[tor-talk] Spoofing a browser profile to prevent fingerprinting

Ryan Carboni ryacko at gmail.com
Wed Jul 30 01:24:00 UTC 2014


Pretty sure there's be more collisions in regard to those yes or not
questions than you think. Distribution of temperaments and opinions seem to
fit a bell curve. Thus the number of collisions would be quite high.


In terms of internet plug-ins, a person would customize their computer in
terms of how well they understand computers. Thus the low-end would have
malware and the high end would have unique plug-ins, programs, and fonts
that serve their interests.


Joe Btfsplk writes:
>
> > I'm no expert on fine details of this, but over a long time of
> > checking TBB, Firefox, JonDo Fox, etc., on multiple test sites, it's
> > always clear that far more info is available when JS is enabled.
> > The EFF says ~ 33 bits of identifying info (ii) are needed to
> > accurately identify the same browser / machine at multiple sites.
>
> Strictly speaking, the 33 bits figure refers to identifying a _person_,
> and comes from Arvind Narayanan, who calculated it by rounding down the
> base 2 logarithm of the world's human population.  (If you can ask
> 33 perfectly independent and identically distributed yes-or-no questions
> about a person, the set of answers to those questions will be completely
> unique.)
>
> There are probably fewer Internet-connected browser instances than
> living people, so less information might suffice to distinguish them.
>
> If you're using EFF's Panopticlick page, you should be aware of some
> limitations about the measurements it gives you.  One is that it doesn't
> measure all possible measurable attributes of a browser -- people doing
> user tracking may have additional measurement techniques that aren't
> included in Panopticlick.  Another is that the "bits" of information
> that you get from measuring each attribute don't actually add linearly
> (and there's no direct way of adding them without knowing more about
> the population statistics and how the attributes interact).  So if you
> get an estimate that your Foo browser feature contributes 6 bits of
> identifiability and your Bar browser features contributes 5 bits, you
> can't necessarily conclude that together they contribute 11 bits.
> (Another limitation that Peter Eckersley, the developer of Panopticlick,
> pointed out to me is that the sample of fingerprints in Panopticlick's
> database isn't very current or very representative of a larger population
> of user-agents that are getting used in 2014.)
>
> You're definitely right that Javascript is an important part of many
> browser fingerprinting techniques and that browser fingerprinting will
> work much less well without it.
>
> --
> Seth Schoen  <schoen at eff.org>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
>


More information about the tor-talk mailing list