Delivery-Date: Thu, 31 Jul 2014 14:01:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 81C811E0BAF;
	Thu, 31 Jul 2014 14:01:54 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0203E30ABE;
	Thu, 31 Jul 2014 18:01:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B372A30AB8
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 18:01:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uYMuxv_gmYNh for <tor-talk@lists.torproject.org>;
 Thu, 31 Jul 2014 18:01:47 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 765C530A85
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 18:01:47 +0000 (UTC)
Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 7FA0358BBC
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 11:01:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riseup.net; s=squak;
 t=1406829704; bh=7Pa0zcGhwt3HF+NySdd5U3M1/sv+9NjlSYJdgBszztY=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=pq+fbM1KqZvVXJRuFTByWtEx1TWWCnn9BvDuKriZW5UpkhrScmaBnoLxJU2a8K38h
 XXLL0rpD8ficri/xKZd2ojZwZ+VFxvJ0Z9YtC7KNCY/96eMJB3G28v80EazpWv33iA
 xsM59/wqPRLiVK2sfok8zUvPdivEryHvdkyhs6x0=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir@fulvetta.riseup.net)
 with ESMTPSA id 9FA6310F
Message-ID: <53DA8480.7090007@riseup.net>
Date: Thu, 31 Jul 2014 12:01:36 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D3F004.6070209@yandex.ru> <53D412F9.4030107@googlemail.com>
 <53D6B3F0.8030706@yandex.ru> <53D6E666.9070108@gmx.com>
 <CACf9JSVq5GT+GEysOs0oGBBUy52Nq3XpWsL4j4FD0EAk9RDuPw@mail.gmail.com>
 <53D7E802.8020700@gmx.com>
 <CACf9JSXgFag6Ky3F+TmTqqsx2ScpJTggnU-FDz9yd4zAX=qM1Q@mail.gmail.com>
 <53D8FD47.6010702@gmx.com> <53DA807E.7030000@gmx.com>
In-Reply-To: <53DA807E.7030000@gmx.com>
X-Enigmail-Version: 1.6
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Spoofing a browser profile to prevent fingerprinting
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 07/31/2014 11:44 AM, Joe Btfsplk wrote:
> Wow, I'm surprised no one has questioned this before or has a reasonable
> explanation.
> Why Panopticlick's total estimated entropy, *reported in the sentence
> _above_ their results table,* is much less than the sum of individual
> parameters' entropies - shown in the table:
> 
> "_Currently, we estimate that your browser has a fingerprint that
> conveys *nn.nn bits* of identifying information_."
> 
> To arrive at a total *"bits of identifying information"*, do they ignore
> characteristics with entopies < certain values?
> Because, in a typical test - w/ JS ENabled, the sentence may show total
> entropy of *13.xx bits.*
> In the same test,  the sum of entropies from their included table may be
> *34.xx* bits identifying information.
> 
> Why is there such a huge difference?  To arrive at their "total," what
> do they ignore - and WHY?
> Or, do they take the results in the table & apply additional
> algorithms?  If so, do they detail that?
> Thanks.

I gather that entropy isn't always additive. I'd need to learn a lot
before saying much more about that. There's probably something useful in
https://panopticlick.eff.org/browser-uniqueness.pdf.

Having Javascript blocked is itself information, but I don't think that
Panopticlick is including that in the result.

> On 7/30/2014 9:12 AM, Joe Btfsplk wrote:
>> On 7/29/2014 4:35 PM, Ben Bailess wrote:
>>> But here are some numbers that I just collected that
>>> perhaps could be of use to you. This test was done with the latest TBB
>>> (3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:
>>>
>>> FF (private browsing) / JS disabled = 16 bits (not "unique" - one in
>>> 65,487)
>>> FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M
>>> samples)
>>> FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
>>> 64,524)
>>> FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
>>> 2,193,824 [roughly 2 matching entries in the sample]... so the other
>>> data
>>> point may well have been me...)
>>> TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
>>> TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)
>>>
>> Thanks to all for your input.
>> OK, I slept & revisited Panopticlick fingerprinting results
>> https://panopticlick.eff.org.  Silly me - I was looking at the values
>> listed for each parameter, then assessing the total entropy for all
>> parameters shown.
>> Yes, if I look at the value they report *in a sentence* above the
>> results table, that total is far < than the sum of "bits of identifying
>> information" for all browser characteristics measured, as shown in their
>> results table.
>>
>> For those that haven't looked at the site (or anything similar), the
>> total entropy that Panopticlick arrives at is far < than the sum of
>> individual values.
>> ("The total is less than the sum of its parts" ??)
>> Like when it says,
>> "_Currently, we estimate that your browser has a fingerprint that
>> conveys *13.72 bits* of identifying information_*,*" but the sum of all
>> parameters in that same test is *far* > than 13.72 bits.
>>
>> Maybe someone more familiar w/ their algorithm to arrive at the grand
>> total "*bits of identifying information," *(that they state in a
>> sentence, above the results table) can explain why their stated total
>> entropy for the browser tested is *so much lower* than the total of all
>> parameters shown in the table of test results.
>>
>> I read their paper, https://panopticlick.eff.org/browser-uniqueness.pdf,
>> but missed any explanation of why that is so.
>> I have an idea why that may be true, but no (generic) mathematical
>> explanation.
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

