Delivery-Date: Thu, 31 Jul 2014 13:44:27 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 29F541E0BBA;
	Thu, 31 Jul 2014 13:44:26 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2AB7A30AAD;
	Thu, 31 Jul 2014 17:44:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1B0A930A9F
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 17:44:14 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uTd3L0U1vC-T for <tor-talk@lists.torproject.org>;
 Thu, 31 Jul 2014 17:44:14 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.200])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 00EF230A8F
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 17:44:13 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus001)
 with ESMTPSA (Nemesis) id 0MAPka-1XJ0G829Ck-00Bfac for
 <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 19:44:10 +0200
Message-ID: <53DA807E.7030000@gmx.com>
Date: Thu, 31 Jul 2014 12:44:30 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7E802.8020700@gmx.com>
 <CACf9JSXgFag6Ky3F+TmTqqsx2ScpJTggnU-FDz9yd4zAX=qM1Q@mail.gmail.com>
 <53D8FD47.6010702@gmx.com>
In-Reply-To: <53D8FD47.6010702@gmx.com>
X-Provags-ID: V03:K0:OpZRF8mbFvsVPF2HftAlRi9BjWrcWLG/iS+ozWxyQfehRYAwQ8p
 wQf9I1nuNzwMKMOPtzQx9w9Hul0sYi42hOUFEUja8d51DjIGyIwY5cDiRUy4WiuWvLzxnm5
 zhXkvvBeQzQPzpYr4CcOcxFNpfX8IKUl/08o9L5tFxCjgJo9FIUAyI/IMGArJPehh+mShPn
 czUZV9GCpGeynckEksrgw==
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Wow, I'm surprised no one has questioned this before or has a reasonable 
explanation.
Why Panopticlick's total estimated entropy, *reported in the sentence 
_above_ their results table,* is much less than the sum of individual 
parameters' entropies - shown in the table:

"_Currently, we estimate that your browser has a fingerprint that 
conveys *nn.nn bits* of identifying information_."

To arrive at a total *"bits of identifying information"*, do they ignore 
characteristics with entopies < certain values?
Because, in a typical test - w/ JS ENabled, the sentence may show total 
entropy of *13.xx bits.*
In the same test,  the sum of entropies from their included table may be 
*34.xx* bits identifying information.

Why is there such a huge difference?  To arrive at their "total," what 
do they ignore - and WHY?
Or, do they take the results in the table & apply additional 
algorithms?  If so, do they detail that?
Thanks.

On 7/30/2014 9:12 AM, Joe Btfsplk wrote:
> On 7/29/2014 4:35 PM, Ben Bailess wrote:
>> But here are some numbers that I just collected that
>> perhaps could be of use to you. This test was done with the latest TBB
>> (3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:
>>
>> FF (private browsing) / JS disabled = 16 bits (not "unique" - one in 65,487)
>> FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M samples)
>> FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
>> 64,524)
>> FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
>> 2,193,824 [roughly 2 matching entries in the sample]... so the other data
>> point may well have been me...)
>> TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
>> TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)
>>
> Thanks to all for your input.
> OK, I slept & revisited Panopticlick fingerprinting results
> https://panopticlick.eff.org.  Silly me - I was looking at the values
> listed for each parameter, then assessing the total entropy for all
> parameters shown.
> Yes, if I look at the value they report *in a sentence* above the
> results table, that total is far < than the sum of "bits of identifying
> information" for all browser characteristics measured, as shown in their
> results table.
>
> For those that haven't looked at the site (or anything similar), the
> total entropy that Panopticlick arrives at is far < than the sum of
> individual values.
> ("The total is less than the sum of its parts" ??)
> Like when it says,
> "_Currently, we estimate that your browser has a fingerprint that
> conveys *13.72 bits* of identifying information_*,*" but the sum of all
> parameters in that same test is *far* > than 13.72 bits.
>
> Maybe someone more familiar w/ their algorithm to arrive at the grand
> total "*bits of identifying information," *(that they state in a
> sentence, above the results table) can explain why their stated total
> entropy for the browser tested is *so much lower* than the total of all
> parameters shown in the table of test results.
>
> I read their paper, https://panopticlick.eff.org/browser-uniqueness.pdf,
> but missed any explanation of why that is so.
> I have an idea why that may be true, but no (generic) mathematical
> explanation.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

