZkEj2zDPeYQt2wBzovFuN+oWNLkRVtxss+MWFJl8D3b6jx3ULT
 rZ19WTJDSR5rprfrCA7ZNrOsZQ5nNOPJXjOATZ8gJRDl+mDRqtWlhbhgTmTzfg4ieSDp
 eTIw==
X-Received: by 10.180.8.10 with SMTP id n10mr2058632wia.41.1406683480376; Tue,
 29 Jul 2014 18:24:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.185.240 with HTTP; Tue, 29 Jul 2014 18:24:00 -0700 (PDT)
From: Ryan Carboni <ryacko@gmail.com>
Date: Tue, 29 Jul 2014 18:24:00 -0700
Message-ID: <CAO7N=i0suNC9xvarZ7ocAoSwgGfiLJMJaaPDTtC37NGpBUJwCw@mail.gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Pretty sure there's be more collisions in regard to those yes or not
questions than you think. Distribution of temperaments and opinions seem to
fit a bell curve. Thus the number of collisions would be quite high.


In terms of internet plug-ins, a person would customize their computer in
terms of how well they understand computers. Thus the low-end would have
malware and the high end would have unique plug-ins, programs, and fonts
that serve their interests.


Joe Btfsplk writes:
>
> > I'm no expert on fine details of this, but over a long time of
> > checking TBB, Firefox, JonDo Fox, etc., on multiple test sites, it's
> > always clear that far more info is available when JS is enabled.
> > The EFF says ~ 33 bits of identifying info (ii) are needed to
> > accurately identify the same browser / machine at multiple sites.
>
> Strictly speaking, the 33 bits figure refers to identifying a _person_,
> and comes from Arvind Narayanan, who calculated it by rounding down the
> base 2 logarithm of the world's human population.  (If you can ask
> 33 perfectly independent and identically distributed yes-or-no questions
> about a person, the set of answers to those questions will be completely
> unique.)
>
> There are probably fewer Internet-connected browser instances than
> living people, so less information might suffice to distinguish them.
>
> If you're using EFF's Panopticlick page, you should be aware of some
> limitations about the measurements it gives you.  One is that it doesn't
> measure all possible measurable attributes of a browser -- people doing
> user tracking may have additional measurement techniques that aren't
> included in Panopticlick.  Another is that the "bits" of information
> that you get from measuring each attribute don't actually add linearly
> (and there's no direct way of adding them without knowing more about
> the population statistics and how the attributes interact).  So if you
> get an estimate that your Foo browser feature contributes 6 bits of
> identifiability and your Bar browser features contributes 5 bits, you
> can't necessarily conclude that together they contribute 11 bits.
> (Another limitation that Peter Eckersley, the developer of Panopticlick,
> pointed out to me is that the sample of fingerprints in Panopticlick's
> database isn't very current or very representative of a larger population
> of user-agents that are getting used in 2014.)
>
> You're definitely right that Javascript is an important part of many
> browser fingerprinting techniques and that browser fingerprinting will
> work much less well without it.
>
> --
> Seth Schoen  <schoen@eff.org>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

