[tor-talk] Spoofing a browser profile to prevent fingerprinting

Joe Btfsplk joebtfsplk at gmx.com
Wed Jul 30 14:12:23 UTC 2014


On 7/29/2014 4:35 PM, Ben Bailess wrote:
> But here are some numbers that I just collected that
> perhaps could be of use to you. This test was done with the latest TBB
> (3.6.3) and Firefox versions on Linux (Fedora), with both JS on and off:
>
> FF (private browsing) / JS disabled = 16 bits (not "unique" - one in 65,487)
> FF (private browsing) / JS enabled = 22 bits ("unique" out of >4M samples)
> FF (normal browsing) / JS disabled = 15.98 bits (not "unique" - one in
> 64,524)
> FF (normal browsing) / JS enabled = 21.07 bits (not "unique" but one in
> 2,193,824 [roughly 2 matching entries in the sample]... so the other data
> point may well have been me...)
> TBB / JS enabled = 12.06 bits (not "unique" - one in 4,260)
> TBB / JS disabled = 9.05 bits (not "unique" - one in 529 are same)
>
Thanks to all for your input.
OK, I slept & revisited Panopticlick fingerprinting results 
https://panopticlick.eff.org.  Silly me - I was looking at the values 
listed for each parameter, then assessing the total entropy for all 
parameters shown.
Yes, if I look at the value they report *in a sentence* above the 
results table, that total is far < than the sum of "bits of identifying 
information" for all browser characteristics measured, as shown in their 
results table.

For those that haven't looked at the site (or anything similar), the 
total entropy that Panopticlick arrives at is far < than the sum of 
individual values.
("The total is less than the sum of its parts" ??)
Like when it says,
"_Currently, we estimate that your browser has a fingerprint that 
conveys *13.72 bits* of identifying information_*,*" but the sum of all 
parameters in that same test is *far* > than 13.72 bits.

Maybe someone more familiar w/ their algorithm to arrive at the grand 
total "*bits of identifying information," *(that they state in a 
sentence, above the results table) can explain why their stated total 
entropy for the browser tested is *so much lower* than the total of all 
parameters shown in the table of test results.

I read their paper, https://panopticlick.eff.org/browser-uniqueness.pdf, 
but missed any explanation of why that is so.
I have an idea why that may be true, but no (generic) mathematical 
explanation.


More information about the tor-talk mailing list