Hi Tor Community!
My name is Pierre and I'm a second year PhD student from France working on browser fingerprinting. I'm really fortunate that my proposal for this year Google Summer of Code has been been selected.
My goal for this summer is to set up a website similar to Panopticlick or AmIUnique that will collect data to improve Tor fingerprinting defenses. The collected data will be used to detect if there are differences between browsers that could ultimately lead to a user's identification. With that knowledge, developers will be able to patch the Tor browser to prevent leak of identifiable information and reinforce the anonymity of Tor users. I also plan to add details on browser fingerprinting for users who are not familiar with the subject so that they may learn about its mechanisms and the potential dangers linked to it. I'll also try to implement a page where Tor users can see how far they are from an "acceptable" fingerprint so that they may tweak their browser in order to have a fingerprint that is shared by many more users.
I'll officially start coding at the end of May but in the mean time, I'll familiarize myself with the Django framework that I plan to use and I'll lock down the exact set of features that I'll include in the very first version of the project. My primary mentor is Georg and my secondary mentors are Gunes and Nicolas. I'll post bi-weekly reports to the tor-dev mailing list and to my blog to inform everyone of my progress.
If you have any questions about the project, don't hesitate to ask me. The name of the project has not been found yet so feel free to send me any suggestions that you may have. You can reach me here or on IRC where my handle is SuperOctopus.
Cheers! Pierre
It's unclear to me how this would be different than standard panopticlick with >50% of the users using TBB. But those not using TBB with had browser statistics like the rest of the web (for example, all of the tor2web traffic).
-V
On Sunday, 24 April 2016, Pierre Laperdrix pierre.laperdrix@irisa.fr wrote:
Hi Tor Community!
My name is Pierre and I'm a second year PhD student from France working on browser fingerprinting. I'm really fortunate that my proposal for this year Google Summer of Code has been been selected.
My goal for this summer is to set up a website similar to Panopticlick or AmIUnique that will collect data to improve Tor fingerprinting defenses. The collected data will be used to detect if there are differences between browsers that could ultimately lead to a user's identification. With that knowledge, developers will be able to patch the Tor browser to prevent leak of identifiable information and reinforce the anonymity of Tor users. I also plan to add details on browser fingerprinting for users who are not familiar with the subject so that they may learn about its mechanisms and the potential dangers linked to it. I'll also try to implement a page where Tor users can see how far they are from an "acceptable" fingerprint so that they may tweak their browser in order to have a fingerprint that is shared by many more users.
I'll officially start coding at the end of May but in the mean time, I'll familiarize myself with the Django framework that I plan to use and I'll lock down the exact set of features that I'll include in the very first version of the project. My primary mentor is Georg and my secondary mentors are Gunes and Nicolas. I'll post bi-weekly reports to the tor-dev mailing list and to my blog to inform everyone of my progress.
If you have any questions about the project, don't hesitate to ask me. The name of the project has not been found yet so feel free to send me any suggestions that you may have. You can reach me here or on IRC where my handle is SuperOctopus.
Cheers! Pierre
On Sun, 2016-04-24 at 19:01 +0800, Virgil Griffith wrote:
It's unclear to me how this would be different than standard panopticlick with >50% of the users using TBB.
Hi,
I'm looking for data on the browser distribution (and also OS distribution) of the Tor-network users. You seem to have an answer. Where did you find the >50% TBB data?
I failed to find any data, so your help will be much appreciated!
Lol. Sure I can help with that.
I can give you the browser distribution of onion.link users. About 30% use TBB. The rest of the stats look like the regular web. Little biased to more modern versions of web browsers. If you really need the stats can help you with that.
-V
On Sunday, 24 April 2016, Rob van der Hoeven robvanderhoeven@ziggo.nl wrote:
On Sun, 2016-04-24 at 19:01 +0800, Virgil Griffith wrote:
It's unclear to me how this would be different than standard panopticlick with >50% of the users using TBB.
Hi,
I'm looking for data on the browser distribution (and also OS distribution) of the Tor-network users. You seem to have an answer. Where did you find the >50% TBB data?
I failed to find any data, so your help will be much appreciated!
tor-dev mailing list tor-dev@lists.torproject.org javascript:; https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Sun, 2016-04-24 at 21:02 +0800, Virgil Griffith wrote:
Lol. Sure I can help with that.
I can give you the browser distribution of onion.link users. About 30% use TBB. The rest of the stats look like the regular web. Little biased to more modern versions of web browsers. If you really need the stats can help you with that.
Much appreciated. I'm working on a project for the users that do not use TBB. It's called: Another Virtual Network Environment.
https://hoevenstein.nl/another-virtual-network-environment
The project is now in the alpha-phase and to develop it further into a consumer-grade application it needs funding. My problem is that I need to convince potential funders of the impact of my project. To do so it would be nice to have some user statistics. OS statistics are important to decide if I should develop a Windows version of the program first.
Thanks,
That's a very good question! The website is first and foremost aimed to improve the Tor browser (even though it will open its doors to every browsers after that). This means that, at first, we would only collect fingerprints coming from Tor browsers and not from users redirecting their network traffic through Tor. I plan on having statistics for different versions of the Tor browser so that we can follow evolution or potential regressions. Then, from the developers side, the website will be built in a way that tests can be added and removed really easily. Contrary to Panotpiclick or AmIUnique where the set of collected attributes is fixed, I'll try to make it as easy as possible to add a test to the website with a link to a ticket in the Tor bug tracker and a way to collect statistics for this specific test. I want to emphasize on that point because common attributes like the user-agent or the size of the screen that are collected in browser fingerprints are already covered by the Tor browser. However, when a new fingerprinting technique is discovered or when a new browser API is launched, it is really hard to get an insight into how much identifiable information is in there without running a test and getting concrete data. Finally, from the user side, I want to give the tools to users to understand what each collected attribute is and what to do in case his or her browser fingerprint is far from an acceptable one.
In the end, the main mechanisms are very similar to Panopticlick (collection and statistics) but the set of added features aimed primarily at the Tor browser and the Tor community is what will set this website apart from others. I hope my explanations are clear enough. If you have additional questions, I'll be happy to answer them.
Pierre
On 04/24/2016 01:01 PM, Virgil Griffith wrote:
It's unclear to me how this would be different than standard panopticlick with >50% of the users using TBB. But those not using TBB with had browser statistics like the rest of the web (for example, all of the tor2web traffic).
-V
-
Pierre Laperdrix -
Rob van der Hoeven -
Virgil Griffith