[tor-commits] [webwml/master] Add 'Panopticlick' project idea
atagar at torproject.org
atagar at torproject.org
Sun Feb 28 07:24:11 UTC 2016
commit ec691dded4cff4c4c8bc5996821bfdab94b16976
Author: Damian Johnson <atagar at torproject.org>
Date: Sat Feb 27 23:27:16 2016 -0800
Add 'Panopticlick' project idea
https://trac.torproject.org/projects/tor/ticket/18328
---
getinvolved/en/volunteer.wml | 60 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 60 insertions(+)
diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml
index 02b9746..6c73977 100644
--- a/getinvolved/en/volunteer.wml
+++ b/getinvolved/en/volunteer.wml
@@ -437,6 +437,11 @@ meetings around the world.</li>
privacy and security issues in mainline version.
</p>
+ <p>
+ <b>Project Ideas:</b><br />
+ <i><a href="#panopticlick">Panopticlick</a></i><br />
+ </p>
+
<a id="project-httpseverywhere"></a>
<h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
@@ -1467,6 +1472,61 @@ href="https://github.com/arlolra/ctypes-otr/issues">one of the open key
verification issues</a> as part of the application process.
</p>
</li>
+
+ <a id="panopticlick"></a>
+ <li>
+ <b>Panopticlick</b>
+ <br>
+ Likely Mentors: <i>Georg (GeKo)</i>
+ <p>
+
+The <a href="https://panopticlick.eff.org">Panopticlick project by the EFF</a>
+revolutionized how people think about <a
+href="https://panopticlick.eff.org/browser-uniqueness.pdf">browser
+fingerprinting</a>, both by developing tests and metrics to measure browser
+fingerprintability, and by crowdsourcing the evaluation and contribution of
+individual browser features to overall fingerprintability.
+
+ </p>
+ <p>
+
+Unfortunately, the way Panopticlick is designed <a
+href="https://blog.torproject.org/blog/effs-panopticlick-and-torbutton">makes
+it difficult</a> to evaluate defenses to browser fingerprinting, especially
+for browsers with a relatively small userbase such as Tor Browser. This is
+because any approach we take to reduce fingerprinting automatically makes our
+users more distinct from the previous users who submitted their fingerprint
+data to the EFF. Indeed, it is also impossible to ever expect that users of
+one browser will ever be able to blend in with users of another browser
+(Chrome users will always be distinguishable from Firefox users for example,
+based on feature set alone).
+
+ </p>
+ <p>
+
+To address this, we would like to have <a
+href="https://trac.torproject.org/projects/tor/ticket/6119">our own
+fingerprint test suite</a> to evaluate the fingerprintability of each browser
+feature for users running a specific Tor Browser version. There are also <a
+href="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting">additional
+fingerprinting tests</a> we can add beyond those deployed by Panopticlick.
+ </p>
+ <p>
+
+For this project, the student would develop a website that users can
+voluntarily visit to test and record their Tor Browser fingerprint. The user
+should get feedback on how she performed and the test results should be
+available in a machine readable format (e.g. JSON), broken down by Tor Browser
+version. In a second step one could think about adding more sophisticated
+tests or supporting other browser vendors that might want to test the
+uniformity amongst their userbase as well. Of course, results from each
+browser would also need to be broken down by both browser implementation and
+version, so that results would only reflect the population of that specific
+implementation.
+
+ </p>
+ </li>
+
<!--
<a id=""></a>
<li>
More information about the tor-commits
mailing list