[tor-talk] panopticlick data

Joe Btfsplk joebtfsplk at gmx.com
Tue Oct 1 18:43:10 UTC 2013 

On 10/1/2013 12:06 PM, Nicolas Vigier wrote:
> On Tue, 01 Oct 2013, Joe Btfsplk wrote:
>
>> Not sure I understand the question in this context.  Without
>> cookies, I don't expect them to identify repeat visitors.  I read
>> their full paper on how they use the data collected
>> https://panopticlick.eff.org/browser-uniqueness.pdf
>>
>> Me visiting 2 - 4 more times, or even the other site visitors - *in
>> the same 2 - 4 min. span*, wouldn't (actually) affect the statistics
>> & lower their reported uniqueness estimate by factors of 2, 3 or
>> more.
>>
>> Repeating the test 4 times, almost immediately (clearing cache
>> between), out of an existing data base of millions of other site
>> visitors, wouldn't lower my uniqueness from 1 in 1.7 million, then
>> to 1 in 700,000, to 1 in 500,000.
> 1st visit: 3 444 000
> 2nd visit: 3 444 000 / 2 = 1 722 000
> 3rd visit: 3 444 000 / 3 = 1 148 000
> 4th visit: 3 444 000 / 4 = 861 000
> 5th visit: 3 444 000 / 5 = 688 800
> 6th visit: 3 444 000 / 6 = 574 000
> etc ...
>
Thanks.  I'm not a statistics major, so you may have to explain, but are 
you saying that the 1st time I visit w/ a given set of browser 
characteristics, and they've only seen 1:3,444,000 browsers w/ exactly 
the same traits, then on my 2nd visit, they've now seen 2 identical 
browsers in 3,444,001  = 1: 1,722,000.5?

All that seems to mean is, they've not seen many browsers like mine 
(poor distribution), IF... it started out as 1 in 3.44 mil, or anything 
close - as mine would be a VERY common setup.

All the individual characteristics tested were very common, per their 
results.  Most are < 1:10 & none > 1:100, except the screen size (which 
seems incorrect).  Seems unlikely my 1920 width monitor only has 1664 
"usable" browser pane width (what they show). When they show *1920* 
width for TBB, but the 2 browser panes are the same in width.  Only 
thing taking up horizontal space on either browser is the vertical 
scroll bar, which are pretty much identical.

*NOTE:*  The *"bits of identifying information"* for individual browser 
characteristics (useragent, cookies enabled, etc.) & uniqueness (1 in X 
have this) of the INDIVIDUAL characteristics do NOT change, as you run 
the test repeatedly.
Those values must be calculated from a set data base & don't seem to be 
affected by your current visit.

Assuming trackers had a large enough sample space to have a high 
confidence level, for fingerprinting purposes, would it matter if only 1 
in 10,953, or 1 in 10,953,000 browsers were like yours?  As long as they 
could identify A browser w/ the same uniqueness (EXACT same 
characteristics - entering & exiting).  Even w/o Flash or Java enabled & 
revealing system fonts, etc.

Only way I see that's not true is if 100's of users w/ EXACT same 
browser characteristics (right down to same screen characteristics), 
used the same entry / exit relays at the SAME time.  That's unlikely, 
unless TBB starts spoofing screen size, the same for everyone.

I believe in same TBB version (maybe the same in many versions) they 
spoof the useragent & time zone, but wouldn't differences in screen 
sizes & color bit ALONE, among a few users on one entry / exit 
combination, at a given moment be enough to fingerprint one user?

More information about the tor-talk mailing list